Rt4-whois
Threads by month
- ----- 2026 -----
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
December 2011
- 17 participants
- 41 discussions
Hi All,
What a night! I can see the 24*7 party of the WRT continued. Thanks so
very much!
Regarding the language below, could someone be an expert guide? Is it a
replacement of the whole of the Proxy Recommendations, or in addition to
the Voluntary Best Practices Guidelines (which I really liked)
Otherwise, I am thinking and researching. I think this is a big change
below, and I am not keen on #3 at all. Many, many people use proxy
services for many, many things, and the Recommendations section seems an
odd place to put a value judgement on that.
Otherwise, there are some fascinating legal concepts, and my brain
already hurts!
Thinking hard first thing in the AM and still reviewing.
I would like to know what James thinks,
Kathy
>
> Data Access- Proxy Service
>
> 1. The Review Team considers a Proxy Service as a relationship in
> which
> the registrant is acting on behalf of another. The WHOIS data is that
> of the
> agent/proxy service and the agent/proxy service alone obtains all
> rights and
> assumes all responsibility for the domain name and its manner of use.
> 2. ICANN should clarify that any registrant that may be acting as a
> proxy service for another is in all respects still the registrant and, in
> ICANN's view, should be held fully responsible for the use of the domain
> name including for any and all harm that results from the use of the
> domain
> name.
> 2. Because of ICANN's position on proxy services to date, which
> tolerates the proxy service industry that has arisen and which through RAA
> provisions gives recognition and attempts to regulate that industry, has
> been used by courts and others to allow proxy services to escape liability
> for bad acts of the proxy service customers, ICANN should either delete or
> amend those provisions of the RAA that can or have been used to allow
> proxy
> services to escape liability.
> 3. The Review Team acknowledges that there may be legitimate reasons
> for the occasional use of a proxy service, as for example to protect a
> valuable trade secret at product launch. At the same time proxy services
> should not be viewed or used as a substitute for privacy services that are
> designed to shield an individual's personal contact information. The
> legitimate use a proxy service would be the exception and not widespread.
> 4. A proxy service industry willing to accept full risks and
> liabilities
> for the manner in which domain names through its service will be used will
> take the necessary precautionary measures, in its relationship with its
> customers, such that domain names so registered are unlikely to be misused
> and, if misused, a remedy for those victimized will more likely be
> available.
>
4
5
Dec. 1, 2011
On Wed, Nov 30, 2011 at 05:26:53PM -1000, Seth M Reiss wrote:
> Data Access- Proxy Service
>
> 1. The Review Team considers a Proxy Service as a relationship in which
> the registrant is acting on behalf of another. The WHOIS data is that of the
> agent/proxy service and the agent/proxy service alone obtains all rights and
> assumes all responsibility for the domain name and its manner of use.
> 2. ICANN should clarify that any registrant that may be acting as a
> proxy service for another is in all respects still the registrant and, in
> ICANN's view, should be held fully responsible for the use of the domain
> name including for any and all harm that results from the use of the domain
> name.
> 2. Because of ICANN's position on proxy services to date, which
> tolerates the proxy service industry that has arisen and which through RAA
> provisions gives recognition and attempts to regulate that industry, has
> been used by courts and others to allow proxy services to escape liability
> for bad acts of the proxy service customers, ICANN should either delete or
> amend those provisions of the RAA that can or have been used to allow proxy
> services to escape liability.
> 3. The Review Team acknowledges that there may be legitimate reasons
> for the occasional use of a proxy service, as for example to protect a
> valuable trade secret at product launch. At the same time proxy services
> should not be viewed or used as a substitute for privacy services that are
> designed to shield an individual's personal contact information. The
> legitimate use a proxy service would be the exception and not widespread.
> 4. A proxy service industry willing to accept full risks and liabilities
> for the manner in which domain names through its service will be used will
> take the necessary precautionary measures, in its relationship with its
> customers, such that domain names so registered are unlikely to be misused
> and, if misused, a remedy for those victimized will more likely be
> available.
Despite it's a bit hard to read, it's a very good piece of work. Thank you.
The most hard to read passage is:
"any registrant that may be acting as a proxy service for another"
The word "registrant" is overloaded by implicit meanings. Common
understanding of proxy services does not consider the proxy to be the
registran. But ob behalf of ICANN policies, the proxy is the registrant and
the commonly considered registrant is something which does not really exist.
1
0
Re: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED]
by Smith, Bill Dec. 1, 2011
by Smith, Bill Dec. 1, 2011
Dec. 1, 2011
Nothing like global editing; rock around the clock.
On Nov 30, 2011, at 8:40 PM, "Seth M Reiss" <seth.reiss(a)lex-ip.com<mailto:seth.reiss@lex-ip.com>> wrote:
yes, but now it’s my time to leave – please carry on and improve in my absence
Seth
From: Emily Taylor [mailto:emily@emilytaylor.eu]
Sent: Wednesday, November 30, 2011 6:31 PM
To: Nettlefold, Peter
Cc: seth.reiss(a)lex-ip.com<mailto:seth.reiss@lex-ip.com>; bill.smith(a)paypal-inc.com<mailto:bill.smith@paypal-inc.com>; rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
Subject: Ignore my last message Re: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED]
Hi
I've now read the e-mail thread, and understand what we're doing. Substituting for 6, in order to prevent internal contradictions, yes?
On 1 December 2011 03:33, Nettlefold, Peter <Peter.Nettlefold(a)dbcde.gov.au<mailto:Peter.Nettlefold@dbcde.gov.au>> wrote:
Classification: UNCLASSIFIED
Hi Seth,
Thanks very much for taking the pen on this difficult issue.
>From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position.
I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with.
Thanks again.
Peter
----- Original Message -----
From: Seth M Reiss [mailto:seth.reiss@lex-ip.com<mailto:seth.reiss@lex-ip.com>]
Sent: Thursday, December 01, 2011 02:26 PM
To: 'Smith, Bill' <bill.smith(a)paypal-inc.com<mailto:bill.smith@paypal-inc.com>>
Cc: rt4-whois(a)icann.org<mailto:rt4-whois@icann.org> <rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>>
Subject: Re: [Rt4-whois] streamlined proxy recommendation language
mmm, didn't really want that kind of pressure.
Here's an attempt:
Data Access- Proxy Service
1. The Review Team considers a Proxy Service as a relationship in which
the registrant is acting on behalf of another. The WHOIS data is that of the
agent/proxy service and the agent/proxy service alone obtains all rights and
assumes all responsibility for the domain name and its manner of use.
2. ICANN should clarify that any registrant that may be acting as a
proxy service for another is in all respects still the registrant and, in
ICANN's view, should be held fully responsible for the use of the domain
name including for any and all harm that results from the use of the domain
name.
2. Because of ICANN's position on proxy services to date, which
tolerates the proxy service industry that has arisen and which through RAA
provisions gives recognition and attempts to regulate that industry, has
been used by courts and others to allow proxy services to escape liability
for bad acts of the proxy service customers, ICANN should either delete or
amend those provisions of the RAA that can or have been used to allow proxy
services to escape liability.
3. The Review Team acknowledges that there may be legitimate reasons
for the occasional use of a proxy service, as for example to protect a
valuable trade secret at product launch. At the same time proxy services
should not be viewed or used as a substitute for privacy services that are
designed to shield an individual's personal contact information. The
legitimate use a proxy service would be the exception and not widespread.
4. A proxy service industry willing to accept full risks and liabilities
for the manner in which domain names through its service will be used will
take the necessary precautionary measures, in its relationship with its
customers, such that domain names so registered are unlikely to be misused
and, if misused, a remedy for those victimized will more likely be
available.
