Phil, If as you say you cannot assume that all registrars will give dispute providers the data, then how can you just assume that registrars will not. As I said I am caucusing with the registrars now to get the group some data. Rather than crying wolf and sending a letter directly over the heads of the registrars to the CEO of ICANN, I am just advocating for some direct dialogue with the registrars. Let’s not always assume the worst, but rather talk to one another first. Jeff Neuman

On Apr 26, 2018, at 11:49 PM, Corwin, Philip <pcorwin@verisign.com> wrote:

Jeff:

While it is good that Com Laude will continue to provide registrant data to UDRP dispute providers, we cannot assume that every other registrar and registry will make the same decision in regard to GDPR compliance. We don't want to see this issue fall through the cracks, and Kathy and I wanted to follow through on the pledge we made to made in our email of April 6th - and now we have.

Further, as the impact of GDPR has been cited as one rationale for postponing URS decisions to Phase II of our work, and as we will be discussing that proposal on the next WG call, it seemed useful to ask staff to aggregate all the relevant UDRP and URS document sections that reference WHOIS and related matters to have a better informed conversation.

I don't view this as a side issue nor do I share your concern that it will have an adverse effect on our other work. Kathy and I have done the heavy lifting here, and staff prepared material that is useful in another context. This can be readily and quickly resolved on the email list and members can suggest edits, and also opine on whether they think the letter should be transmitted. There's no reason this matter can't be resolved before our next call.

Meanwhile, we have made rapid progress on URS matters through judicious use of sub-teams, and are in position to send out compressive questions next week to practitioners and providers, and to receive their responses in time to have well-informed discussions just prior to and in Panama -- all prior to receipt of answers to the survey questions on TMCH, Trademark Claims, and Sunrise which are expected back in July. We are operating efficiently and are on schedule.

I hope that addresses your concern.

Philip

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Jeff Neuman [mailto:jeff.neuman@comlaude.com] Sent: Thursday, April 26, 2018 6:25 PM To: Corwin, Philip <pcorwin@verisign.com> Cc: gnso-rpm-wg@icann.org Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II)

Phil,

Has anyone asked the registries/registrars whether they would continue to provide the Dispute Resolution Providers with WHOIS information needed for the implementation of the URS/UDRP. I have not heard any registries or registrars say that they would cease to provide that information? In fact, I have heard the opposite from a number of them (including us - Com Laude). Providing information to dispute providers for the purpose of the implementation of UDRP / URS does fall under a couple of the GDPR exceptions.

It seems to me that we may be spending a lot of time on a letter when registries and registrars would likely provide that information after the filing of an applicable dispute. We should be focusing on getting the work done we have before us rather than delving into these side issues.

I will also being this issue up in the registrars SG to confirm what I have been hearing.

Jeffrey J. Neuman

Senior Vice President |Valideus USA | Com Laude USA

1751 Pinnacle Drive, Suite 600

Mclean, VA 22102, United States

E: jeff.neuman@valideus.com or jeff.neuman@comlaude.com

T: +1.703.635.7514

M: +1.202.549.5079

@Jintlaw

From: gnso-rpm-wg <gnso-rpm-wg-bounces@icann.org> On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 8:58 PM To: gnso-rpm-wg@icann.org Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High

WG members:

Following up on the co-chairs email of April 6th, in which we stated--

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. -

Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS.

Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information.

Thank you and best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II

Dear John:

Thank you for your submission regarding a variety of proposed changes to this Working Group's Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration.

We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work.

We also note that your proposal raises multiple issues, including:

* Amendment of the WG Charter to move the URS review and recommendations to Phase II * Amendment of the WG Charter to define issues that must, may, and may not be addressed * Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review * Adjustment of the WG leadership structure for Phase II * Potential pause in the start of Phase II keyed to GDPR impact understanding

These are all major issues and we encourage WG members to comment on all of them.

Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access.

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management.

Best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II

Dear RPM Working Group:

In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group's charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration.

Kind regards,

John

Proposal to Shift URS from Phase I to Phase II:

1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months.

2. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time:

The "third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program."

3. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group ("RPM Working Group"). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP.

4. The Objective & Goals in the PDP's Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP's Charter were broadly defined:

"In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future."

5. However, the RPM Working Group Charter also contains a lengthy attachment entitled "LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP" This "list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue". This list contains topics that are out of scope when compared with the Objectives and Goals, including:

1. Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window 2. Should monetary damages be awarded? 3. Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? 4. Should injunctive relief be available? 5. Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a "cybersquatter"?

6. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would:

1. Define clearly what success for the proposed working group "should look like". (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS ("Transcript") at p. 5). 2. Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). 3. Have "more defined issues, [be] more bounded, more limited." (Transcript at p. 5). 4. Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). 5. Having a charter drafting team that "that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience." (S. DelBianco reporting on breakout session, Transcript at p. 5).

7. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner.

8. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by:

1. Procedure for UDRP/URS:

1. Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. 2. Possibility that the Language of the URS proceeding cannot be determined.

2. Procedure for URS:

1. Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant's country or territory. 2. Possibility that URS complainants cannot know the language of a possible response. 3. Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly.

3. UDRP Element 2 / URS:

1. Cannot argue that the registrant is not commonly known by the Domain Name at issue. 2. Cannot determine if the registrant has been authorized by the Trademark holder. 3. Cannot determine if the registrant is an authorized reseller of the Trademark holder's product. 4. Cannot determine on what date the domain name was "registered" by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed.

4. UDRP Element 3:

1. Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). 2. Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. 3. Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). 4. Cannot determine if the registrant is technically a "competitor" that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii).

9. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08.... Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time.

Recommendation:

1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment.

2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices.

3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows:

1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known;

2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed;

3. provide clear guidance on the scope of the review of the URS and UDRP.

Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams.

JOHN C. MCELWAINE PARTNER

john.mcelwaine@nelsonmullins.com

LIBERTY CENTER | SUITE 600

151 MEETING STREET | CHARLESTON, SC 29401

T 843.534.4302 F 843.722.8700

101 CONSTITUTION AVENUE, NW | SUITE 900

WASHINGTON, D.C., 20001

T 202.689.2939 F 202.689.2862

NELSONMULLINS.COM VCARD VIEW BIO

Confidentiality Notice

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure.

If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message.

Theo: While there is much of merit in the ECO playbook it will not be the rules of the road as of May 25th. And you seem to be saying that you will need to balance the interests post-enforcement, suggesting that DRP access to registrant data is not fully assured. As for your suggestion that this WG start checking with ccTLDs, that reinforces my view that we should not get into the details of this but rather pass on information to those directly involved with shaping GDPR compliance. Best, Philip Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey -----Original Message----- From: Theo Geurts [mailto:gtheo@xs4all.nl] Sent: Friday, April 27, 2018 4:23 AM To: Jeff Neuman <jeff.neuman@comlaude.com>; Corwin, Philip <pcorwin@verisign.com> Cc: gnso-rpm-wg@icann.org Subject: [EXTERNAL] Re: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) I thought the ECO playbook covered this issue nicely (page 57, 62, 64)? Sure, post-GDPR, I can longer process the requests from dispute providers with my mind set on autopilot as a registrar when it comes to gTLDS (no biggie). So post-GDPR, the scope of the balancing of interests becomes larger, most EU registrars already have experience with this balancing act due to the EU ccTLDS. Maybe the WG wants to check with the ccTLD operators in the EU? http://www.wipo.int/amc/en/domains/statistics/cctlds_yr.jsp?year=2017 I see UDRP's processed here in Europe by WIPO and other providers very often and I think it all works pretty smooth here in this bastion of privacy. Link to the ECO playbook: https://www.eco.de/wp-content/uploads/2018/02/eco-domain-industry-playbook-v... I think it will be business as usual, but perhaps other registrar colleagues have a different opinion? Best, Theo Geurts Registrar in the EU. On 27-4-2018 9:29, Jeff Neuman wrote:

Phil,

If as you say you cannot assume that all registrars will give dispute providers the data, then how can you just assume that registrars will not. As I said I am caucusing with the registrars now to get the group some data.

