Additional Comments for Sub Team Consideration
Hello again everyone, As you look through the proposed revised summary document (below), you may also wish to consider whether some of the additional comments that were included in Part 4 of the overall WG Public Comment Review Tool might be useful such that additional notes or recommendations can be made, or existing language amended. For your convenience I¹ve extracted ten such comments which, while not sent in as specific responses to the Preliminary Recommendations and Annex E that this Sub Team is analysing, nonetheless seem relevant generally. I attach these ten comments in tabular form to this email, and welcome the Sub Team¹s discussion and comments on whether any of them ought to be considered as well as your thoughts on the summary document. As the Sub Team is due to report back to the full WG next Tuesday, please let me know also if you think a call before then amongst the Sub Team members might be needed. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org From: Mary Wong <mary.wong@icann.org> Date: Monday, August 31, 2015 at 15:46 To: "gnso-ppsai3@icann.org" <gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hello everyone, in an attempt to facilitate further dialogue and, hopefully, consensus on a way forward on this issue, I¹ve taken the liberty of amending Kathy¹s document to take into account Holly¹s comments as well as to attempt to place certain comments (e.g. the ICA¹s, EasyDNS¹) more specifically within a particular category. I attach both a redlined and clean copy of this latest updated version (with the clean copy including yellow highlighted portions where the most significant language changes are suggested). I have not yet broken the comments down further into the registrant/provider distinction that Todd noted, but can of course do so if this is viewed as useful.
Please note that this is not a staff position that is being suggested, but merely an attempt to document where the Sub Team¹s discussion seems to be at the moment. I hope this is helpful.
Cheers Mary
Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org
From: <gnso-ppsai3-bounces@icann.org> on behalf of "Williams, Todd" <Todd.Williams@turner.com> Date: Friday, August 28, 2015 at 22:40 To: Kathy Kleiman <kathy@kathykleiman.com>, "gnso-ppsai3@icann.org" <gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Thanks Kathy. I both agree and disagree with what you¹ve said below.
I strongly agree that ³the key is the quotes that have come out of the comments.² I¹ve said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that ³the key is the quotes² is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say not on what we want them to say. That¹s why I felt so strongly that ³verifiable evidence² should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached).
And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the ³court order² comments into one monolithic group. I¹ve given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the ³court order² comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that ³Everyone deserves the right to privacy² and that ³No one¹s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.² And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it.
But note that the registrar/provider comments in the ³court order² group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word ³require² in the Blacknight comment. See also the Key Systems comment: ³Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider.² And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others):
· Blacknight: https://www.blacknight.com/acceptable-usage.html.
· Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm.
· EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy.
· 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static.
· Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service.
· DomainIt, Inc.: https://www.domainit.com/terms.html.
· Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement.
So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant¹s privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) that such an accreditation requirement would have such a ³severe impact² on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I¹m an individual registrant concerned about my privacy and due process, then I could care less about the ³economic realities² of providers.
My point is only that we can¹t gloss over that important distinction (and others) by lumping all of the ³court order² comments together as if they were coming from the same place and advocating for the same thing. They¹re not.
From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com>; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently.
What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week.
Best, Kathy :
Thanks Kathy.
· When you say that ³in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one² what are you basing that on? Can you point to any transcripts or emails? I certainly don¹t remember being part of those discussions.
· Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for ³some exceptions for cases of abuse² is another important distinction that the broader WG ought to know about. I¹m fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate.
· I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true (³not indisputably wronged parties²), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don¹t think that you or I should necessarily be the ones to decide this argument. Why can¹t we just say that we weren¹t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration.
· I think you¹re missing my point on Blacknight. My point is that the key word is ³require.² As I mentioned below, nothing in Annex E ³requires² Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don¹t see anything in their comment that is inconsistent with Annex E.
· On the APC comment: I don¹t disagree with you that the comment has important value for the WG. But that¹s not the same thing as saying that it advocates for disclosure only following a court order. It doesn¹t.
From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com> <mailto:Todd.Williams@turner.com> ; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data?
With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating.
So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2.
The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know.
Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here.
Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand.
As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it!
Best, Kathy :
Thanks Kathy. One minor formatting suggestion:
I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we¹ve added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move:
· The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3.
· The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.
Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren¹t in our initial summary and don¹t specifically mention Annex E. My thoughts on each:
· Here¹s the full ISPCPC quote, from a section titled ³Regarding LEA definitions & differentiations²: ³While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.² To be honest, I¹m not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I¹m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of ³an independent adjudicator should determine the merits of their claim²?
· I also don¹t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that ³any policy that would require us to divulge our client¹s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.² But Annex E as currently drafted doesn¹t require Blacknight to divulge its client¹s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse.
· I don¹t understand why we¹d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.p df), which we analyze in the previous section that supports the premise of Annex E.
From:gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.
I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."
Best, Kathy
:
Hi, all!
In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I¹ve done. I hope you find that I present a clear and accurate overview.
I also made some minor revisions to Section V (³Comments that did not fit neatly into any of the above categories²) that I realized after submitting my original draft of that section made a bit more sense. Again, I¹ve redlined the changes so you can easily see what changed.
Please let me know if there are any questions.
Thanks,
Darcy
_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3
All: As promised on our call, attached is a redline of the Draft Disclosure Framework, with annotations noting the source of each proposed change. Several notes as you review: * I know that we've debated whether "verifiable evidence" means more than what is currently in Sections II(A), (B), and (C). You'll see that I've added the exact wording from the savedomainprivacy.org petition - "verifiable evidence of wrongdoing" - to those sections. I think that is a good fit, as of right now. But for Sara, Kathy, and the others on our sub-team who have argued that "verifiable evidence" means something higher - let us know how you would further edit Sections II(A), (B), and (C) to meet whatever "higher" standard you have in mind. * You'll note that I briefly added a reference to the comment from Com Laude (which I think we had omitted from our summary). And that I did not reference the comment from Aaron Myers (which we've referenced in our summary, but which doesn't really offer any edits to the Disclosure Framework). Otherwise I think I've covered everything that we reviewed in terms of edits to the Disclosure Framework - though let me know if anybody sees anything I've missed. * Just to be clear for the record: the attached is a revised Disclosure Framework that illustrates and attempts to account for all of the proposed edits that we received from the public comments, for the larger Working Group's reference. But it is not how I would have edited the Disclosure Framework. In fact, I'll reserve the right to argue against some of these proposed edits, once we get into the larger WG discussion. Just wanted to make that clear so that nobody thinks these edits are mine (since I'm the one who drafted the document). Thanks. Todd. From: gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Mary Wong Sent: Wednesday, September 02, 2015 6:59 AM To: gnso-ppsai3@icann.org Subject: [Gnso-ppsai3] Additional Comments for Sub Team Consideration Hello again everyone, As you look through the proposed revised summary document (below), you may also wish to consider whether some of the additional comments that were included in Part 4 of the overall WG Public Comment Review Tool might be useful such that additional notes or recommendations can be made, or existing language amended. For your convenience I've extracted ten such comments which, while not sent in as specific responses to the Preliminary Recommendations and Annex E that this Sub Team is analysing, nonetheless seem relevant generally. I attach these ten comments in tabular form to this email, and welcome the Sub Team's discussion and comments on whether any of them ought to be considered as well as your thoughts on the summary document. As the Sub Team is due to report back to the full WG next Tuesday, please let me know also if you think a call before then amongst the Sub Team members might be needed. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>> Date: Monday, August 31, 2015 at 15:46 To: "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hello everyone, in an attempt to facilitate further dialogue and, hopefully, consensus on a way forward on this issue, I've taken the liberty of amending Kathy's document to take into account Holly's comments as well as to attempt to place certain comments (e.g. the ICA's, EasyDNS') more specifically within a particular category. I attach both a redlined and clean copy of this latest updated version (with the clean copy including yellow highlighted portions where the most significant language changes are suggested). I have not yet broken the comments down further into the registrant/provider distinction that Todd noted, but can of course do so if this is viewed as useful. Please note that this is not a staff position that is being suggested, but merely an attempt to document where the Sub Team's discussion seems to be at the moment. I hope this is helpful. Cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: <gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org>> on behalf of "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Friday, August 28, 2015 at 22:40 To: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>>, "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Thanks Kathy. I both agree and disagree with what you've said below. I strongly agree that "the key is the quotes that have come out of the comments." I've said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that "the key is the quotes" is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say - not on what we want them to say. That's why I felt so strongly that "verifiable evidence" should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached). And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the "court order" comments into one monolithic group. I've given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the "court order" comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that "Everyone deserves the right to privacy" and that "No one's personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency." And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it. But note that the registrar/provider comments in the "court order" group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word "require" in the Blacknight comment. See also the Key Systems comment: "Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider." And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others): * Blacknight: https://www.blacknight.com/acceptable-usage.html. * Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm. * EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy. * 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static. * Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service. * DomainIt, Inc.: https://www.domainit.com/terms.html. * Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement. So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant's privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted - both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) - that such an accreditation requirement would have such a "severe impact" on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I'm an individual registrant concerned about my privacy and due process, then I could care less about the "economic realities" of providers. My point is only that we can't gloss over that important distinction (and others) by lumping all of the "court order" comments together as if they were coming from the same place and advocating for the same thing. They're not. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently. What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week. Best, Kathy : Thanks Kathy. * When you say that "in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one" - what are you basing that on? Can you point to any transcripts or emails? I certainly don't remember being part of those discussions. * Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for "some exceptions for cases of abuse" is another important distinction that the broader WG ought to know about. I'm fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate. * I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true ("not indisputably wronged parties"), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don't think that you or I should necessarily be the ones to decide this argument. Why can't we just say that we weren't quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration. * I think you're missing my point on Blacknight. My point is that the key word is "require." As I mentioned below, nothing in Annex E "requires" Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don't see anything in their comment that is inconsistent with Annex E. * On the APC comment: I don't disagree with you that the comment has important value for the WG. But that's not the same thing as saying that it advocates for disclosure only following a court order. It doesn't. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com><mailto:Todd.Williams@turner.com>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data? With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating. So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2. The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know. Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here. Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand. As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it! Best, Kathy : Thanks Kathy. One minor formatting suggestion: I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we've added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move: * The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3. * The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4. Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren't in our initial summary and don't specifically mention Annex E. My thoughts on each: * Here's the full ISPCPC quote, from a section titled "Regarding LEA definitions & differentiations": "While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims." To be honest, I'm not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I'm not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of "an independent adjudicator should determine the merits of their claim"? * I also don't understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that "any policy that would require us to divulge our client's information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law." But Annex E as currently drafted doesn't require Blacknight to divulge its client's information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse. * I don't understand why we'd include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd...), which we analyze in the previous section that supports the premise of Annex E. From:gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org> [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies. I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes." Best, Kathy : Hi, all! In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I've done. I hope you find that I present a clear and accurate overview. I also made some minor revisions to Section V ("Comments that did not fit neatly into any of the above categories") that I realized after submitting my original draft of that section made a bit more sense. Again, I've redlined the changes so you can easily see what changed. Please let me know if there are any questions. Thanks, Darcy _______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org<mailto:Gnso-ppsai3@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai3
Thanks so much for this, Todd! Everyone I¹ve now added the updated draft summary document that I circulated on 31 August as well as Todd¹s draft for a revised Annex E framework to the Sub Team wiki page: https://community.icann.org/x/04ZCAw. My suggestion would be that the Sub Team agree to circulate these documents especially the draft revised Annex E framework to the WG as soon as possible, as the WG discussion on Annex E this coming Tuesday would really benefit from the WG having the chance to review the documents (again, especially the draft revised Annex E framework) in advance of the call. As such, please comment on one or both documents if you can; should it not be possible to reach a Sub Team consensus on the substance of both by the end of this week, it may be that we can send the documents ³as is², with a note to the WG that these have not yet been fully agreed on within the Sub Team. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org From: "Williams, Todd" <Todd.Williams@turner.com> Date: Thursday, September 3, 2015 at 05:58 To: Mary Wong <mary.wong@icann.org>, "gnso-ppsai3@icann.org" <gnso-ppsai3@icann.org> Subject: RE: Additional Comments for Sub Team Consideration
All:
As promised on our call, attached is a redline of the Draft Disclosure Framework, with annotations noting the source of each proposed change. Several notes as you review:
· I know that we¹ve debated whether ³verifiable evidence² means more than what is currently in Sections II(A), (B), and (C). You¹ll see that I¹ve added the exact wording from the savedomainprivacy.org petition ³verifiable evidence of wrongdoing² to those sections. I think that is a good fit, as of right now. But for Sara, Kathy, and the others on our sub-team who have argued that ³verifiable evidence² means something higher let us know how you would further edit Sections II(A), (B), and (C) to meet whatever ³higher² standard you have in mind.