I suspect most of you are asleep by now anyway. If not, feel free to
comment or modify or supplement, or in the morning.
Seth
-----Original Message-----
From: Smith, Bill [mailto:bill.smith@paypal-inc.com<mailto:bill.smith@paypal-inc.com>]
Sent: Wednesday, November 30, 2011 4:34 PM
To: Seth M Reiss
Cc: Kathy Kleiman; rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>; Susan Kawaguchi
Subject: Re: [Rt4-whois] streamlined proxy recommendation language
Seth,
Any chance you cold take a crack at this? Your writing on the subject seems
on point and I suspect you could say it using fewer words than I.
Bill
On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" <susank(a)fb.com<mailto:susank@fb.com>> wrote:
> Hi Bill,
>
> This is a valuable (albeit frustrating) discussion and necessary to make
sure we get this right, I appreciate the argument. I think we all want the
end result but it is getting to that point that may be painful but we knew
this task could be painful when we signed on.
>
> Is there a stronger recommendation that you and Seth could draft that
outlines your view point?
>
> This is all that we said in the recommendations in Dakar
>
> "Remove proxy services from the RAA since the proxy, as an agent, is the
registrant. Expand and ? affirmative sentence"
>
> I cannot live with that what would you propose to strengthen the
recommendation?
>
> At this point, I am not willing to walk away from the best practices
recommendation but I am very willing to continue the discussion and see if
there is a way forward on a recommendation we all agree to.
>
> I am going to eat dinner and walk the dog so will be offline for an hour.
>
> Susan
>
> -----Original Message-----
> From: Smith, Bill [mailto:bill.smith@paypal-inc.com<mailto:bill.smith@paypal-inc.com>]
> Sent: Wednesday, November 30, 2011 5:19 PM
> To: Susan Kawaguchi
> Cc: Seth M Reiss; Kathy Kleiman; rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> Susan,
>
> It may not seem like it but I am supportive, very supportive of your
position of to not rely on litigation to solve these types of problems.
Where we disagree is the best approach to avoid the litigation.
>
> I am not suggesting that cigarette-style litigation is the way forward.
Rather, I am concerned that proposal for retail proxy indemnification (if
I've read it right) will result in exactly that situation, some time far in
the future when society and the courts finally realize that allowing
unfettered criminal activity on the Internet is a bad idea. Retail proxies
will happily sell a service to people they don't know as long as they have
no liability.
>
> If instead of no liability, we insist that they have the liability of the
Registrant, since that's what they are, I strongly suspect that counsel for
these services will understand that they now carry at least some risk in
these transactions. Consequently, they will either recommend against them or
insist on some mechanism to mitigate the risk, through insurance or other
mechanisms - perhaps even actually knowing something about their customers.
Any or all of these would involve higher costs hence higher prices making
these services less attractive to criminals, etc.
>
> By the addition of SLAs into contracts, and mandatory consequences, we
provide a means for ICANN to ensure that valid queries, information
requests, corrections, etc. are made in a timely manner. A registrant could
ignore a request knowing that the specific penalty for failing to comply
with such request. With mandatory revocation the consequence of last resort,
we give the community and ICANN the ability to revoke a name (the only thing
of value under our control).
>
> If a proxy is a party to any of these transactions, they act as the
Registrant and must respond either directly or with guidance from the
licensee per the agreement SLAs. Failure to do so results in the same
consequences.
>
> By setting SLAs and consequences appropriately, ICANN can influence the
behavior of Registrants and those that act as proxies for them.
>
> Even if we go with language you an James worked on, and I realize that you
put in a great deal of effort on that, we'll still need something like what
I have outlined because as we discussed in Dakar, anyone can act as a proxy
for a Registrant no matter what ICANN tries to do to prevent it. If the
"best practices" ICANN develops for the retail trade prove too onerous,
proxy providers will simply step outside of the ICANN tent and provide their
services likely failing to adhere to the best practices.
>
> I hope this makes sense.
>
> Bill
>
>
> On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote:
>
> HI Bill,
>
> Thank you for your thoughts I think your statement below is my biggest
pain point.
>
> "I think they are inherently contradictory. How a service is *sold* should
not determine liability. If this were the case and we applied the proposed
definitions to consumer products, untold numbers of tort cases would be
summarily thrown out. Cigarette, toy, and asbestos manufacturers could
properly claim, "I don't know the buyer therefor I have no liability"."
>
> All of the cases you mention above relied on litigation to clarify the
existence of liability and impose that liability on the manufacturer. It
would be overwhelming and burdensome to rely on litigation to fix this
problem especially when it involves global entities as proxy service
providers. I think we have the opportunity to incentivize the registrars to
help with the problem.
>
> If I or LE are forced to rely on litigation of any sort of court order to
get information on the licensee of a domain name to pursue a provider of
counterfeit drugs, for example, this would take years for each domain name
involved.
>
> If we take a very extreme step and recommend that proxy services are not
allowed in the gTlds (as .US has done) how would that ever be enforced?
Proxy registrations provide a vital service for many in the domain name
space.
>
> Susan
>
> -----Original Message-----
> From: Smith, Bill [mailto:bill.smith@paypal-inc.com<mailto:bill.smith@paypal-inc.com>]
> Sent: Wednesday, November 30, 2011 4:20 PM
> To: Seth M Reiss
> Cc: Susan Kawaguchi; Kathy Kleiman;
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org<mailto:rt4-whois@icann.org>>
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> See below:
>
> On Nov 30, 2011, at 4:03 PM, "Seth M Reiss"
<seth.reiss(a)lex-ip.com<mailto:seth.reiss@lex-ip.com><mailto:seth.reiss@lex-ip.com<mailto:seth.reiss@lex-ip.com>><mailto:seth.reiss@lex-i<mailto:seth.reiss@lex-i>
p.com<http://p.com>>> wrote:
>
> I am not advocating ignoring proxy services simply clarifying their role
and liability as registrant. I suspect we are very closely aligned
regarding outcome, just not how to reach there.
>
> I guess I'm advocating that we get as close to ignoring them as we can.
Recognizing them, even in the limited way the current RAA does gave the
Ninth Circuit everything it need to make its liability absolving decision.
>
> While the community may not be inclined to receive a proposal to "ignore
proxy services" with open arms, I hope they would consider it if we present
it as in the public interest.
>
>
> I think we disagree regarding whether we need to tolerate an industry
simply because it exists and has for a time. ICANN did not tolerate domain
name tasting, although it acted relatively quickly there and has not here.
>
> I believe it to be a dangerous proposition to say that we need to
accommodate existing practices simply because ICANN has allowed them to
exist for a period of time, although I think it's an unfortunately
circumstance. If you apply this line of reasoning broadly, you effectively
allow the industry to restrict what ICANN can and cannot do.
>
> If we make this assumption generally, our report would be very short. Yes
there are problems with WHOIS. However, it has existed in this manner for
too long and therefor it cannot be changed.
>
>
> I would like to find a middle ground. I am not one for asking people to
think differently. I just don't see how holding stating a proxy should be
held fully responsible, and then at the same time having retail proxy
services definitions and a voluntary best practices policy, will not be
viewed as inherently contradictory.
>
> I think they are inherently contradictory. How a service is *sold* should
not determine liability. If this were the case and we applied the proposed
definitions to consumer products, untold numbers of tort cases would be
summarily thrown out. Cigarette, toy, and asbestos manufacturers could
properly claim, "I don't know the buyer therefor I have no liability".