Rather than crying wolf and sending a letter directly over the heads of the registrars to the CEO of ICANN, I am just advocating for some direct dialogue with the registrars. Let's not always assume the worst, but rather talk to one another first.

Jeff Neuman

...

On Apr 26, 2018, at 11:49 PM, Corwin, Philip <pcorwin@verisign.com> wrote:

Jeff:

While it is good that Com Laude will continue to provide registrant data to UDRP dispute providers, we cannot assume that every other registrar and registry will make the same decision in regard to GDPR compliance. We don't want to see this issue fall through the cracks, and Kathy and I wanted to follow through on the pledge we made to made in our email of April 6th - and now we have.

Further, as the impact of GDPR has been cited as one rationale for postponing URS decisions to Phase II of our work, and as we will be discussing that proposal on the next WG call, it seemed useful to ask staff to aggregate all the relevant UDRP and URS document sections that reference WHOIS and related matters to have a better informed conversation.

I don't view this as a side issue nor do I share your concern that it will have an adverse effect on our other work. Kathy and I have done the heavy lifting here, and staff prepared material that is useful in another context. This can be readily and quickly resolved on the email list and members can suggest edits, and also opine on whether they think the letter should be transmitted. There's no reason this matter can't be resolved before our next call.

Meanwhile, we have made rapid progress on URS matters through judicious use of sub-teams, and are in position to send out compressive questions next week to practitioners and providers, and to receive their responses in time to have well-informed discussions just prior to and in Panama -- all prior to receipt of answers to the survey questions on TMCH, Trademark Claims, and Sunrise which are expected back in July. We are operating efficiently and are on schedule.

I hope that addresses your concern.

Philip

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Jeff Neuman [mailto:jeff.neuman@comlaude.com] Sent: Thursday, April 26, 2018 6:25 PM To: Corwin, Philip <pcorwin@verisign.com> Cc: gnso-rpm-wg@icann.org Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II)

Phil,

Has anyone asked the registries/registrars whether they would continue to provide the Dispute Resolution Providers with WHOIS information needed for the implementation of the URS/UDRP. I have not heard any registries or registrars say that they would cease to provide that information? In fact, I have heard the opposite from a number of them (including us - Com Laude). Providing information to dispute providers for the purpose of the implementation of UDRP / URS does fall under a couple of the GDPR exceptions.

It seems to me that we may be spending a lot of time on a letter when registries and registrars would likely provide that information after the filing of an applicable dispute. We should be focusing on getting the work done we have before us rather than delving into these side issues.

I will also being this issue up in the registrars SG to confirm what I have been hearing.

Jeffrey J. Neuman

Senior Vice President |Valideus USA | Com Laude USA

1751 Pinnacle Drive, Suite 600

Mclean, VA 22102, United States

E: jeff.neuman@valideus.com or jeff.neuman@comlaude.com

T: +1.703.635.7514

M: +1.202.549.5079

@Jintlaw

From: gnso-rpm-wg <gnso-rpm-wg-bounces@icann.org> On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 8:58 PM To: gnso-rpm-wg@icann.org Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High

WG members:

Following up on the co-chairs email of April 6th, in which we stated--

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. -

Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS.

Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information.

Thank you and best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II

Dear John:

Thank you for your submission regarding a variety of proposed changes to this Working Group's Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration.

We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work.

We also note that your proposal raises multiple issues, including:

* Amendment of the WG Charter to move the URS review and recommendations to Phase II * Amendment of the WG Charter to define issues that must, may, and may not be addressed * Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review * Adjustment of the WG leadership structure for Phase II * Potential pause in the start of Phase II keyed to GDPR impact understanding

These are all major issues and we encourage WG members to comment on all of them.

Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access.

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management.

Best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II

Dear RPM Working Group:

In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group's charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration.

Kind regards,

John

Proposal to Shift URS from Phase I to Phase II:

1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months.

2. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time:

The "third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program."

3. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group ("RPM Working Group"). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP.

4. The Objective & Goals in the PDP's Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP's Charter were broadly defined:

"In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future."

5. However, the RPM Working Group Charter also contains a lengthy attachment entitled "LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP" This "list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue". This list contains topics that are out of scope when compared with the Objectives and Goals, including:

1. Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window 2. Should monetary damages be awarded? 3. Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? 4. Should injunctive relief be available? 5. Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a "cybersquatter"?

6. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would:

1. Define clearly what success for the proposed working group "should look like". (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS ("Transcript") at p. 5). 2. Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). 3. Have "more defined issues, [be] more bounded, more limited." (Transcript at p. 5). 4. Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). 5. Having a charter drafting team that "that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience." (S. DelBianco reporting on breakout session, Transcript at p. 5).

7. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner.

8. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by:

1. Procedure for UDRP/URS:

1. Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. 2. Possibility that the Language of the URS proceeding cannot be determined.

2. Procedure for URS:

1. Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant's country or territory. 2. Possibility that URS complainants cannot know the language of a possible response. 3. Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly.

3. UDRP Element 2 / URS:

1. Cannot argue that the registrant is not commonly known by the Domain Name at issue. 2. Cannot determine if the registrant has been authorized by the Trademark holder. 3. Cannot determine if the registrant is an authorized reseller of the Trademark holder's product. 4. Cannot determine on what date the domain name was "registered" by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed.

4. UDRP Element 3:

1. Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). 2. Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. 3. Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). 4. Cannot determine if the registrant is technically a "competitor" that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii).

9. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08.... Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time.

Recommendation:

1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment.

2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices.

3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows:

1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known;

2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed;

3. provide clear guidance on the scope of the review of the URS and UDRP.

Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams.

JOHN C. MCELWAINE PARTNER

john.mcelwaine@nelsonmullins.com

LIBERTY CENTER | SUITE 600

151 MEETING STREET | CHARLESTON, SC 29401

T 843.534.4302 F 843.722.8700

101 CONSTITUTION AVENUE, NW | SUITE 900

WASHINGTON, D.C., 20001

T 202.689.2939 F 202.689.2862

NELSONMULLINS.COM VCARD VIEW BIO

Confidentiality Notice

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure.

If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message.

_______________________________________________ gnso-rpm-wg mailing list gnso-rpm-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rpm-wg

Jeff: Several members of this WG have suggested that the impact of GDPR upon DRP administration is a significant factor to consider in regard to possible deferral of URS policy decisions to Phase II of our work. Are they crying wolf? The draft letter presumes nothing other than that decisions are being made in the next few weeks by ICANN, and by individual registrars and registries, that will impact access to WHOIS data by various parties. The fact that something is addressed in ICANN's Cookbook will not be determinative of what actually occurs on or after May 25th. You may or may not be correct that registrars will continue making registrant data available to UDRP providers. That of course has no bearing on URS, where registries are the operative party. In any case, it is not in this WG's remit to start making inquiries to SGs regarding general GDPR matters, and the purpose of the letter is to upstream some information to Council, and through it to ICANN management and DPAs, on this important subject. I am puzzled that your first communication expressed concern that we would spend unnecessary time on this subject, yet this new email suggests that we start engaging in dialogue with registrars (and, by analogy, registries regarding URS), which could in fact create a significant diversion from our primary work. The draft letter, by contrast, seeks to convey information to parties directly involved in considering GDPR compliance to assure that continued access to registrant data by DRP administrators does not fall through the cracks. Kathy and I would be interested in learning whether other members of this WG share your concerns, as well as any comments on the substance of the letter. Philip Philip Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey -----Original Message----- From: Jeff Neuman [mailto:jeff.neuman@comlaude.com] Sent: Friday, April 27, 2018 3:29 AM To: Corwin, Philip <pcorwin@verisign.com> Cc: gnso-rpm-wg@icann.org Subject: [EXTERNAL] Re: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Phil, If as you say you cannot assume that all registrars will give dispute providers the data, then how can you just assume that registrars will not. As I said I am caucusing with the registrars now to get the group some data. Rather than crying wolf and sending a letter directly over the heads of the registrars to the CEO of ICANN, I am just advocating for some direct dialogue with the registrars. Let's not always assume the worst, but rather talk to one another first. Jeff Neuman

On Apr 26, 2018, at 11:49 PM, Corwin, Philip <pcorwin@verisign.com> wrote:

Jeff:

While it is good that Com Laude will continue to provide registrant data to UDRP dispute providers, we cannot assume that every other registrar and registry will make the same decision in regard to GDPR compliance. We don't want to see this issue fall through the cracks, and Kathy and I wanted to follow through on the pledge we made to made in our email of April 6th - and now we have.