· You¹ll note that I briefly added a reference to the comment from Com Laude (which I think we had omitted from our summary). And that I did not reference the comment from Aaron Myers (which we¹ve referenced in our summary, but which doesn¹t really offer any edits to the Disclosure Framework). Otherwise I think I¹ve covered everything that we reviewed in terms of edits to the Disclosure Framework though let me know if anybody sees anything I¹ve missed.
· Just to be clear for the record: the attached is a revised Disclosure Framework that illustrates and attempts to account for all of the proposed edits that we received from the public comments, for the larger Working Group¹s reference. But it is not how I would have edited the Disclosure Framework. In fact, I¹ll reserve the right to argue against some of these proposed edits, once we get into the larger WG discussion. Just wanted to make that clear so that nobody thinks these edits are mine (since I¹m the one who drafted the document).
Thanks.
Todd.
From: gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Mary Wong Sent: Wednesday, September 02, 2015 6:59 AM To: gnso-ppsai3@icann.org Subject: [Gnso-ppsai3] Additional Comments for Sub Team Consideration
Hello again everyone,
As you look through the proposed revised summary document (below), you may also wish to consider whether some of the additional comments that were included in Part 4 of the overall WG Public Comment Review Tool might be useful such that additional notes or recommendations can be made, or existing language amended. For your convenience I¹ve extracted ten such comments which, while not sent in as specific responses to the Preliminary Recommendations and Annex E that this Sub Team is analysing, nonetheless seem relevant generally.
I attach these ten comments in tabular form to this email, and welcome the Sub Team¹s discussion and comments on whether any of them ought to be considered as well as your thoughts on the summary document.
As the Sub Team is due to report back to the full WG next Tuesday, please let me know also if you think a call before then amongst the Sub Team members might be needed.
Thanks and cheers
Mary
Mary Wong
Senior Policy Director
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Email: mary.wong@icann.org
From: Mary Wong <mary.wong@icann.org> Date: Monday, August 31, 2015 at 15:46 To: "gnso-ppsai3@icann.org" <gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hello everyone, in an attempt to facilitate further dialogue and, hopefully, consensus on a way forward on this issue, I¹ve taken the liberty of amending Kathy¹s document to take into account Holly¹s comments as well as to attempt to place certain comments (e.g. the ICA¹s, EasyDNS¹) more specifically within a particular category. I attach both a redlined and clean copy of this latest updated version (with the clean copy including yellow highlighted portions where the most significant language changes are suggested). I have not yet broken the comments down further into the registrant/provider distinction that Todd noted, but can of course do so if this is viewed as useful.
Please note that this is not a staff position that is being suggested, but merely an attempt to document where the Sub Team¹s discussion seems to be at the moment. I hope this is helpful.
Cheers
Mary
Mary Wong
Senior Policy Director
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Email: mary.wong@icann.org
From: <gnso-ppsai3-bounces@icann.org> on behalf of "Williams, Todd" <Todd.Williams@turner.com> Date: Friday, August 28, 2015 at 22:40 To: Kathy Kleiman <kathy@kathykleiman.com>, "gnso-ppsai3@icann.org" <gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Thanks Kathy. I both agree and disagree with what you¹ve said below.
I strongly agree that ³the key is the quotes that have come out of the comments.² I¹ve said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that ³the key is the quotes² is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say not on what we want them to say. That¹s why I felt so strongly that ³verifiable evidence² should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached).
And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the ³court order² comments into one monolithic group. I¹ve given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the ³court order² comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that ³Everyone deserves the right to privacy² and that ³No one¹s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.² And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it.
But note that the registrar/provider comments in the ³court order² group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word ³require² in the Blacknight comment. See also the Key Systems comment: ³Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider.² And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others):
· Blacknight: https://www.blacknight.com/acceptable-usage.html.
· Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm.
· EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy.
· 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static.
· Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service.
· DomainIt, Inc.: https://www.domainit.com/terms.html.
· Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement.
So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant¹s privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) that such an accreditation requirement would have such a ³severe impact² on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I¹m an individual registrant concerned about my privacy and due process, then I could care less about the ³economic realities² of providers.
My point is only that we can¹t gloss over that important distinction (and others) by lumping all of the ³court order² comments together as if they were coming from the same place and advocating for the same thing. They¹re not.
From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com>; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently.
What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week.
Best, Kathy :
Thanks Kathy.