>
> Other than to satisfy, the current purveyors of these fine services, I
can't see any reason to develop a complex set of definitions and liability
flows. Together these give attorneys and courts ample room to for truck
driving.
>
>
> Seth
>
>
> From: Susan Kawaguchi [mailto:susank@fb.com<mailto:susank@fb.com>]
> Sent: Wednesday, November 30, 2011 1:29 PM
> To: Kathy Kleiman; Seth M Reiss
> Cc:
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org<mailto:rt4-whois@icann.org>><mailto:rt4-whois@icann.org<mailto:rt4-whois@icann.org>>
> Subject: RE: [Rt4-whois] streamlined proxy recommendation language
>
> HI Seth,
>
> I am going to respond to you out of order
> In all our discussions, I have still not heard a persuasive argument why a
proxy service industry that can shield itself from liability is necessary or
good or appropriate. I agree with you but it is what is. The situation
arose over 10 years ago and I do not think that advocating to do away with
proxy services is going to be well received by the ICANN community. Also
to date, there has been very few examples of a proxy service being held
liable.
>
> We need proxy services but we need responsive proxy services many of the
providers are acting responsibly it is the bad actors that I would like to
change their behavior.
>
> Once you introduce definitions concerning affiliates, retail services and
different flavors of proxy services, the cheap ones with flimsy
relationships, and the expensive ones with fiduciary type relationships, it
will appear to the court that you do not really mean what you saying in
bullet number 6. This will confuse the courts (and the public) and the
registrant proxy services is more likely to be able to weasel out of being
held liable.
>
> I am not sure that these definitions would be accepted outside of ICANN
and at least we would have a clearer picture of who we are dealing with.
>
> I am not convinced at all that just removing the language from the RAA
would impact the practices of the current proxy services. If you have
another argument let me know I am open to rethinking this but I am not open
to ignoring proxy service providers.
>
> Susan
>
> From:
rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org><mailto:rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>><mailto:rt4-w<mailto:rt4-w>
hois-bounces(a)icann.org<mailto:hois-bounces@icann.org>> [mailto:rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>] On Behalf Of
Kathy Kleiman
> Sent: Wednesday, November 30, 2011 3:15 PM
> To: Seth M Reiss
> Cc:
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org<mailto:rt4-whois@icann.org>><mailto:rt4-whois@icann.org<mailto:rt4-whois@icann.org>>
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> Great comments, Seth. I defer to Susan and James, as the experts on this
material.
> Best,
> Kathy
>
> :
> Thank you Kathy for breaking this out. I have not been good about
reviewing the entire document.
>
> To respond to Peter's question about what would be legally enforceable, I
think if you look at bullet number 6, if this bullet was implemented in a
very clear and unambiguous way, by itself and without some of the other
material being proposal, then I think there would be reasonable expectation
that national courts would hold the registrant proxy service fully
responsible for harm caused by a website hosted at the domain name at issue.
In other words, the Ninth Circuit decision that Susan highlighted would have
been decided differently.
>
> Once you introduce definitions concerning affiliates, retail services and
different flavors of proxy services, the cheap ones with flimsy
relationships, and the expensive ones with fiduciary type relationships, it
will appear to the court that you do not really mean what you saying in
bullet number 6. This will confuse the courts (and the public) and the
registrant proxy services is more likely to be able to weasel out of being
held liable.
>
> The current proposal on the table suggests to me a somewhat more
complicated model whereby the registrant proxy service is fully liable for
the use of the domain name but can shield that liability by adopted and
fully complying the a specific set of reveal and relay processes etc. I
voluntary set of best practices would not do this, but a mandatory set of
provisions to qualify a proxy service for a "safe harbor" would. Such a
safe hard model would in my view be more difficult to implement and is
likely to give rise to a certain amount of uncertainty and inconsistent
outcomes even if prudently implemented. But this also assumes that we need
to have a proxy service in which proxies may shield themselves from
liability. In all our discussions, I have still not heard a persuasive
argument why a proxy service industry that can shield itself from liability
is necessary or good or appropriate.
>
> Seth
>
>
> From:
rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org><mailto:rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>><mailto:rt4-w<mailto:rt4-w>
hois-bounces(a)icann.org<mailto:hois-bounces@icann.org>> [mailto:rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>] On Behalf Of
Kathy Kleiman
> Sent: Wednesday, November 30, 2011 12:24 PM
> To:
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org<mailto:rt4-whois@icann.org>><mailto:rt4-whois@icann.org<mailto:rt4-whois@icann.org>>
> Subject: [Rt4-whois] streamlined proxy recommendation language
>
> Hi All,
> I feel like I am sending altogether too many emails today. Sorry :-)!
Anyway, here's one more. I worked with James, a little, and Susan, more, on
streamlining the Proxy recommendations to look, sound and flow like the
Privacy recommendations. Of course, proxy is voluntary, and privacy is a
requirement, but the rest is fairly close.
>
> They are below and attached. If you like them, we'll send them on to Alice
for inclusion. Note: the definitions went into a footnote which should be
easy to see as it will be quite extensive.
>
> here's the text:
>
> Data Access- Proxy Service
>
> 1. ICANN should facilitate the review of existing practices by
reaching out to proxy providers to create a discussion which sets out
current processes followed by proxy service providers.
>
> 2. Registrars should be required to disclosure their relationship
with any Affiliated Retail proxy service provider to ICANN.
>
> 3. ICANN should develop and manage a set of voluntary best practice
guidelines for appropriate proxy services [footnote 1] consistent with
national laws. These voluntary guidelines should strike an appropriate
balance between stakeholders with competing but legitimate interests. At a
minimum this would include privacy, law enforcement and the industry around
law enforcement.
>
> Such voluntary guidelines may include:
>
> + Proxy services provide full contact details as required by the Whois
>
> + Publication by the proxy service of its process for revealing and
relaying information
>
> + Standardization of reveal and relay processes and timeframes, consistent
with national laws
>
> + Maintenance of a dedicated abuse point of contact for the proxy service
provider
>
> + Due diligence checks on licensee contact information.
>
> 5. ICANN should encourage and incentivize registrars to interact with the
retail service providers that adopt the best practices.
>
> 6. For the avoidance of doubt, the WHOIS Policy, referred to in
Recommendation 1 above, should include an affirmative statement that
clarifies that a proxy means a relationship in which the Registrant is
acting on behalf of another. The WHOIS data is that of the agent, and the
agent alone obtains all rights and assumes all responsibility for the domain
name and its manner of use.
>
> Footnote 1 (all the remaining text)
> As guidance to the Community and as useful background for the Proxy
Service Recommendations, the Review Team provides its working definitions of
proxy service and different types of proxy service providers:
>
> - Proxy Service - a relationship in which the registrant is acting on
behalf of another The WHOIS data is that of the agent and the agent alone
obtains all rights and assumes all responsibility for the domain name and
its manner of use. [KK: is this the definition we are using in other places
in the Report?]
>
> - Affiliated Registrar - another ICANN accredited registrar that operates
under a common controlling interest (2009 Registrar Accreditation Agreement,
Section 1.20)
>
> - Affiliate retail proxy service provider - entity operating under a
common controlling interest of a registrar.
>
> - Retail proxy service provider - proxy service with little or no
knowledge of the entity or individual requesting the service beyond their
ability to pay and their agreement to the general terms and conditions.
>
> - Limited proxy service provider - proxy service for an entity or
individual in which there is an ongoing business relationship bound by a
contract that is specific to the relationship.