Further, as the impact of GDPR has been cited as one rationale for postponing URS decisions to Phase II of our work, and as we will be discussing that proposal on the next WG call, it seemed useful to ask staff to aggregate all the relevant UDRP and URS document sections that reference WHOIS and related matters to have a better informed conversation.

I don't view this as a side issue nor do I share your concern that it will have an adverse effect on our other work. Kathy and I have done the heavy lifting here, and staff prepared material that is useful in another context. This can be readily and quickly resolved on the email list and members can suggest edits, and also opine on whether they think the letter should be transmitted. There's no reason this matter can't be resolved before our next call.

Meanwhile, we have made rapid progress on URS matters through judicious use of sub-teams, and are in position to send out compressive questions next week to practitioners and providers, and to receive their responses in time to have well-informed discussions just prior to and in Panama -- all prior to receipt of answers to the survey questions on TMCH, Trademark Claims, and Sunrise which are expected back in July. We are operating efficiently and are on schedule.

I hope that addresses your concern.

Philip

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Jeff Neuman [mailto:jeff.neuman@comlaude.com] Sent: Thursday, April 26, 2018 6:25 PM To: Corwin, Philip <pcorwin@verisign.com> Cc: gnso-rpm-wg@icann.org Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II)

Phil,

Has anyone asked the registries/registrars whether they would continue to provide the Dispute Resolution Providers with WHOIS information needed for the implementation of the URS/UDRP. I have not heard any registries or registrars say that they would cease to provide that information? In fact, I have heard the opposite from a number of them (including us - Com Laude). Providing information to dispute providers for the purpose of the implementation of UDRP / URS does fall under a couple of the GDPR exceptions.

It seems to me that we may be spending a lot of time on a letter when registries and registrars would likely provide that information after the filing of an applicable dispute. We should be focusing on getting the work done we have before us rather than delving into these side issues.

I will also being this issue up in the registrars SG to confirm what I have been hearing.

Jeffrey J. Neuman

Senior Vice President |Valideus USA | Com Laude USA

1751 Pinnacle Drive, Suite 600

Mclean, VA 22102, United States

E: jeff.neuman@valideus.com or jeff.neuman@comlaude.com

T: +1.703.635.7514

M: +1.202.549.5079

@Jintlaw

From: gnso-rpm-wg <gnso-rpm-wg-bounces@icann.org> On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 8:58 PM To: gnso-rpm-wg@icann.org Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High

WG members:

Following up on the co-chairs email of April 6th, in which we stated--

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. -

Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS.

Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information.

Thank you and best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II

Dear John:

Thank you for your submission regarding a variety of proposed changes to this Working Group's Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration.

We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work.

We also note that your proposal raises multiple issues, including:

* Amendment of the WG Charter to move the URS review and recommendations to Phase II * Amendment of the WG Charter to define issues that must, may, and may not be addressed * Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review * Adjustment of the WG leadership structure for Phase II * Potential pause in the start of Phase II keyed to GDPR impact understanding

These are all major issues and we encourage WG members to comment on all of them.

Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access.

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management.

Best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II

Dear RPM Working Group:

In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group's charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration.

Kind regards,

John

Proposal to Shift URS from Phase I to Phase II:

1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months.

2. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time:

The "third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program."

3. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group ("RPM Working Group"). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP.

4. The Objective & Goals in the PDP's Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP's Charter were broadly defined:

"In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future."

5. However, the RPM Working Group Charter also contains a lengthy attachment entitled "LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP" This "list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue". This list contains topics that are out of scope when compared with the Objectives and Goals, including:

1. Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window 2. Should monetary damages be awarded? 3. Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? 4. Should injunctive relief be available? 5. Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a "cybersquatter"?

6. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would:

1. Define clearly what success for the proposed working group "should look like". (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS ("Transcript") at p. 5). 2. Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). 3. Have "more defined issues, [be] more bounded, more limited." (Transcript at p. 5). 4. Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). 5. Having a charter drafting team that "that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience." (S. DelBianco reporting on breakout session, Transcript at p. 5).

7. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner.

8. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by:

1. Procedure for UDRP/URS:

1. Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. 2. Possibility that the Language of the URS proceeding cannot be determined.

2. Procedure for URS:

1. Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant's country or territory. 2. Possibility that URS complainants cannot know the language of a possible response. 3. Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly.

3. UDRP Element 2 / URS:

1. Cannot argue that the registrant is not commonly known by the Domain Name at issue. 2. Cannot determine if the registrant has been authorized by the Trademark holder. 3. Cannot determine if the registrant is an authorized reseller of the Trademark holder's product. 4. Cannot determine on what date the domain name was "registered" by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed.

4. UDRP Element 3:

1. Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). 2. Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. 3. Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). 4. Cannot determine if the registrant is technically a "competitor" that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii).

9. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08 mar18-en.pdf. Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time.

Recommendation:

1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment.

2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices.

3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows:

1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known;

2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed;

3. provide clear guidance on the scope of the review of the URS and UDRP.

Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams.

JOHN C. MCELWAINE PARTNER

john.mcelwaine@nelsonmullins.com

LIBERTY CENTER | SUITE 600

151 MEETING STREET | CHARLESTON, SC 29401

T 843.534.4302 F 843.722.8700

101 CONSTITUTION AVENUE, NW | SUITE 900

WASHINGTON, D.C., 20001

T 202.689.2939 F 202.689.2862

NELSONMULLINS.COM VCARD VIEW BIO

Confidentiality Notice

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure.

If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message.

I haven't been following the list so apologize if this was addressed. When personal data is transferred to the providers, will they have to promise not to share it with the complainant? That doesn't work because the complainant may need to see the verification response if its relevant evidence or has a good basis to see it--whether to amend the complaint or make a request to consolidate, for example. Therefore, there will be a possible data transfer from the provider to the complainant that contracted parties will need to make sure is made clear to the registrants. The data will need to be protected by the complainant in the proceeding just like by the provider. Jonathan Matkowsky On Fri, Apr 27, 2018 at 12:29 AM, Jeff Neuman <jeff.neuman@comlaude.com> wrote:

Phil,

If as you say you cannot assume that all registrars will give dispute providers the data, then how can you just assume that registrars will not. As I said I am caucusing with the registrars now to get the group some data.

Rather than crying wolf and sending a letter directly over the heads of the registrars to the CEO of ICANN, I am just advocating for some direct dialogue with the registrars. Let’s not always assume the worst, but rather talk to one another first.

Jeff Neuman

...

On Apr 26, 2018, at 11:49 PM, Corwin, Philip <pcorwin@verisign.com> wrote:

Jeff:

While it is good that Com Laude will continue to provide registrant data to UDRP dispute providers, we cannot assume that every other registrar and registry will make the same decision in regard to GDPR compliance. We don't want to see this issue fall through the cracks, and Kathy and I wanted to follow through on the pledge we made to made in our email of April 6th - and now we have.

Further, as the impact of GDPR has been cited as one rationale for postponing URS decisions to Phase II of our work, and as we will be discussing that proposal on the next WG call, it seemed useful to ask staff to aggregate all the relevant UDRP and URS document sections that reference WHOIS and related matters to have a better informed conversation.