· When you say that ³in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one² what are you basing that on? Can you point to any transcripts or emails? I certainly don¹t remember being part of those discussions.
· Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for ³some exceptions for cases of abuse² is another important distinction that the broader WG ought to know about. I¹m fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate.
· I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true (³not indisputably wronged parties²), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don¹t think that you or I should necessarily be the ones to decide this argument. Why can¹t we just say that we weren¹t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration.
· I think you¹re missing my point on Blacknight. My point is that the key word is ³require.² As I mentioned below, nothing in Annex E ³requires² Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don¹t see anything in their comment that is inconsistent with Annex E.
· On the APC comment: I don¹t disagree with you that the comment has important value for the WG. But that¹s not the same thing as saying that it advocates for disclosure only following a court order. It doesn¹t.
From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com> <mailto:Todd.Williams@turner.com> ; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data?
With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating.
So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2.
The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know.
Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here.
Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand.
As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it!
Best, Kathy :
Thanks Kathy. One minor formatting suggestion:
I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we¹ve added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move:
· The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3.
· The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.
Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren¹t in our initial summary and don¹t specifically mention Annex E. My thoughts on each:
· Here¹s the full ISPCPC quote, from a section titled ³Regarding LEA definitions & differentiations²: ³While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.² To be honest, I¹m not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I¹m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of ³an independent adjudicator should determine the merits of their claim²?
· I also don¹t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that ³any policy that would require us to divulge our client¹s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.² But Annex E as currently drafted doesn¹t require Blacknight to divulge its client¹s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse.
· I don¹t understand why we¹d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9. pdf), which we analyze in the previous section that supports the premise of Annex E.
From:gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.
I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."
Best, Kathy
:
Hi, all!
In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I¹ve done. I hope you find that I present a clear and accurate overview.
I also made some minor revisions to Section V (³Comments that did not fit neatly into any of the above categories²) that I realized after submitting my original draft of that section made a bit more sense. Again, I¹ve redlined the changes so you can easily see what changed.
Please let me know if there are any questions.
Thanks,
Darcy
_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3
Thanks Mary. I know that Sara mentioned having some changes to the revised Disclosure Framework, but with the holiday weekend here in the US I think the next time that we as a subgroup will have a chance to review and discuss will actually be Tuesday morning on the call (I know I'll be out of pocket until then anyway). So I say we put what we've got (plus whatever additions Sara may submit) to the larger WG, but with the clear caveat that these are all works in progress and that none of these represent sub-team consensus. Nor do I think it's really all that important that we reach sub-team consensus, since all we're doing is teeing this up for the larger WG discussion. In that sense, I actually think that having clear points of disagreement ("some said A while others said B") is helpful, because it helps the WG pinpoint the issues and outlines the arguments. From: gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Mary Wong Sent: Thursday, September 03, 2015 12:06 AM To: gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Additional Comments for Sub Team Consideration Thanks so much for this, Todd! Everyone - I've now added the updated draft summary document that I circulated on 31 August as well as Todd's draft for a revised Annex E framework to the Sub Team wiki page: https://community.icann.org/x/04ZCAw. My suggestion would be that the Sub Team agree to circulate these documents - especially the draft revised Annex E framework - to the WG as soon as possible, as the WG discussion on Annex E this coming Tuesday would really benefit from the WG having the chance to review the documents (again, especially the draft revised Annex E framework) in advance of the call. As such, please comment on one or both documents if you can; should it not be possible to reach a Sub Team consensus on the substance of both by the end of this week, it may be that we can send the documents "as is", with a note to the WG that these have not yet been fully agreed on within the Sub Team. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Thursday, September 3, 2015 at 05:58 To: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>>, "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: RE: Additional Comments for Sub Team Consideration All: As promised on our call, attached is a redline of the Draft Disclosure Framework, with annotations noting the source of each proposed change. Several notes as you review: * I know that we've debated whether "verifiable evidence" means more than what is currently in Sections II(A), (B), and (C). You'll see that I've added the exact wording from the savedomainprivacy.org petition - "verifiable evidence of wrongdoing" - to those sections. I think that is a good fit, as of right now. But for Sara, Kathy, and the others on our sub-team who have argued that "verifiable evidence" means something higher - let us know how you would further edit Sections II(A), (B), and (C) to meet whatever "higher" standard you have in mind. * You'll note that I briefly added a reference to the comment from Com Laude (which I think we had omitted from our summary). And that I did not reference the comment from Aaron Myers (which we've referenced in our summary, but which doesn't really offer any edits to the Disclosure Framework). Otherwise I think I've covered everything that we reviewed in terms of edits to the Disclosure Framework - though let me know if anybody sees anything I've missed. * Just to be clear for the record: the attached is a revised Disclosure Framework that illustrates and attempts to account for