>
>
> --- end
> same text attached
> Kathy
>
>
> --
>
>
>
>
>
>
>
> --
>
>
>
>
>
> _______________________________________________
> Rt4-whois mailing list
>
Rt4-whois(a)icann.org<mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org<mailto:Rt4-whois@icann.org>><mailto:Rt4-whois@icann.org<mailto:Rt4-whois@icann.org>>
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
_______________________________________________
Rt4-whois mailing list
Rt4-whois(a)icann.org<mailto:Rt4-whois@icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
-------------------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com<http://www.axway.com>.
-------------------------------------------------------------------------------
_______________________________________________
Rt4-whois mailing list
Rt4-whois(a)icann.org<mailto:Rt4-whois@icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
--
[http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif]
76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
emily(a)emilytaylor.eu<mailto:emily@emilytaylor.eu>
www.etlaw.co.uk<http://www.etlaw.co.uk>
Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713.
1
0
Re: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED]
by Nettlefold, Peter Dec. 1, 2011
by Nettlefold, Peter Dec. 1, 2011
Dec. 1, 2011
Classification: UNCLASSIFIED
Hi Seth,
Thanks very much for taking the pen on this difficult issue.
>From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position.
I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with.
Thanks again.
Peter
----- Original Message -----
From: Seth M Reiss [mailto:seth.reiss@lex-ip.com]
Sent: Thursday, December 01, 2011 02:26 PM
To: 'Smith, Bill' <bill.smith(a)paypal-inc.com>
Cc: rt4-whois(a)icann.org <rt4-whois(a)icann.org>
Subject: Re: [Rt4-whois] streamlined proxy recommendation language
mmm, didn't really want that kind of pressure.
Here's an attempt:
Data Access- Proxy Service
1. The Review Team considers a Proxy Service as a relationship in which
the registrant is acting on behalf of another. The WHOIS data is that of the
agent/proxy service and the agent/proxy service alone obtains all rights and
assumes all responsibility for the domain name and its manner of use.
2. ICANN should clarify that any registrant that may be acting as a
proxy service for another is in all respects still the registrant and, in
ICANN's view, should be held fully responsible for the use of the domain
name including for any and all harm that results from the use of the domain
name.
2. Because of ICANN's position on proxy services to date, which
tolerates the proxy service industry that has arisen and which through RAA
provisions gives recognition and attempts to regulate that industry, has
been used by courts and others to allow proxy services to escape liability
for bad acts of the proxy service customers, ICANN should either delete or
amend those provisions of the RAA that can or have been used to allow proxy
services to escape liability.
3. The Review Team acknowledges that there may be legitimate reasons
for the occasional use of a proxy service, as for example to protect a
valuable trade secret at product launch. At the same time proxy services
should not be viewed or used as a substitute for privacy services that are
designed to shield an individual's personal contact information. The
legitimate use a proxy service would be the exception and not widespread.
4. A proxy service industry willing to accept full risks and liabilities
for the manner in which domain names through its service will be used will
take the necessary precautionary measures, in its relationship with its
customers, such that domain names so registered are unlikely to be misused
and, if misused, a remedy for those victimized will more likely be
available.
I suspect most of you are asleep by now anyway. If not, feel free to
comment or modify or supplement, or in the morning.
Seth
-----Original Message-----
From: Smith, Bill [mailto:bill.smith@paypal-inc.com]
Sent: Wednesday, November 30, 2011 4:34 PM
To: Seth M Reiss
Cc: Kathy Kleiman; rt4-whois(a)icann.org; Susan Kawaguchi
Subject: Re: [Rt4-whois] streamlined proxy recommendation language
Seth,
Any chance you cold take a crack at this? Your writing on the subject seems
on point and I suspect you could say it using fewer words than I.
Bill
On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" <susank(a)fb.com> wrote:
> Hi Bill,
>
> This is a valuable (albeit frustrating) discussion and necessary to make
sure we get this right, I appreciate the argument. I think we all want the
end result but it is getting to that point that may be painful but we knew
this task could be painful when we signed on.
>
> Is there a stronger recommendation that you and Seth could draft that
outlines your view point?
>
> This is all that we said in the recommendations in Dakar
>
> "Remove proxy services from the RAA since the proxy, as an agent, is the
registrant. Expand and ? affirmative sentence"
>
> I cannot live with that what would you propose to strengthen the
recommendation?
>
> At this point, I am not willing to walk away from the best practices
recommendation but I am very willing to continue the discussion and see if
there is a way forward on a recommendation we all agree to.
>
> I am going to eat dinner and walk the dog so will be offline for an hour.
>
> Susan
>
> -----Original Message-----
> From: Smith, Bill [mailto:bill.smith@paypal-inc.com]
> Sent: Wednesday, November 30, 2011 5:19 PM
> To: Susan Kawaguchi
> Cc: Seth M Reiss; Kathy Kleiman; rt4-whois(a)icann.org
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> Susan,
>
> It may not seem like it but I am supportive, very supportive of your
position of to not rely on litigation to solve these types of problems.
Where we disagree is the best approach to avoid the litigation.
>
> I am not suggesting that cigarette-style litigation is the way forward.
Rather, I am concerned that proposal for retail proxy indemnification (if
I've read it right) will result in exactly that situation, some time far in
the future when society and the courts finally realize that allowing
unfettered criminal activity on the Internet is a bad idea. Retail proxies
will happily sell a service to people they don't know as long as they have
no liability.
>
> If instead of no liability, we insist that they have the liability of the
Registrant, since that's what they are, I strongly suspect that counsel for
these services will understand that they now carry at least some risk in
these transactions. Consequently, they will either recommend against them or
insist on some mechanism to mitigate the risk, through insurance or other
mechanisms - perhaps even actually knowing something about their customers.
Any or all of these would involve higher costs hence higher prices making
these services less attractive to criminals, etc.
>
> By the addition of SLAs into contracts, and mandatory consequences, we
provide a means for ICANN to ensure that valid queries, information
requests, corrections, etc. are made in a timely manner. A registrant could
ignore a request knowing that the specific penalty for failing to comply
with such request. With mandatory revocation the consequence of last resort,
we give the community and ICANN the ability to revoke a name (the only thing
of value under our control).
>
> If a proxy is a party to any of these transactions, they act as the
Registrant and must respond either directly or with guidance from the
licensee per the agreement SLAs. Failure to do so results in the same
consequences.
>
> By setting SLAs and consequences appropriately, ICANN can influence the
behavior of Registrants and those that act as proxies for them.
>
> Even if we go with language you an James worked on, and I realize that you
put in a great deal of effort on that, we'll still need something like what
I have outlined because as we discussed in Dakar, anyone can act as a proxy
for a Registrant no matter what ICANN tries to do to prevent it. If the
"best practices" ICANN develops for the retail trade prove too onerous,
proxy providers will simply step outside of the ICANN tent and provide their
services likely failing to adhere to the best practices.
>
> I hope this makes sense.
>
> Bill
>
>
> On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote:
>
> HI Bill,
>
> Thank you for your thoughts I think your statement below is my biggest
pain point.
>
> "I think they are inherently contradictory. How a service is *sold* should
not determine liability. If this were the case and we applied the proposed
definitions to consumer products, untold numbers of tort cases would be
summarily thrown out. Cigarette, toy, and asbestos manufacturers could
properly claim, "I don't know the buyer therefor I have no liability"."
>
> All of the cases you mention above relied on litigation to clarify the
existence of liability and impose that liability on the manufacturer. It
would be overwhelming and burdensome to rely on litigation to fix this
problem especially when it involves global entities as proxy service
providers. I think we have the opportunity to incentivize the registrars to
help with the problem.