I don't view this as a side issue nor do I share your concern that it will have an adverse effect on our other work. Kathy and I have done the heavy lifting here, and staff prepared material that is useful in another context. This can be readily and quickly resolved on the email list and members can suggest edits, and also opine on whether they think the letter should be transmitted. There's no reason this matter can't be resolved before our next call.

Meanwhile, we have made rapid progress on URS matters through judicious use of sub-teams, and are in position to send out compressive questions next week to practitioners and providers, and to receive their responses in time to have well-informed discussions just prior to and in Panama -- all prior to receipt of answers to the survey questions on TMCH, Trademark Claims, and Sunrise which are expected back in July. We are operating efficiently and are on schedule.

I hope that addresses your concern.

Philip

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Jeff Neuman [mailto:jeff.neuman@comlaude.com] Sent: Thursday, April 26, 2018 6:25 PM To: Corwin, Philip <pcorwin@verisign.com> Cc: gnso-rpm-wg@icann.org Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II)

Phil,

Has anyone asked the registries/registrars whether they would continue to provide the Dispute Resolution Providers with WHOIS information needed for the implementation of the URS/UDRP. I have not heard any registries or registrars say that they would cease to provide that information? In fact, I have heard the opposite from a number of them (including us - Com Laude). Providing information to dispute providers for the purpose of the implementation of UDRP / URS does fall under a couple of the GDPR exceptions.

It seems to me that we may be spending a lot of time on a letter when registries and registrars would likely provide that information after the filing of an applicable dispute. We should be focusing on getting the work done we have before us rather than delving into these side issues.

I will also being this issue up in the registrars SG to confirm what I have been hearing.

Jeffrey J. Neuman

Senior Vice President |Valideus USA | Com Laude USA

1751 Pinnacle Drive, Suite 600

Mclean, VA 22102, United States

E: jeff.neuman@valideus.com or jeff.neuman@comlaude.com

T: +1.703.635.7514

M: +1.202.549.5079

@Jintlaw

From: gnso-rpm-wg <gnso-rpm-wg-bounces@icann.org> On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 8:58 PM To: gnso-rpm-wg@icann.org Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High

WG members:

Following up on the co-chairs email of April 6th, in which we stated--

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. -

Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS.

Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information.

Thank you and best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II

Dear John:

Thank you for your submission regarding a variety of proposed changes to this Working Group's Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration.

We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work.

We also note that your proposal raises multiple issues, including:

* Amendment of the WG Charter to move the URS review and recommendations to Phase II * Amendment of the WG Charter to define issues that must, may, and may not be addressed * Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review * Adjustment of the WG leadership structure for Phase II * Potential pause in the start of Phase II keyed to GDPR impact understanding

These are all major issues and we encourage WG members to comment on all of them.

Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access.

In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management.

Best regards,

Philip & Kathy

Philip S. Corwin

Policy Counsel

VeriSign, Inc.

12061 Bluemont Way Reston, VA 20190

703-948-4648/Direct

571-342-7489/Cell

"Luck is the residue of design" -- Branch Rickey

From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II

Dear RPM Working Group:

In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group's charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration.

Kind regards,

John

Proposal to Shift URS from Phase I to Phase II:

1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months.

2. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time:

The "third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program."

3. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group ("RPM Working Group"). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP.

4. The Objective & Goals in the PDP's Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP's Charter were broadly defined:

"In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future."

5. However, the RPM Working Group Charter also contains a lengthy attachment entitled "LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP" This "list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue". This list contains topics that are out of scope when compared with the Objectives and Goals, including:

1. Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window 2. Should monetary damages be awarded? 3. Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? 4. Should injunctive relief be available? 5. Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a "cybersquatter"?

6. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would:

1. Define clearly what success for the proposed working group "should look like". (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS ("Transcript") at p. 5). 2. Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). 3. Have "more defined issues, [be] more bounded, more limited." (Transcript at p. 5). 4. Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). 5. Having a charter drafting team that "that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience." (S. DelBianco reporting on breakout session, Transcript at p. 5).

7. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner.

8. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by:

1. Procedure for UDRP/URS:

1. Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. 2. Possibility that the Language of the URS proceeding cannot be determined.

2. Procedure for URS:

1. Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant's country or territory. 2. Possibility that URS complainants cannot know the language of a possible response. 3. Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly.

3. UDRP Element 2 / URS:

1. Cannot argue that the registrant is not commonly known by the Domain Name at issue. 2. Cannot determine if the registrant has been authorized by the Trademark holder. 3. Cannot determine if the registrant is an authorized reseller of the Trademark holder's product. 4. Cannot determine on what date the domain name was "registered" by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed.

4. UDRP Element 3:

1. Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). 2. Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. 3. Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). 4. Cannot determine if the registrant is technically a "competitor" that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii).

9. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model- 08mar18-en.pdf. Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time.

Recommendation:

1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment.

2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices.

3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows:

1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known;

2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed;

3. provide clear guidance on the scope of the review of the URS and UDRP.

Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams.

JOHN C. MCELWAINE PARTNER

john.mcelwaine@nelsonmullins.com

LIBERTY CENTER | SUITE 600

151 MEETING STREET | CHARLESTON, SC 29401

T 843.534.4302 F 843.722.8700

101 CONSTITUTION AVENUE, NW | SUITE 900

WASHINGTON, D.C., 20001

T 202.689.2939 F 202.689.2862

NELSONMULLINS.COM VCARD VIEW BIO

Confidentiality Notice

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure.

If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message.

_______________________________________________ gnso-rpm-wg mailing list gnso-rpm-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rpm-wg

-- ******************************************************************* This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you. *******************************************************************