all of the proposed edits that we received from the public comments, for the larger Working Group's reference. But it is not how I would have edited the Disclosure Framework. In fact, I'll reserve the right to argue against some of these proposed edits, once we get into the larger WG discussion. Just wanted to make that clear so that nobody thinks these edits are mine (since I'm the one who drafted the document). Thanks. Todd. From: gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org> [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Mary Wong Sent: Wednesday, September 02, 2015 6:59 AM To: gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: [Gnso-ppsai3] Additional Comments for Sub Team Consideration Hello again everyone, As you look through the proposed revised summary document (below), you may also wish to consider whether some of the additional comments that were included in Part 4 of the overall WG Public Comment Review Tool might be useful such that additional notes or recommendations can be made, or existing language amended. For your convenience I've extracted ten such comments which, while not sent in as specific responses to the Preliminary Recommendations and Annex E that this Sub Team is analysing, nonetheless seem relevant generally. I attach these ten comments in tabular form to this email, and welcome the Sub Team's discussion and comments on whether any of them ought to be considered as well as your thoughts on the summary document. As the Sub Team is due to report back to the full WG next Tuesday, please let me know also if you think a call before then amongst the Sub Team members might be needed. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>> Date: Monday, August 31, 2015 at 15:46 To: "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hello everyone, in an attempt to facilitate further dialogue and, hopefully, consensus on a way forward on this issue, I've taken the liberty of amending Kathy's document to take into account Holly's comments as well as to attempt to place certain comments (e.g. the ICA's, EasyDNS') more specifically within a particular category. I attach both a redlined and clean copy of this latest updated version (with the clean copy including yellow highlighted portions where the most significant language changes are suggested). I have not yet broken the comments down further into the registrant/provider distinction that Todd noted, but can of course do so if this is viewed as useful. Please note that this is not a staff position that is being suggested, but merely an attempt to document where the Sub Team's discussion seems to be at the moment. I hope this is helpful. Cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: <gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org>> on behalf of "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Friday, August 28, 2015 at 22:40 To: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>>, "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Thanks Kathy. I both agree and disagree with what you've said below. I strongly agree that "the key is the quotes that have come out of the comments." I've said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that "the key is the quotes" is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say - not on what we want them to say. That's why I felt so strongly that "verifiable evidence" should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached). And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the "court order" comments into one monolithic group. I've given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the "court order" comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that "Everyone deserves the right to privacy" and that "No one's personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency." And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it. But note that the registrar/provider comments in the "court order" group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word "require" in the Blacknight comment. See also the Key Systems comment: "Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider." And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others): * Blacknight: https://www.blacknight.com/acceptable-usage.html. * Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm. * EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy. * 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static. * Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service. * DomainIt, Inc.: https://www.domainit.com/terms.html. * Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement. So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant's privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted - both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) - that such an accreditation requirement would have such a "severe impact" on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I'm an individual registrant concerned about my privacy and due process, then I could care less about the "economic realities" of providers. My point is only that we can't gloss over that important distinction (and others) by lumping all of the "court order" comments together as if they were coming from the same place and advocating for the same thing. They're not. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently. What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week. Best, Kathy : Thanks Kathy. * When you say that "in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one" - what are you basing that on? Can you point to any transcripts or emails? I certainly don't remember being part of those discussions. * Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for "some exceptions for cases of abuse" is another important distinction that the broader WG ought to know about. I'm fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate. * I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true ("not indisputably wronged parties"), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don't think that you or I should necessarily be the ones to decide this argument. Why can't we just say that we weren't quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration. * I think you're missing my point on Blacknight. My point is that the key word is "require." As I mentioned below, nothing in Annex E "requires" Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don't see anything in their comment that is inconsistent with Annex E. * On the APC comment: I don't disagree with you that the comment has important value for the WG. But that's not the same thing as saying that it advocates for disclosure only following a court order. It doesn't. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com><mailto:Todd.Williams@turner.com>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data? With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating. So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2. The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know. Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here. Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand. As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it! Best, Kathy : Thanks Kathy. One minor formatting suggestion: I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we've added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move: * The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3. * The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4. Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren't in our initial summary and don't specifically mention Annex E. My thoughts on each: * Here's the full ISPCPC quote, from a section titled "Regarding LEA definitions & differentiations": "While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims." To be honest, I'm not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I'm not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of "an independent adjudicator should determine the merits of their claim"? * I also don't understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that "any policy that would require us to divulge our client's information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law." But Annex E as currently drafted doesn't require Blacknight to divulge its client's information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse. * I don't understand why we'd include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd...), which we analyze in the previous section that supports the premise of Annex E. From:gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org> [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies. I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes." Best, Kathy : Hi, all! In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I've done. I hope you find that I present a clear and accurate overview. I also made some minor revisions to Section V ("Comments that did not fit neatly into any of the above categories") that I realized after submitting my original draft of that section made a bit more sense. Again, I've redlined the changes so you can easily see what changed. Please let me know if there are any questions. Thanks, Darcy _______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org<mailto:Gnso-ppsai3@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai3
Hello everyone - as noted below, it would be helpful to give the WG time to review the work we've done so far as much in advance of the Tuesday call as possible. As such I propose that the latest documents be circulated today with the caveat that the sub team has yet to formally agree on the language. Thank you. Cheers Mary Sent from my iPhone On Sep 3, 2015, at 12:06, Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>> wrote: Thanks so much for this, Todd! Everyone – I’ve now added the updated draft summary document that I circulated on 31 August as well as Todd’s draft for a revised Annex E framework to the Sub Team wiki page: https://community.icann.org/x/04ZCAw. My suggestion would be that the Sub Team agree to circulate these documents – especially the draft revised Annex E framework – to the WG as soon as possible, as the WG discussion on Annex E this coming Tuesday would really benefit from the WG having the chance to review the documents (again, especially the draft revised Annex E framework) in advance of the call. As such, please comment on one or both documents if you can; should it not be possible to reach a Sub Team consensus on the substance of both by the end of this week, it may be that we can send the documents “as is”, with a note to the WG that these have not yet been fully agreed on within the Sub Team. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Thursday, September 3, 2015 at 05:58 To: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>>, "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: RE: Additional Comments for Sub Team Consideration All: As promised on our call, attached is a redline of the Draft Disclosure Framework, with annotations noting the source of each proposed change. Several notes as you review: · I know that we’ve debated whether “verifiable evidence” means more than what is currently in Sections II(A), (B), and (C). You’ll see that I’ve added the exact wording from the savedomainprivacy.org<http://savedomainprivacy.org> petition – “verifiable evidence of wrongdoing” – to those sections. I think that is a good fit, as of right now. But for Sara, Kathy, and the others on our sub-team who have argued that “verifiable evidence” means something higher – let us know how you would further edit Sections II(A), (B), and (C) to meet whatever “higher” standard you have in mind. · You’ll note that I briefly added a reference to the comment from Com Laude (which I think we had omitted from our summary). And that I did not reference the comment from Aaron Myers (which we’ve referenced in our summary, but which doesn’t really offer any edits to the Disclosure Framework). Otherwise I think I’ve covered everything that we reviewed in terms of edits to the Disclosure Framework – though let me know if anybody sees anything I’ve missed. · Just to be clear for the record: the attached is a revised Disclosure Framework that illustrates and attempts to account for all of the proposed edits that we received from the public comments, for the larger Working Group’s reference. But it is not how I would have edited the Disclosure Framework. In fact, I’ll reserve the right to argue against some of these proposed edits, once we get into the larger WG discussion. Just wanted to make that clear so that nobody thinks these edits are mine (since I’m the one who drafted the document). Thanks. Todd. From: gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org> [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Mary Wong Sent: Wednesday, September 02, 2015 6:59 AM To: gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: [Gnso-ppsai3] Additional Comments for Sub Team Consideration Hello again everyone, As you look through the proposed revised summary document (below), you may also wish to consider whether some of the additional comments that were included in Part 4 of the overall WG Public Comment Review Tool might be useful such that additional notes or recommendations can be made, or existing language amended. For your convenience I’ve extracted ten such comments which, while not sent in as specific responses to the Preliminary Recommendations and Annex E that this Sub Team is analysing, nonetheless seem relevant generally. I attach these ten comments in tabular form to this email, and welcome the Sub Team’s discussion and comments on whether any of them ought to be considered as well as your thoughts on the summary document. As the Sub Team is due to report back to the full WG next Tuesday, please let me know also if you think a call before then amongst the Sub Team members might be needed. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>> Date: Monday, August 31, 2015 at 15:46 To: "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hello everyone, in an attempt to facilitate further dialogue and, hopefully, consensus on a way forward on this issue, I’ve taken the liberty of amending Kathy’s document to take into account Holly’s comments as well as to attempt to place certain comments (e.g. the ICA’s, EasyDNS’) more specifically within a particular category. I attach both a redlined and clean copy of this latest updated version (with the clean copy including yellow highlighted portions where the most significant language changes are suggested). I have not yet broken the comments down further into the registrant/provider distinction that Todd noted, but can of course do so if this is viewed as useful. Please note that this is not a staff position that is being suggested, but merely an attempt to document where the Sub Team’s discussion seems to be at the moment. I hope this is helpful. Cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: <gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org>> on behalf of "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Friday, August 28, 2015 at 22:40 To: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>>, "gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>" <gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org>> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Thanks Kathy. I both agree and disagree with what you’ve said below. I strongly agree that “the key is the quotes that have come out of the comments.” I’ve said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that “the key is the quotes” is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say – not on what we want them to say. That’s why I felt so strongly that “verifiable evidence” should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached). And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the “court order” comments into one monolithic group. I’ve given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the “court order” comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that “Everyone deserves the right to privacy” and that “No one’s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.” And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it. But note that the registrar/provider comments in the “court order” group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word “require” in the Blacknight comment. See also the Key Systems comment: “Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider.” And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others): · Blacknight: https://www.blacknight.com/acceptable-usage.html. · Whoisprivacy.com<http://Whoisprivacy.com>, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm. · EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy. · 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static. · Domain.com<http://Domain.com>, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service. · DomainIt, Inc.: https://www.domainit.com/terms.html. · Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement. So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant’s privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted – both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) – that such an accreditation requirement would have such a “severe impact” on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I’m an individual registrant concerned about my privacy and due process, then I could care less about the “economic realities” of providers. My point is only that we can’t gloss over that important distinction (and others) by lumping all of the “court order” comments together as if they were coming from the same place and advocating for the same thing. They’re not. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently. What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week. Best, Kathy : Thanks Kathy. · When you say that “in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one” – what are you basing that on? Can you point to any transcripts or emails? I certainly don’t remember being part of those discussions. · Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for “some exceptions for cases of abuse” is another important distinction that the broader WG ought to know about. I’m fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate. · I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true (“not indisputably wronged parties”), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don’t think that you or I should necessarily be the ones to decide this argument. Why can’t we just say that we weren’t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration. · I think you’re missing my point on Blacknight. My point is that the key word is “require.” As I mentioned below, nothing in Annex E “requires” Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don’t see anything in their comment that is inconsistent with Annex E. · On the APC comment: I don’t disagree with you that the comment has important value for the WG. But that’s not the same thing as saying that it advocates for disclosure only following a court order. It doesn’t. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com><mailto:Todd.Williams@turner.com>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data? With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating. So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2. The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know. Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here. Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand. As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it! Best, Kathy : Thanks Kathy. One minor formatting suggestion: I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we’ve added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move: · The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3. · The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4. Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren’t in our initial summary and don’t specifically mention Annex E. My thoughts on each: · Here’s the full ISPCPC quote, from a section titled “Regarding LEA definitions & differentiations”: “While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.” To be honest, I’m not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I’m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of “an independent adjudicator should determine the merits of their claim”? · I also don’t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that “any policy that would require us to divulge our client’s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.” But Annex E as currently drafted doesn’t require Blacknight to divulge its client’s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse. · I don’t understand why we’d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd...), which we analyze in the previous section that supports the premise of Annex E. From:gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org> [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies. I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes." Best, Kathy : Hi, all! In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I’ve done. I hope you find that I present a clear and accurate overview. I also made some minor revisions to Section V (“Comments that did not fit neatly into any of the above categories”) that I realized after submitting my original draft of that section made a bit more sense. Again, I’ve redlined the changes so you can easily see what changed. Please let me know if there are any questions. Thanks, Darcy _______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org<mailto:Gnso-ppsai3@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai3
participants (2)
-
Mary Wong -
Williams, Todd