>
> If I or LE are forced to rely on litigation of any sort of court order to
get information on the licensee of a domain name to pursue a provider of
counterfeit drugs, for example, this would take years for each domain name
involved.
>
> If we take a very extreme step and recommend that proxy services are not
allowed in the gTlds (as .US has done) how would that ever be enforced?
Proxy registrations provide a vital service for many in the domain name
space.
>
> Susan
>
> -----Original Message-----
> From: Smith, Bill [mailto:bill.smith@paypal-inc.com]
> Sent: Wednesday, November 30, 2011 4:20 PM
> To: Seth M Reiss
> Cc: Susan Kawaguchi; Kathy Kleiman;
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> See below:
>
> On Nov 30, 2011, at 4:03 PM, "Seth M Reiss"
<seth.reiss(a)lex-ip.com<mailto:seth.reiss@lex-ip.com><mailto:seth.reiss@lex-i
p.com>> wrote:
>
> I am not advocating ignoring proxy services simply clarifying their role
and liability as registrant. I suspect we are very closely aligned
regarding outcome, just not how to reach there.
>
> I guess I'm advocating that we get as close to ignoring them as we can.
Recognizing them, even in the limited way the current RAA does gave the
Ninth Circuit everything it need to make its liability absolving decision.
>
> While the community may not be inclined to receive a proposal to "ignore
proxy services" with open arms, I hope they would consider it if we present
it as in the public interest.
>
>
> I think we disagree regarding whether we need to tolerate an industry
simply because it exists and has for a time. ICANN did not tolerate domain
name tasting, although it acted relatively quickly there and has not here.
>
> I believe it to be a dangerous proposition to say that we need to
accommodate existing practices simply because ICANN has allowed them to
exist for a period of time, although I think it's an unfortunately
circumstance. If you apply this line of reasoning broadly, you effectively
allow the industry to restrict what ICANN can and cannot do.
>
> If we make this assumption generally, our report would be very short. Yes
there are problems with WHOIS. However, it has existed in this manner for
too long and therefor it cannot be changed.
>
>
> I would like to find a middle ground. I am not one for asking people to
think differently. I just don't see how holding stating a proxy should be
held fully responsible, and then at the same time having retail proxy
services definitions and a voluntary best practices policy, will not be
viewed as inherently contradictory.
>
> I think they are inherently contradictory. How a service is *sold* should
not determine liability. If this were the case and we applied the proposed
definitions to consumer products, untold numbers of tort cases would be
summarily thrown out. Cigarette, toy, and asbestos manufacturers could
properly claim, "I don't know the buyer therefor I have no liability".
>
> Other than to satisfy, the current purveyors of these fine services, I
can't see any reason to develop a complex set of definitions and liability
flows. Together these give attorneys and courts ample room to for truck
driving.
>
>
> Seth
>
>
> From: Susan Kawaguchi [mailto:susank@fb.com]
> Sent: Wednesday, November 30, 2011 1:29 PM
> To: Kathy Kleiman; Seth M Reiss
> Cc:
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org>
> Subject: RE: [Rt4-whois] streamlined proxy recommendation language
>
> HI Seth,
>
> I am going to respond to you out of order
> In all our discussions, I have still not heard a persuasive argument why a
proxy service industry that can shield itself from liability is necessary or
good or appropriate. I agree with you but it is what is. The situation
arose over 10 years ago and I do not think that advocating to do away with
proxy services is going to be well received by the ICANN community. Also
to date, there has been very few examples of a proxy service being held
liable.
>
> We need proxy services but we need responsive proxy services many of the
providers are acting responsibly it is the bad actors that I would like to
change their behavior.
>
> Once you introduce definitions concerning affiliates, retail services and
different flavors of proxy services, the cheap ones with flimsy
relationships, and the expensive ones with fiduciary type relationships, it
will appear to the court that you do not really mean what you saying in
bullet number 6. This will confuse the courts (and the public) and the
registrant proxy services is more likely to be able to weasel out of being
held liable.
>
> I am not sure that these definitions would be accepted outside of ICANN
and at least we would have a clearer picture of who we are dealing with.
>
> I am not convinced at all that just removing the language from the RAA
would impact the practices of the current proxy services. If you have
another argument let me know I am open to rethinking this but I am not open
to ignoring proxy service providers.
>
> Susan
>
> From:
rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org><mailto:rt4-w
hois-bounces(a)icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of
Kathy Kleiman
> Sent: Wednesday, November 30, 2011 3:15 PM
> To: Seth M Reiss
> Cc:
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org>
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> Great comments, Seth. I defer to Susan and James, as the experts on this
material.
> Best,
> Kathy
>
> :
> Thank you Kathy for breaking this out. I have not been good about
reviewing the entire document.
>
> To respond to Peter's question about what would be legally enforceable, I
think if you look at bullet number 6, if this bullet was implemented in a
very clear and unambiguous way, by itself and without some of the other
material being proposal, then I think there would be reasonable expectation
that national courts would hold the registrant proxy service fully
responsible for harm caused by a website hosted at the domain name at issue.
In other words, the Ninth Circuit decision that Susan highlighted would have
been decided differently.
>
> Once you introduce definitions concerning affiliates, retail services and
different flavors of proxy services, the cheap ones with flimsy
relationships, and the expensive ones with fiduciary type relationships, it
will appear to the court that you do not really mean what you saying in
bullet number 6. This will confuse the courts (and the public) and the
registrant proxy services is more likely to be able to weasel out of being
held liable.
>
> The current proposal on the table suggests to me a somewhat more
complicated model whereby the registrant proxy service is fully liable for
the use of the domain name but can shield that liability by adopted and
fully complying the a specific set of reveal and relay processes etc. I
voluntary set of best practices would not do this, but a mandatory set of
provisions to qualify a proxy service for a "safe harbor" would. Such a
safe hard model would in my view be more difficult to implement and is
likely to give rise to a certain amount of uncertainty and inconsistent
outcomes even if prudently implemented. But this also assumes that we need
to have a proxy service in which proxies may shield themselves from
liability. In all our discussions, I have still not heard a persuasive
argument why a proxy service industry that can shield itself from liability
is necessary or good or appropriate.
>
> Seth
>
>
> From:
rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org><mailto:rt4-w
hois-bounces(a)icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of
Kathy Kleiman
> Sent: Wednesday, November 30, 2011 12:24 PM
> To:
rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org>
> Subject: [Rt4-whois] streamlined proxy recommendation language
>
> Hi All,
> I feel like I am sending altogether too many emails today. Sorry :-)!
Anyway, here's one more. I worked with James, a little, and Susan, more, on
streamlining the Proxy recommendations to look, sound and flow like the
Privacy recommendations. Of course, proxy is voluntary, and privacy is a
requirement, but the rest is fairly close.
>
> They are below and attached. If you like them, we'll send them on to Alice
for inclusion. Note: the definitions went into a footnote which should be
easy to see as it will be quite extensive.
>
> here's the text:
>
> Data Access- Proxy Service
>
> 1. ICANN should facilitate the review of existing practices by
reaching out to proxy providers to create a discussion which sets out
current processes followed by proxy service providers.
>
> 2. Registrars should be required to disclosure their relationship
with any Affiliated Retail proxy service provider to ICANN.
>
> 3. ICANN should develop and manage a set of voluntary best practice
guidelines for appropriate proxy services [footnote 1] consistent with
national laws. These voluntary guidelines should strike an appropriate
balance between stakeholders with competing but legitimate interests. At a
minimum this would include privacy, law enforcement and the industry around
law enforcement.