Thanks for the constructive feedback, Brian. As your edits of the original letter are so extensive I have taken the liberty of accepting them in the attached document, so that WG members can read it more easily. I am personally indifferent to whether we send the original version, your rewrite, or something in between, and encourage feedback on that from WG members - as well as on the threshold question of communicating on this subject with the GNSO Council which supervises our work. Again, the intent of the draft letter is not to dictate any particular result vis-à-vis contracted parties but to make sure that those who are discussing resolution of GDPR/WHOIS issues are fully aware of the ways in which relevant UDRP and URS provisions reference access to and use of registrant data in the administration of those dispute processes. As for your suggested additions to the chart, I would expect staff to take note and update the chart accordingly, and then circulate the revised version to WG members. Best, Philip Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: BECKHAM, Brian [mailto:brian.beckham@wipo.int] Sent: Friday, April 27, 2018 11:38 AM To: gnso-rpm-wg@icann.org; Corwin, Philip <pcorwin@verisign.com> Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Phil, all, I have noted a number of exchanges in this thread, including those by Jeff Neuman and others raising the need for sending such a letter. Without wishing to weigh in on the decision to send a letter or not, if a letter is sent, I propose the edits in the attached (it is easier to read in "final"). (I hope this is ok, and I suppose the document permissions were inadvertently tagged as "This document has been marked as final to discourage editing." ; ) As to the chart, on the UDRP side, it should include: - UDRP para 2 - UDRP para 4(b)(i) - (iv) - UDRP para 4(c)(i) - (iii) - UDRP para 4(f) - UDRP para 7 - UDRP para 8(a) - the full text of UDRP Rules para 2 (i.e., not skipping the obligations preamble) - UDRP Rules para 4(b) - UDRP Rules para 17 (a)(i) - (vii) If the reference to UDRP Rules para 6(a) and (d) are retained, UDRP Rules para 6(c) and (f) should be added. I also suggest removing the term "PII" from both the chart title and the legend. Thanks, Brian From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 9:58 PM To: gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org> Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High WG members: Following up on the co-chairs email of April 6th, in which we stated-- In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. - Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS. Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information. Thank you and best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com>>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II Dear John: Thank you for your submission regarding a variety of proposed changes to this Working Group's Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration. We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work. We also note that your proposal raises multiple issues, including: ********* Amendment of the WG Charter to move the URS review and recommendations to Phase II ********* Amendment of the WG Charter to define issues that must, may, and may not be addressed ********* Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review ********* Adjustment of the WG leadership structure for Phase II ********* Potential pause in the start of Phase II keyed to GDPR impact understanding These are all major issues and we encourage WG members to comment on all of them. Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access. In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. Best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II Dear RPM Working Group: In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group's charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration. Kind regards, John Proposal to Shift URS from Phase I to Phase II: 1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months. 2. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time: The "third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program." 3. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group ("RPM Working Group"). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP. 4. The Objective & Goals in the PDP's Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP's Charter were broadly defined: "In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future." 5. However, the RPM Working Group Charter also contains a lengthy attachment entitled "LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP" This "list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue". This list contains topics that are out of scope when compared with the Objectives and Goals, including: 1. Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window 2. Should monetary damages be awarded? 3. Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? 4. Should injunctive relief be available? 5. Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a "cybersquatter"? 6. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would: 1. Define clearly what success for the proposed working group "should look like". (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS ("Transcript") at p. 5). 2. Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). 3. Have "more defined issues, [be] more bounded, more limited." (Transcript at p. 5). 4. Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). 5. Having a charter drafting team that "that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience." (S. DelBianco reporting on breakout session, Transcript at p. 5). 7. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner. 8. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by: 1. Procedure for UDRP/URS: 1. Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. 2. Possibility that the Language of the URS proceeding cannot be determined. 2. Procedure for URS: 1. Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant's country or territory. 2. Possibility that URS complainants cannot know the language of a possible response. 3. Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly. 2. UDRP Element 2 / URS: 1. Cannot argue that the registrant is not commonly known by the Domain Name at issue. 2. Cannot determine if the registrant has been authorized by the Trademark holder. 3. Cannot determine if the registrant is an authorized reseller of the Trademark holder's product. 4. Cannot determine on what date the domain name was "registered" by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed. 3. UDRP Element 3: 1. Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). 2. Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. 3. Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). 4. Cannot determine if the registrant is technically a "competitor" that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii). 9. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08.... Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time. Recommendation: 1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment. 2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices. 3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows: 1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known; 2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed; 3. provide clear guidance on the scope of the review of the URS and UDRP. Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams. JOHN C. MCELWAINE PARTNER john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com> LIBERTY CENTER | SUITE 600 151 MEETING STREET | CHARLESTON, SC 29401 T 843.534.4302 F 843.722.8700 101 CONSTITUTION AVENUE, NW | SUITE 900 WASHINGTON, D.C., 20001 T 202.689.2939 F 202.689.2862 NELSONMULLINS.COM<http://www.nelsonmullins.com> VCARD<http://www.nelsonmullins.com/people/john-mcelwaine/vcard> VIEW BIO<http://www.nelsonmullins.com/people/john-mcelwaine> Confidentiality Notice This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message. World Intellectual Property Organization Disclaimer: This electronic message may contain privileged, confidential and copyright protected information. If you have received this e-mail by mistake, please immediately notify the sender and delete this e-mail and all its attachments. Please ensure all e-mail attachments are scanned for viruses prior to opening or using.

Thanks Phil, I perhaps should have said in my original message that I tried to stay within the spirit of the draft letter, merely editing with a view to streamlining it. Like you, I am somewhat agnostic about sending it. To that end, I would add that as a UDRP provider, I have raised this with ICANN (including legal) and several registrars, and do not see any reason there *should be* substantial operational hurdles on the provider side. (To be clear, in saying this, I am not offering an opinion as to any broader enforcement concerns or considerations.) Hope that helps give some context. Brian On 27 April 2018 at 20:04:41 GMT+2, Corwin, Philip <pcorwin@verisign.com> wrote: Trying this again – I received feedback that the attachment I sent did not have the edits accepted. Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: Corwin, Philip Sent: Friday, April 27, 2018 1:56 PM To: 'brian.beckham@wipo.int' <brian.beckham@wipo.int>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org> Subject: RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Thanks for the constructive feedback, Brian. As your edits of the original letter are so extensive I have taken the liberty of accepting them in the attached document, so that WG members can read it more easily. I am personally indifferent to whether we send the original version, your rewrite, or something in between, and encourage feedback on that from WG members – as well as on the threshold question of communicating on this subject with the GNSO Council which supervises our work. Again, the intent of the draft letter is not to dictate any particular result vis-à-vis contracted parties but to make sure that those who are discussing resolution of GDPR/WHOIS issues are fully aware of the ways in which relevant UDRP and URS provisions reference access to and use of registrant data in the administration of those dispute processes. As for your suggested additions to the chart, I would expect staff to take note and update the chart accordingly, and then circulate the revised version to WG members. Best, Philip Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: BECKHAM, Brian [mailto:brian.beckham@wipo.int] Sent: Friday, April 27, 2018 11:38 AM To: gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>; Corwin, Philip <pcorwin@verisign.com<mailto:pcorwin@verisign.com>> Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Phil, all, I have noted a number of exchanges in this thread, including those by Jeff Neuman and others raising the need for sending such a letter. Without wishing to weigh in on the decision to send a letter or not, if a letter is sent, I propose the edits in the attached (it is easier to read in “final”). (I hope this is ok, and I suppose the document permissions were inadvertently tagged as “This document has been marked as final to discourage editing.” ; ) As to the chart, on the UDRP side, it should include: - UDRP para 2 - UDRP para 4(b)(i) – (iv) - UDRP para 4(c)(i) – (iii) - UDRP para 4(f) - UDRP para 7 - UDRP para 8(a) - the full text of UDRP Rules para 2 (i.e., not skipping the obligations preamble) - UDRP Rules para 4(b) - UDRP Rules para 17 (a)(i) – (vii) If the reference to UDRP Rules para 6(a) and (d) are retained, UDRP Rules para 6(c) and (f) should be added. I also suggest removing the term “PII” from both the chart title and the legend. Thanks, Brian From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 9:58 PM To: gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org> Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High WG members: Following up on the co-chairs email of April 6th, in which we stated-- In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN’s CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. – Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS. Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information. Thank you and best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com>>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II Dear John: Thank you for your submission regarding a variety of proposed changes to this Working Group’s Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration. We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work. We also note that your proposal raises multiple issues, including: · Amendment of the WG Charter to move the URS review and recommendations to Phase II · Amendment of the WG Charter to define issues that must, may, and may not be addressed · Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review · Adjustment of the WG leadership structure for Phase II · Potential pause in the start of Phase II keyed to GDPR impact understanding These are all major issues and we encourage WG members to comment on all of them. Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access. In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN’s CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. Best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II Dear RPM Working Group: In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group’s charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration. Kind regards, John Proposal to Shift URS from Phase I to Phase II: 1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months. 1. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time: The “third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program.” 1. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group (“RPM Working Group”). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP. 1. The Objective & Goals in the PDP’s Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP’s Charter were broadly defined: “In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future.” 1. However, the RPM Working Group Charter also contains a lengthy attachment entitled “LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP” This “list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue”. This list contains topics that are out of scope when compared with the Objectives and Goals, including: * Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window * Should monetary damages be awarded? * Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? * Should injunctive relief be available? * Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a “cybersquatter”? 1. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would: * Define clearly what success for the proposed working group ”should look like”. (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS (“Transcript”) at p. 5). * Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). * Have “more defined issues, [be] more bounded, more limited.” (Transcript at p. 5). * Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). * Having a charter drafting team that “that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience.” (S. DelBianco reporting on breakout session, Transcript at p. 5). 1. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner. 1. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by: * Procedure for UDRP/URS: * Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. * Possibility that the Language of the URS proceeding cannot be determined. * Procedure for URS: * Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant’s country or territory. * Possibility that URS complainants cannot know the language of a possible response. * Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly. * UDRP Element 2 / URS: * Cannot argue that the registrant is not commonly known by the Domain Name at issue. * Cannot determine if the registrant has been authorized by the Trademark holder. * Cannot determine if the registrant is an authorized reseller of the Trademark holder’s product. * Cannot determine on what date the domain name was “registered” by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed. * UDRP Element 3: * Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). * Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. * Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). * Cannot determine if the registrant is technically a “competitor” that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii). 1. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08.... Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time. Recommendation: 1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment. 2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices. 3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows: 1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known; 2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed; 3. provide clear guidance on the scope of the review of the URS and UDRP. Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams. [Image removed by sender. http://www.nelsonmullins.com/img/ecard-logo.png] JOHN C. MCELWAINE PARTNER john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com> LIBERTY CENTER | SUITE 600 151 MEETING STREET | CHARLESTON, SC 29401 T 843.534.4302 F 843.722.8700 101 CONSTITUTION AVENUE, NW | SUITE 900 WASHINGTON, D.C., 20001 T 202.689.2939 F 202.689.2862 NELSONMULLINS.COM<http://www.nelsonmullins.com> VCARD<http://www.nelsonmullins.com/people/john-mcelwaine/vcard> VIEW BIO<http://www.nelsonmullins.com/people/john-mcelwaine> Confidentiality Notice This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message. World Intellectual Property Organization Disclaimer: This electronic message may contain privileged, confidential and copyright protected information. If you have received this e-mail by mistake, please immediately notify the sender and delete this e-mail and all its attachments. Please ensure all e-mail attachments are scanned for viruses prior to opening or using.

Thanks Phil, I have just one suggestion, instead of: "It is particularly important that access to this data remain available during the period between the initiation of GDPR enforcement on May 25, 2018 and development and implementation of an accreditation and access model." We might say something like: "It is particularly important that access to this data remain available between the GDPR coming into force on May 25, 2018 and expected ICANN guidance on this topic (which may include it being addressed in an anticipated "accreditation and access" model)." (I also wouldn't bother to define DRP so as to avoid more acronyms, but maybe that's just me.) Brian From: Corwin, Philip [mailto:pcorwin@verisign.com] Sent: Wednesday, May 02, 2018 12:19 AM To: BECKHAM, Brian; gnso-rpm-wg@icann.org Subject: RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Brian: I have now had a chance to fully focus on your revised draft and have made a few modest edits, which are contained in the attached draft. If you and WG members find them acceptable then we can make the text final and send the letter on this week. WG members should post any comments to the email list and, if necessary, we can spend a few minutes discussing this matter on tomorrow's call. Thanks and best regards, Philip Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: BECKHAM, Brian [mailto:brian.beckham@wipo.int] Sent: Friday, April 27, 2018 2:30 PM To: Corwin, Philip <pcorwin@verisign.com>; gnso-rpm-wg@icann.org Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Thanks Phil, I perhaps should have said in my original message that I tried to stay within the spirit of the draft letter, merely editing with a view to streamlining it. Like you, I am somewhat agnostic about sending it. To that end, I would add that as a UDRP provider, I have raised this with ICANN (including legal) and several registrars, and do not see any reason there *should be* substantial operational hurdles on the provider side. (To be clear, in saying this, I am not offering an opinion as to any broader enforcement concerns or considerations.) Hope that helps give some context. Brian On 27 April 2018 at 20:04:41 GMT+2, Corwin, Philip <pcorwin@verisign.com<mailto:pcorwin@verisign.com>> wrote: Trying this again - I received feedback that the attachment I sent did not have the edits accepted. Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: Corwin, Philip Sent: Friday, April 27, 2018 1:56 PM To: 'brian.beckham@wipo.int' <brian.beckham@wipo.int<mailto:brian.beckham@wipo.int>>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Thanks for the constructive feedback, Brian. As your edits of the original letter are so extensive I have taken the liberty of accepting them in the attached document, so that WG members can read it more easily. I am personally indifferent to whether we send the original version, your rewrite, or something in between, and encourage feedback on that from WG members - as well as on the threshold question of communicating on this subject with the GNSO Council which supervises our work. Again, the intent of the draft letter is not to dictate any particular result vis-à-vis contracted parties but to make sure that those who are discussing resolution of GDPR/WHOIS issues are fully aware of the ways in which relevant UDRP and URS provisions reference access to and use of registrant data in the administration of those dispute processes. As for your suggested additions to the chart, I would expect staff to take note and update the chart accordingly, and then circulate the revised version to WG members. Best, Philip Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: BECKHAM, Brian [mailto:brian.beckham@wipo.int] Sent: Friday, April 27, 2018 11:38 AM To: gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>; Corwin, Philip <pcorwin@verisign.com<mailto:pcorwin@verisign.com>> Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Phil, all, I have noted a number of exchanges in this thread, including those by Jeff Neuman and others raising the need for sending such a letter. Without wishing to weigh in on the decision to send a letter or not, if a letter is sent, I propose the edits in the attached (it is easier to read in "final"). (I hope this is ok, and I suppose the document permissions were inadvertently tagged as "This document has been marked as final to discourage editing." ; ) As to the chart, on the UDRP side, it should include: - UDRP para 2 - UDRP para 4(b)(i) - (iv) - UDRP para 4(c)(i) - (iii) - UDRP para 4(f) - UDRP para 7 - UDRP para 8(a) - the full text of UDRP Rules para 2 (i.e., not skipping the obligations preamble) - UDRP Rules para 4(b) - UDRP Rules para 17 (a)(i) - (vii) If the reference to UDRP Rules para 6(a) and (d) are retained, UDRP Rules para 6(c) and (f) should be added. I also suggest removing the term "PII" from both the chart title and the legend. Thanks, Brian From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 9:58 PM To: gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org> Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High WG members: Following up on the co-chairs email of April 6th, in which we stated-- In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. - Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS. Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information. Thank you and best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com>>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II Dear John: Thank you for your submission regarding a variety of proposed changes to this Working Group's Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration. We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work. We also note that your proposal raises multiple issues, including: * Amendment of the WG Charter to move the URS review and recommendations to Phase II * Amendment of the WG Charter to define issues that must, may, and may not be addressed * Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review * Adjustment of the WG leadership structure for Phase II * Potential pause in the start of Phase II keyed to GDPR impact understanding These are all major issues and we encourage WG members to comment on all of them. Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access. In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. Best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II Dear RPM Working Group: In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group's charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration. Kind regards, John Proposal to Shift URS from Phase I to Phase II: 1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months. 1. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time: The "third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program." 1. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group ("RPM Working Group"). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP. 1. The Objective & Goals in the PDP's Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP's Charter were broadly defined: "In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future." 1. However, the RPM Working Group Charter also contains a lengthy attachment entitled "LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP" This "list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue". This list contains topics that are out of scope when compared with the Objectives and Goals, including: * Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window * Should monetary damages be awarded? * Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? * Should injunctive relief be available? * Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a "cybersquatter"? 1. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would: * Define clearly what success for the proposed working group "should look like". (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS ("Transcript") at p. 5). * Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). * Have "more defined issues, [be] more bounded, more limited." (Transcript at p. 5). * Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). * Having a charter drafting team that "that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience." (S. DelBianco reporting on breakout session, Transcript at p. 5). 1. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner. 1. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by: * Procedure for UDRP/URS: * Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. * Possibility that the Language of the URS proceeding cannot be determined. * Procedure for URS: * Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant's country or territory. * Possibility that URS complainants cannot know the language of a possible response. * Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly. * UDRP Element 2 / URS: * Cannot argue that the registrant is not commonly known by the Domain Name at issue. * Cannot determine if the registrant has been authorized by the Trademark holder. * Cannot determine if the registrant is an authorized reseller of the Trademark holder's product. * Cannot determine on what date the domain name was "registered" by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed. * UDRP Element 3: * Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). * Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. * Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). * Cannot determine if the registrant is technically a "competitor" that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii). 1. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08.... Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time. Recommendation: 1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment. 2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices. 3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows: 1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known; 2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed; 3. provide clear guidance on the scope of the review of the URS and UDRP. Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams. [Image removed by sender. Image removed by sender. http://www.nelsonmullins.com/img/ecard-logo.png] JOHN C. MCELWAINE PARTNER john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com> LIBERTY CENTER | SUITE 600 151 MEETING STREET | CHARLESTON, SC 29401 T 843.534.4302 F 843.722.8700 101 CONSTITUTION AVENUE, NW | SUITE 900 WASHINGTON, D.C., 20001 T 202.689.2939 F 202.689.2862 NELSONMULLINS.COM<http://www.nelsonmullins.com> VCARD<http://www.nelsonmullins.com/people/john-mcelwaine/vcard> VIEW BIO<http://www.nelsonmullins.com/people/john-mcelwaine> Confidentiality Notice This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message. World Intellectual Property Organization Disclaimer: This electronic message may contain privileged, confidential and copyright protected information. If you have received this e-mail by mistake, please immediately notify the sender and delete this e-mail and all its attachments. Please ensure all e-mail attachments are scanned for viruses prior to opening or using.