>
> Such voluntary guidelines may include:
>
> + Proxy services provide full contact details as required by the Whois
>
> + Publication by the proxy service of its process for revealing and
relaying information
>
> + Standardization of reveal and relay processes and timeframes, consistent
with national laws
>
> + Maintenance of a dedicated abuse point of contact for the proxy service
provider
>
> + Due diligence checks on licensee contact information.
>
> 5. ICANN should encourage and incentivize registrars to interact with the
retail service providers that adopt the best practices.
>
> 6. For the avoidance of doubt, the WHOIS Policy, referred to in
Recommendation 1 above, should include an affirmative statement that
clarifies that a proxy means a relationship in which the Registrant is
acting on behalf of another. The WHOIS data is that of the agent, and the
agent alone obtains all rights and assumes all responsibility for the domain
name and its manner of use.
>
> Footnote 1 (all the remaining text)
> As guidance to the Community and as useful background for the Proxy
Service Recommendations, the Review Team provides its working definitions of
proxy service and different types of proxy service providers:
>
> - Proxy Service - a relationship in which the registrant is acting on
behalf of another The WHOIS data is that of the agent and the agent alone
obtains all rights and assumes all responsibility for the domain name and
its manner of use. [KK: is this the definition we are using in other places
in the Report?]
>
> - Affiliated Registrar - another ICANN accredited registrar that operates
under a common controlling interest (2009 Registrar Accreditation Agreement,
Section 1.20)
>
> - Affiliate retail proxy service provider - entity operating under a
common controlling interest of a registrar.
>
> - Retail proxy service provider - proxy service with little or no
knowledge of the entity or individual requesting the service beyond their
ability to pay and their agreement to the general terms and conditions.
>
> - Limited proxy service provider - proxy service for an entity or
individual in which there is an ongoing business relationship bound by a
contract that is specific to the relationship.
>
>
> --- end
> same text attached
> Kathy
>
>
> --
>
>
>
>
>
>
>
> --
>
>
>
>
>
> _______________________________________________
> Rt4-whois mailing list
>
Rt4-whois(a)icann.org<mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org>
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
_______________________________________________
Rt4-whois mailing list
Rt4-whois(a)icann.org
https://mm.icann.org/mailman/listinfo/rt4-whois
-------------------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com.
-------------------------------------------------------------------------------
3
6
Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED]
by Emily Taylor Dec. 1, 2011
by Emily Taylor Dec. 1, 2011
Dec. 1, 2011
Hi
I've now read the e-mail thread, and understand what we're doing.
Substituting for 6, in order to prevent internal contradictions, yes?
On 1 December 2011 03:33, Nettlefold, Peter
<Peter.Nettlefold(a)dbcde.gov.au>wrote:
> Classification: UNCLASSIFIED
>
> Hi Seth,
>
> Thanks very much for taking the pen on this difficult issue.
>
> >From my perspective, this is a very good attempt to articulate findings
> and recommendations, and I am happy to work with this position.
>
> I will wait to hear from others before diving into detail too much, to get
> a sense if this is an approach we can work with.
>
> Thanks again.
>
> Peter
>
> ----- Original Message -----
> From: Seth M Reiss [mailto:seth.reiss@lex-ip.com]
> Sent: Thursday, December 01, 2011 02:26 PM
> To: 'Smith, Bill' <bill.smith(a)paypal-inc.com>
> Cc: rt4-whois(a)icann.org <rt4-whois(a)icann.org>
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> mmm, didn't really want that kind of pressure.
>
> Here's an attempt:
>
> Data Access- Proxy Service
>
> 1. The Review Team considers a Proxy Service as a relationship in
> which
> the registrant is acting on behalf of another. The WHOIS data is that of
> the
> agent/proxy service and the agent/proxy service alone obtains all rights
> and
> assumes all responsibility for the domain name and its manner of use.
> 2. ICANN should clarify that any registrant that may be acting as a
> proxy service for another is in all respects still the registrant and, in
> ICANN's view, should be held fully responsible for the use of the domain
> name including for any and all harm that results from the use of the domain
> name.
> 2. Because of ICANN's position on proxy services to date, which
> tolerates the proxy service industry that has arisen and which through RAA
> provisions gives recognition and attempts to regulate that industry, has
> been used by courts and others to allow proxy services to escape liability
> for bad acts of the proxy service customers, ICANN should either delete or
> amend those provisions of the RAA that can or have been used to allow proxy
> services to escape liability.
> 3. The Review Team acknowledges that there may be legitimate reasons
> for the occasional use of a proxy service, as for example to protect a
> valuable trade secret at product launch. At the same time proxy services
> should not be viewed or used as a substitute for privacy services that are
> designed to shield an individual's personal contact information. The
> legitimate use a proxy service would be the exception and not widespread.
> 4. A proxy service industry willing to accept full risks and liabilities
> for the manner in which domain names through its service will be used will
> take the necessary precautionary measures, in its relationship with its
> customers, such that domain names so registered are unlikely to be misused
> and, if misused, a remedy for those victimized will more likely be
> available.
>
> I suspect most of you are asleep by now anyway. If not, feel free to
> comment or modify or supplement, or in the morning.
>
> Seth
>
>
> -----Original Message-----
> From: Smith, Bill [mailto:bill.smith@paypal-inc.com]
> Sent: Wednesday, November 30, 2011 4:34 PM
> To: Seth M Reiss
> Cc: Kathy Kleiman; rt4-whois(a)icann.org; Susan Kawaguchi
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> Seth,
>
> Any chance you cold take a crack at this? Your writing on the subject seems
> on point and I suspect you could say it using fewer words than I.
>
> Bill
>
> On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" <susank(a)fb.com> wrote:
>
> > Hi Bill,
> >
> > This is a valuable (albeit frustrating) discussion and necessary to make
> sure we get this right, I appreciate the argument. I think we all want the
> end result but it is getting to that point that may be painful but we knew
> this task could be painful when we signed on.
> >
> > Is there a stronger recommendation that you and Seth could draft that
> outlines your view point?
> >
> > This is all that we said in the recommendations in Dakar
> >
> > "Remove proxy services from the RAA since the proxy, as an agent, is the
> registrant. Expand and ? affirmative sentence"
> >
> > I cannot live with that what would you propose to strengthen the
> recommendation?
> >
> > At this point, I am not willing to walk away from the best practices
> recommendation but I am very willing to continue the discussion and see if
> there is a way forward on a recommendation we all agree to.
> >
> > I am going to eat dinner and walk the dog so will be offline for an hour.
> >
> > Susan
> >
> > -----Original Message-----
> > From: Smith, Bill [mailto:bill.smith@paypal-inc.com]
> > Sent: Wednesday, November 30, 2011 5:19 PM
> > To: Susan Kawaguchi
> > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois(a)icann.org
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > Susan,
> >
> > It may not seem like it but I am supportive, very supportive of your
> position of to not rely on litigation to solve these types of problems.
> Where we disagree is the best approach to avoid the litigation.
> >
> > I am not suggesting that cigarette-style litigation is the way forward.
> Rather, I am concerned that proposal for retail proxy indemnification (if
> I've read it right) will result in exactly that situation, some time far in
> the future when society and the courts finally realize that allowing
> unfettered criminal activity on the Internet is a bad idea. Retail proxies
> will happily sell a service to people they don't know as long as they have
> no liability.
> >
> > If instead of no liability, we insist that they have the liability of the
> Registrant, since that's what they are, I strongly suspect that counsel for
> these services will understand that they now carry at least some risk in
> these transactions. Consequently, they will either recommend against them
> or
> insist on some mechanism to mitigate the risk, through insurance or other
> mechanisms - perhaps even actually knowing something about their customers.
> Any or all of these would involve higher costs hence higher prices making
> these services less attractive to criminals, etc.
> >
> > By the addition of SLAs into contracts, and mandatory consequences, we
> provide a means for ICANN to ensure that valid queries, information
> requests, corrections, etc. are made in a timely manner. A registrant could
> ignore a request knowing that the specific penalty for failing to comply
> with such request. With mandatory revocation the consequence of last
> resort,
> we give the community and ICANN the ability to revoke a name (the only
> thing
> of value under our control).
> >
> > If a proxy is a party to any of these transactions, they act as the
> Registrant and must respond either directly or with guidance from the
> licensee per the agreement SLAs. Failure to do so results in the same
> consequences.
> >
> > By setting SLAs and consequences appropriately, ICANN can influence the
> behavior of Registrants and those that act as proxies for them.
> >
> > Even if we go with language you an James worked on, and I realize that
> you
> put in a great deal of effort on that, we'll still need something like what
> I have outlined because as we discussed in Dakar, anyone can act as a proxy
> for a Registrant no matter what ICANN tries to do to prevent it. If the
> "best practices" ICANN develops for the retail trade prove too onerous,
> proxy providers will simply step outside of the ICANN tent and provide
> their
> services likely failing to adhere to the best practices.
> >
> > I hope this makes sense.
> >
> > Bill
> >
> >
> > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote:
> >
> > HI Bill,
> >
> > Thank you for your thoughts I think your statement below is my biggest
> pain point.
> >
> > "I think they are inherently contradictory. How a service is *sold*
> should
> not determine liability. If this were the case and we applied the proposed
> definitions to consumer products, untold numbers of tort cases would be
> summarily thrown out. Cigarette, toy, and asbestos manufacturers could
> properly claim, "I don't know the buyer therefor I have no liability"."
> >
> > All of the cases you mention above relied on litigation to clarify the
> existence of liability and impose that liability on the manufacturer. It
> would be overwhelming and burdensome to rely on litigation to fix this
> problem especially when it involves global entities as proxy service
> providers. I think we have the opportunity to incentivize the registrars
> to
> help with the problem.
> >
> > If I or LE are forced to rely on litigation of any sort of court order to
> get information on the licensee of a domain name to pursue a provider of
> counterfeit drugs, for example, this would take years for each domain name
> involved.
> >
> > If we take a very extreme step and recommend that proxy services are not
> allowed in the gTlds (as .US has done) how would that ever be enforced?
> Proxy registrations provide a vital service for many in the domain name
> space.
> >
> > Susan
> >
> > -----Original Message-----
> > From: Smith, Bill [mailto:bill.smith@paypal-inc.com]
> > Sent: Wednesday, November 30, 2011 4:20 PM
> > To: Seth M Reiss
> > Cc: Susan Kawaguchi; Kathy Kleiman;
> rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > See below:
> >
> > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss"
> <seth.reiss(a)lex-ip.com<mailto:seth.reiss@lex-ip.com><mailto:
> seth.reiss@lex-i
> p.com>> wrote:
> >
> > I am not advocating ignoring proxy services simply clarifying their role
> and liability as registrant. I suspect we are very closely aligned
> regarding outcome, just not how to reach there.
> >
> > I guess I'm advocating that we get as close to ignoring them as we can.
> Recognizing them, even in the limited way the current RAA does gave the
> Ninth Circuit everything it need to make its liability absolving decision.
> >
> > While the community may not be inclined to receive a proposal to "ignore
> proxy services" with open arms, I hope they would consider it if we present
> it as in the public interest.
> >
> >
> > I think we disagree regarding whether we need to tolerate an industry
> simply because it exists and has for a time. ICANN did not tolerate domain
> name tasting, although it acted relatively quickly there and has not here.
> >
> > I believe it to be a dangerous proposition to say that we need to
> accommodate existing practices simply because ICANN has allowed them to
> exist for a period of time, although I think it's an unfortunately
> circumstance. If you apply this line of reasoning broadly, you effectively
> allow the industry to restrict what ICANN can and cannot do.
> >
> > If we make this assumption generally, our report would be very short. Yes
> there are problems with WHOIS. However, it has existed in this manner for
> too long and therefor it cannot be changed.
> >
> >
> > I would like to find a middle ground. I am not one for asking people to
> think differently. I just don't see how holding stating a proxy should be
> held fully responsible, and then at the same time having retail proxy
> services definitions and a voluntary best practices policy, will not be
> viewed as inherently contradictory.
> >
> > I think they are inherently contradictory. How a service is *sold* should
> not determine liability. If this were the case and we applied the proposed
> definitions to consumer products, untold numbers of tort cases would be
> summarily thrown out. Cigarette, toy, and asbestos manufacturers could
> properly claim, "I don't know the buyer therefor I have no liability".
> >
> > Other than to satisfy, the current purveyors of these fine services, I
> can't see any reason to develop a complex set of definitions and liability
> flows. Together these give attorneys and courts ample room to for truck
> driving.
> >
> >
> > Seth
> >
> >
> > From: Susan Kawaguchi [mailto:susank@fb.com]
> > Sent: Wednesday, November 30, 2011 1:29 PM
> > To: Kathy Kleiman; Seth M Reiss
> > Cc:
> rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org
> >
> > Subject: RE: [Rt4-whois] streamlined proxy recommendation language
> >
> > HI Seth,
> >
> > I am going to respond to you out of order
> > In all our discussions, I have still not heard a persuasive argument why
> a
> proxy service industry that can shield itself from liability is necessary
> or
> good or appropriate. I agree with you but it is what is. The situation
> arose over 10 years ago and I do not think that advocating to do away with
> proxy services is going to be well received by the ICANN community. Also
> to date, there has been very few examples of a proxy service being held
> liable.
> >
> > We need proxy services but we need responsive proxy services many of the
> providers are acting responsibly it is the bad actors that I would like to
> change their behavior.
> >
> > Once you introduce definitions concerning affiliates, retail services and
> different flavors of proxy services, the cheap ones with flimsy
> relationships, and the expensive ones with fiduciary type relationships, it
> will appear to the court that you do not really mean what you saying in
> bullet number 6. This will confuse the courts (and the public) and the
> registrant proxy services is more likely to be able to weasel out of being
> held liable.
> >
> > I am not sure that these definitions would be accepted outside of ICANN
> and at least we would have a clearer picture of who we are dealing with.
> >
> > I am not convinced at all that just removing the language from the RAA
> would impact the practices of the current proxy services. If you have
> another argument let me know I am open to rethinking this but I am not open
> to ignoring proxy service providers.
> >
> > Susan
> >
> > From:
> rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org><mailto:
> rt4-w
> hois-bounces(a)icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of
> Kathy Kleiman
> > Sent: Wednesday, November 30, 2011 3:15 PM
> > To: Seth M Reiss
> > Cc:
> rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org
> >
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > Great comments, Seth. I defer to Susan and James, as the experts on this
> material.
> > Best,
> > Kathy
> >
> > :
> > Thank you Kathy for breaking this out. I have not been good about
> reviewing the entire document.
> >
> > To respond to Peter's question about what would be legally enforceable, I
> think if you look at bullet number 6, if this bullet was implemented in a
> very clear and unambiguous way, by itself and without some of the other
> material being proposal, then I think there would be reasonable expectation
> that national courts would hold the registrant proxy service fully
> responsible for harm caused by a website hosted at the domain name at
> issue.