Hi Dale, I suppose I thought it was self-evident given the purpose and the rest of the letter. Brian On 27 April 2018 at 23:54:51 CEST, Nelson, Dale <Dale.Nelson@warnerbros.com> wrote: The only comment I have is whether we should be keeping the paragraph that notes the need for continued access for UDRP/URS providers following May 25th and prior to finalizing an accreditation framework. Brian, I’m not sure why you suggested taking that out? Thanks, Dale Dale Nelson | Vice President, Senior Intellectual Property Counsel | Warner Bros. | 818.954.7967<tel:(818)%20954-7967> | dale.nelson@warnerbros.com<mailto:steven.fogelson@warnerbros.com> CONFIDENTIAL COMMUNICATION: This message, together with any attachment(s), may constitute or contain privileged and confidential legal advice and attorney work product and is to be opened and read only by the intended recipient(s). If you think that you have received this message in error, please delete it and notify the sender. If you are not the intended recipient(s), any dissemination, distribution or copying is strictly prohibited. Thank you. From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of BECKHAM, Brian Sent: Friday, April 27, 2018 8:38 AM To: gnso-rpm-wg@icann.org; Corwin, Philip (pcorwin@verisign.com) <pcorwin@verisign.com> Subject: Re: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) [CAUTION] This email originated outside Warner Bros. Phil, all, I have noted a number of exchanges in this thread, including those by Jeff Neuman and others raising the need for sending such a letter. Without wishing to weigh in on the decision to send a letter or not, if a letter is sent, I propose the edits in the attached (it is easier to read in “final”). (I hope this is ok, and I suppose the document permissions were inadvertently tagged as “This document has been marked as final to discourage editing.” ; ) As to the chart, on the UDRP side, it should include: - UDRP para 2 - UDRP para 4(b)(i) – (iv) - UDRP para 4(c)(i) – (iii) - UDRP para 4(f) - UDRP para 7 - UDRP para 8(a) - the full text of UDRP Rules para 2 (i.e., not skipping the obligations preamble) - UDRP Rules para 4(b) - UDRP Rules para 17 (a)(i) – (vii) If the reference to UDRP Rules para 6(a) and (d) are retained, UDRP Rules para 6(c) and (f) should be added. I also suggest removing the term “PII” from both the chart title and the legend. Thanks, Brian From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of Corwin, Philip via gnso-rpm-wg Sent: Thursday, April 26, 2018 9:58 PM To: gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org> Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II) Importance: High WG members: Following up on the co-chairs email of April 6th, in which we stated-- In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN’s CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. – Kathy and I have now prepared a draft letter to the GNSO Council, for transmission onward to ICANN management and other parties, for your review. It addresses the subject of the relationship of UDRP and URS administration based upon registrant data obtained from WHOIS records. In preparing this letter we relied extensively on the attached listing of UDRP Policy and Rules and URS Rules and Procedure that mention or are related to registrant data and WHOIS. Please review this attached letter at your earliest opportunity and post any suggested revisions or additions to the WG email list. As initiation of GDPR enforcement is now less than one month away time is of the essence in transmitting this information. Thank you and best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: Corwin, Philip Sent: Friday, April 06, 2018 11:03 AM To: 'john.mcelwaine@nelsonmullins.com' <john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com>>; 'gnso-rpm-wg@icann.org' <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II Dear John: Thank you for your submission regarding a variety of proposed changes to this Working Group’s Charter. Our understanding from discussions with staff is that, while there is no set requirement for the level of support within a WG required to request that GNSO Council consider a Charter revision, such revisions are relatively rare and have in the past been supported by a substantial majority of WG members in the absence of significant opposition prior to transmission to Council for its consideration. We therefore strongly encourage all WG members to carefully review your proposal and, regardless of whether one supports or opposes it, to provide some feedback to the full WG email list so that we can begin to gauge overall support. Such email discussion can be preliminary to a full WG oral discussion on a call sometime in late April or early May, if there are indications of substantial support within the WG and a desire to engage in further discussion. The full WG will resume its regular Wednesday calls by mid-April (we anticipate April 18), after the URS Documents, Practitioners and Providers sub-teams have completed their current work. We also note that your proposal raises multiple issues, including: · Amendment of the WG Charter to move the URS review and recommendations to Phase II · Amendment of the WG Charter to define issues that must, may, and may not be addressed · Adjustment of the WG Charter to provide additional guidance on the scope of URS and UDRP Review · Adjustment of the WG leadership structure for Phase II · Potential pause in the start of Phase II keyed to GDPR impact understanding These are all major issues and we encourage WG members to comment on all of them. Finally, regardless of whether there is substantial support within the WG for any of the elements of your proposal, we agree that the impending enforcement of GDPR raises substantial WHOIS data access issues for trademark owners and for URS and UDRP dispute resolution providers. The issues for trademark owners are currently being discussed within the full ICANN community regarding interim and final compliance models, the latter involving accreditation and tiered data access. In regard to the ability of URS and UDRP providers to continue to have access to the data elements necessary to fulfill their dispute resolution provider (DRP) roles, it is our intent to prepare a draft letter to ICANN’s CEO noting that such continued access for DRPs is essential to maintaining these non-judicial alternatives for addressing trademark infringement in the DNS, and requesting that ICANN raise this important matter in its continuing discussions with EU Data Protection Authorities. We will work with staff to prepare this draft letter and then share it with WG members for review and comment, after which we will coordinate with Council Leadership and the WG Liaison regarding transmission of a final text to ICANN management. Best regards, Philip & Kathy Philip S. Corwin Policy Counsel VeriSign, Inc. 12061 Bluemont Way Reston, VA 20190 703-948-4648/Direct 571-342-7489/Cell "Luck is the residue of design" -- Branch Rickey From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces@icann.org] On Behalf Of John McElwaine Sent: Thursday, April 05, 2018 9:55 PM To: gnso-rpm-wg <gnso-rpm-wg@icann.org<mailto:gnso-rpm-wg@icann.org>> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II Dear RPM Working Group: In our meeting in San Juan, Puerto Rico, I raised the issue of moving the work set forth in this Working Group’s charter relating to the URS to Phase II. The Chairs asked that I put something in writing detailing the specific recommendation and reasoning, which I present below and have also attached hereto in a Word document for your review and consideration. Kind regards, John Proposal to Shift URS from Phase I to Phase II: 1. On 15 December 2011, the GNSO Council requested that eighteen (18) months after the launch of the New gTLD Program ICANN staff prepare and publish an Issue Report on the state of all rights protection mechanisms implemented for both existing and new gTLDs, including but not limited to the UDRP and URS. The Council subsequently agreed to extend the timeline for a report by a further six (6) months. 1. On 9 October 2015, a Preliminary Issues Report was published discussing the scope of this potential PDP and outlining three possible options for moving forward. The third option ultimately was elected at that time: The “third option would be to conduct a policy review of all the RPMs in two phases, with the initial phase being a review only of the RPMs developed for the New gTLD Program. . . . The second, subsequent phase of work would be a review of the UDRP, based on the concerns specific to its scope that were raised in the 2011 GNSO Issue Report and any additional relevant topics derived from the first phase of work concerning the RPMs developed for the New gTLD Program.” 1. On 15 March 2016, the two phase approach was approved in the Charter for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP Working Group (“RPM Working Group”). Phase One was to focus on a review of all the RPMs that were developed for the New gTLD Program, and Phase Two will focus on a review of the UDRP. 1. The Objective & Goals in the PDP’s Charter were to examine (i) the RPMs effectiveness, (ii) whether the RPMs collectively fulfil their purposes, and (iii) whether additional policy specific recommendations are needed, including to clarify and unify the policy goals. RPM Working Group Charter, at p. 3. The Objectives & Goals in the PDP’s Charter were broadly defined: “In addition to an assessment of the effectiveness of each RPM, the PDP Working Group is expected to consider, at the appropriate stage of its work, the overarching issue as to whether or not all the RPMs collectively fulfill the purposes for which they were created, or whether additional policy recommendations are needed, including to clarify and unify the policy goals. If such additional policy recommendations are needed, the Working Group is expected to develop recommendations to address the specific issues identified. The Working Group is also directed to bear in mind that a fundamental underlying intention of conducting a review of all RPMs in all gTLDs is to create a framework for consistent and uniform reviews of these mechanisms in the future.” 1. However, the RPM Working Group Charter also contains a lengthy attachment entitled “LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP” This “list was derived from various community suggestions in different forums, they are not listed in any particular order of importance nor has staff attempted to analyze the merits, relevance or significance of each issue”. This list contains topics that are out of scope when compared with the Objectives and Goals, including: * Are generic dictionary words being adequately protected so that they are available for all to use as allowed under their national laws and international treaties? E.g. sun, window * Should monetary damages be awarded? * Are last names and geographic places adequately protected so that they are available for all to use as allowed under their national laws, e.g, Smith, McDonald, Capitol Hill Cafe, Old Town Deli? * Should injunctive relief be available? * Now that Reverse Domain Name Hijacking is a regular finding of UDRP panels, indicating that domain name registrants are being abused by complaints brought against them in the UDRP process, what penalties and sanctions should be imposed on Complainants found to be reverse domain name hijackers? How can those penalties and sanctions be aligned so as to be fair, as compared to the loss of a domain name taken from a registrant found to be a “cybersquatter”? 1. Issues from this list and other new out of scope issues, complaints and modifications are causing the work of the RPM Working Group to slow and are polarizing the members; thus, harming the ability to achieve consensus in the Working Group. As recommend by the PDP breakout group and discussed by the Community in attendance at the Sunday gNSO Working Session in San Juan, it would be particularly useful if working group charters would: * Define clearly what success for the proposed working group ”should look like”. (K. Kleiman reporting on breakout session, Transcript ICANN61 San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS (“Transcript”) at p. 5). * Define topics or issues that must be addressed, may be addressed and may not be addressed. (Transcript at p. 4). * Have “more defined issues, [be] more bounded, more limited.” (Transcript at p. 5). * Have a narrower scope and be broken up into separate projects. (Transcript at p. 5). * Having a charter drafting team that “that are experts, and that might mean a legal expert, but we should also have people that have experience, practical experience.” (S. DelBianco reporting on breakout session, Transcript at p. 5). 1. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices are RPMs relating to the registration process of domain names in the new gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory dispute resolution proceeding to recover a domain name that has been clearly registered in bad faith. Since the URS is intended to be complementary of the UDRP and will have similar issues it would be more efficient to address these RPMs in a more cohesive manner. 1. With respect to the URS and UDRP, The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely adversely impact the ability of the URS and UDRP to function as these policies are currently implemented. The new regulation is scheduled to take effect on May 25, 2018. Among other ways, GDRP may adversely impact the URS and the UDRP by: * Procedure for UDRP/URS: * Possibility that Providers cannot serve the UDRP/URS Complaint if an email address cannot be obtained. * Possibility that the Language of the URS proceeding cannot be determined. * Procedure for URS: * Possibility that the URS provider cannot translate the notice of URS complaint into the predominant language used in the Registrant’s country or territory. * Possibility that URS complainants cannot know the language of a possible response. * Possibility that URS complainants do not know whether the URS complaint was translated into the correct language(s) and that proceedings were administered correctly. * UDRP Element 2 / URS: * Cannot argue that the registrant is not commonly known by the Domain Name at issue. * Cannot determine if the registrant has been authorized by the Trademark holder. * Cannot determine if the registrant is an authorized reseller of the Trademark holder’s product. * Cannot determine on what date the domain name was “registered” by the current domain name holder if it was transferred to this current domain name holder. (requires being able to see the WhoIs history). This could prevent baseless claims from being filed. * UDRP Element 3: * Cannot determine if registrant has engaged in a pattern of bad faith registrations. Rule 4(b)(ii). * Cannot determine if registrant has been found to engage other unlawful actions, such as malware, phishing or scams. * Cannot determine if the registrant is in a particular geographic region to be better assess the possibility of legitimate co-existence (thus possibly even foregoing the filing of a case, and response, in the first place). * Cannot determine if the registrant is technically a “competitor” that has registered the Domain Name for the purpose of disrupting the business of the Complainant. Rule 4(b)(iii). 1. Due to GDPR compliance issues, ICANN org is considering substantial changes to WhoIs, and has published an Interim Model for GDPR Compliance, e.g. "The CookBook" which proposes to significantly limit the public display of WhoIs data after May 25, 2018." see: https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08mar18-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_gdpr-2Dcompliance-2Dinterim-2Dmodel-2D08mar18-2Den.pdf&d=DwMFAg&c=-SicqtCl7ffNuxX6bdsSog&r=6EP78jk6uF76j97U6feuZGD_Ca84QQFGoVCLcICSkoY&m=QOfPRp_ubOGSBrmv31jyHM4-F2OeCxyVjMwQcOI7eGw&s=MoTkzq0hT3L86g8BT-26HXaQlc3SFNidHSSeouAua0A&e=>. Aggressive current timelines for tiered access to WhoIs data that might provide some fix for the above issues is December 2018. There is no question that GDPR will require policy consideration relating to the URS and UDRP that cannot be predicted and analyzed at this time. Recommendation: 1. The RPM Working Group finishes its already well-advanced work and issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices for public comment. 2. After comments have been analyzed for those elements, that the RPM Working Group finishes its work and issues its Final Report on the PDDRP, Trademark Clearinghouse, Sunrise, and Trademark Claims Notices. 3. The RPM Working Group issues a request through its Appointed Working Group Liaison to the GNSO Council to amend the RPM Working Group Charter as follows: 1. shift the work related to the URS to Phase II and, if necessary, pause starting Phase II until after the permanent impacts of GDPR on the URS and UDRP are known; 2. provide clear guidance to the WG on the issues that (i) must be addressed, (ii) may be addressed, and (iii) may not be addressed; 3. provide clear guidance on the scope of the review of the URS and UDRP. Although a separate issue from this proposal, it is also recommended that Phase II Working Group has one chairperson with appropriate neutrality and experience in PDP consensus building and parliamentary procedures. Assistance to the chair can be provided by utilizing vice-chairs and well-structured sub-teams. [Image removed by sender. http://www.nelsonmullins.com/img/ecard-logo.png] JOHN C. MCELWAINE PARTNER john.mcelwaine@nelsonmullins.com<mailto:john.mcelwaine@nelsonmullins.com> LIBERTY CENTER | SUITE 600 151 MEETING STREET | CHARLESTON, SC 29401 T 843.534.4302 F 843.722.8700 101 CONSTITUTION AVENUE, NW | SUITE 900 WASHINGTON, D.C., 20001 T 202.689.2939 F 202.689.2862 NELSONMULLINS.COM<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nelsonmullins.com&d=...> VCARD<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nelsonmullins.com_pe...> VIEW BIO<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nelsonmullins.com_pe...> Confidentiality Notice This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message. World Intellectual Property Organization Disclaimer: This electronic message may contain privileged, confidential and copyright protected information. If you have received this e-mail by mistake, please immediately notify the sender and delete this e-mail and all its attachments. Please ensure all e-mail attachments are scanned for viruses prior to opening or using.