> In other words, the Ninth Circuit decision that Susan highlighted would
> have
> been decided differently.
> >
> > Once you introduce definitions concerning affiliates, retail services and
> different flavors of proxy services, the cheap ones with flimsy
> relationships, and the expensive ones with fiduciary type relationships, it
> will appear to the court that you do not really mean what you saying in
> bullet number 6. This will confuse the courts (and the public) and the
> registrant proxy services is more likely to be able to weasel out of being
> held liable.
> >
> > The current proposal on the table suggests to me a somewhat more
> complicated model whereby the registrant proxy service is fully liable for
> the use of the domain name but can shield that liability by adopted and
> fully complying the a specific set of reveal and relay processes etc. I
> voluntary set of best practices would not do this, but a mandatory set of
> provisions to qualify a proxy service for a "safe harbor" would. Such a
> safe hard model would in my view be more difficult to implement and is
> likely to give rise to a certain amount of uncertainty and inconsistent
> outcomes even if prudently implemented. But this also assumes that we need
> to have a proxy service in which proxies may shield themselves from
> liability. In all our discussions, I have still not heard a persuasive
> argument why a proxy service industry that can shield itself from liability
> is necessary or good or appropriate.
> >
> > Seth
> >
> >
> > From:
> rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org><mailto:
> rt4-w
> hois-bounces(a)icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of
> Kathy Kleiman
> > Sent: Wednesday, November 30, 2011 12:24 PM
> > To:
> rt4-whois(a)icann.org<mailto:rt4-whois@icann.org><mailto:rt4-whois@icann.org
> >
> > Subject: [Rt4-whois] streamlined proxy recommendation language
> >
> > Hi All,
> > I feel like I am sending altogether too many emails today. Sorry :-)!
> Anyway, here's one more. I worked with James, a little, and Susan, more,
> on
> streamlining the Proxy recommendations to look, sound and flow like the
> Privacy recommendations. Of course, proxy is voluntary, and privacy is a
> requirement, but the rest is fairly close.
> >
> > They are below and attached. If you like them, we'll send them on to
> Alice
> for inclusion. Note: the definitions went into a footnote which should be
> easy to see as it will be quite extensive.
> >
> > here's the text:
> >
> > Data Access- Proxy Service
> >
> > 1. ICANN should facilitate the review of existing practices by
> reaching out to proxy providers to create a discussion which sets out
> current processes followed by proxy service providers.
> >
> > 2. Registrars should be required to disclosure their relationship
> with any Affiliated Retail proxy service provider to ICANN.
> >
> > 3. ICANN should develop and manage a set of voluntary best practice
> guidelines for appropriate proxy services [footnote 1] consistent with
> national laws. These voluntary guidelines should strike an appropriate
> balance between stakeholders with competing but legitimate interests. At a
> minimum this would include privacy, law enforcement and the industry around
> law enforcement.
> >
> > Such voluntary guidelines may include:
> >
> > + Proxy services provide full contact details as required by the Whois
> >
> > + Publication by the proxy service of its process for revealing and
> relaying information
> >
> > + Standardization of reveal and relay processes and timeframes,
> consistent
> with national laws
> >
> > + Maintenance of a dedicated abuse point of contact for the proxy service
> provider
> >
> > + Due diligence checks on licensee contact information.
> >
> > 5. ICANN should encourage and incentivize registrars to interact with the
> retail service providers that adopt the best practices.
> >
> > 6. For the avoidance of doubt, the WHOIS Policy, referred to in
> Recommendation 1 above, should include an affirmative statement that
> clarifies that a proxy means a relationship in which the Registrant is
> acting on behalf of another. The WHOIS data is that of the agent, and the
> agent alone obtains all rights and assumes all responsibility for the
> domain
> name and its manner of use.
> >
> > Footnote 1 (all the remaining text)
> > As guidance to the Community and as useful background for the Proxy
> Service Recommendations, the Review Team provides its working definitions
> of
> proxy service and different types of proxy service providers:
> >
> > - Proxy Service - a relationship in which the registrant is acting on
> behalf of another The WHOIS data is that of the agent and the agent alone
> obtains all rights and assumes all responsibility for the domain name and
> its manner of use. [KK: is this the definition we are using in other places
> in the Report?]
> >
> > - Affiliated Registrar - another ICANN accredited registrar that operates
> under a common controlling interest (2009 Registrar Accreditation
> Agreement,
> Section 1.20)
> >
> > - Affiliate retail proxy service provider - entity operating under a
> common controlling interest of a registrar.
> >
> > - Retail proxy service provider - proxy service with little or no
> knowledge of the entity or individual requesting the service beyond their
> ability to pay and their agreement to the general terms and conditions.
> >
> > - Limited proxy service provider - proxy service for an entity or
> individual in which there is an ongoing business relationship bound by a
> contract that is specific to the relationship.
> >
> >
> > --- end
> > same text attached
> > Kathy
> >
> >
> > --
> >
> >
> >
> >
> >
> >
> >
> > --
> >
> >
> >
> >
> >
> > _______________________________________________
> > Rt4-whois mailing list
> >
> Rt4-whois(a)icann.org<mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org
> >
> > https://mm.icann.org/mailman/listinfo/rt4-whois
> >
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois(a)icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
>
>
> -------------------------------------------------------------------------------
>
> NOTICE: This email message is for the sole use of the intended recipient(s)
> and may contain confidential and privileged information. Any unauthorized
> review, use, disclosure or distribution is prohibited. If you are not the
> intended recipient, please contact the sender by reply email and destroy
> all
> copies of the original message.
>
> This message has been content scanned by the Axway MailGate.
> MailGate uses policy enforcement to scan for known viruses, spam,
> undesirable content and malicious code. For more information on Axway
> products please visit www.axway.com.
>
>
>
> -------------------------------------------------------------------------------
>
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois(a)icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
--
*
*
76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
emily(a)emilytaylor.eu
*www.etlaw.co.uk*
Emily Taylor Consultancy Limited is a company registered in England and
Wales No. 730471. VAT No. 114487713.
4
4
See below:
On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" <seth.reiss(a)lex-ip.com<mailto:seth.reiss@lex-ip.com>> wrote:
I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there.
I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision.
While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest.
I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here.
I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it’s an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do.
If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed.
I would like to find a middle ground. I am not one for asking people to think differently. I just don’t see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory.
I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability".
Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving.
Seth
From: Susan Kawaguchi [mailto:susank@fb.com]
Sent: Wednesday, November 30, 2011 1:29 PM
To: Kathy Kleiman; Seth M Reiss
Cc: rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
Subject: RE: [Rt4-whois] streamlined proxy recommendation language
HI Seth,
I am going to respond to you out of order
In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable.
We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior.
Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable.
I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with.
I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers.
Susan
From: rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Wednesday, November 30, 2011 3:15 PM
To: Seth M Reiss
Cc: rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
Subject: Re: [Rt4-whois] streamlined proxy recommendation language
Great comments, Seth. I defer to Susan and James, as the experts on this material.
Best,
Kathy
:
Thank you Kathy for breaking this out. I have not been good about reviewing the entire document.
To respond to Peter’s question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently.
Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable.
The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a “safe harbor” would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate.
Seth
From: rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Wednesday, November 30, 2011 12:24 PM
To: rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
Subject: [Rt4-whois] streamlined proxy recommendation language
Hi All,
I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close.
They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive.
here's the text:
Data Access- Proxy Service
1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers.
2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN.
3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement.
Such voluntary guidelines may include:
+ Proxy services provide full contact details as required by the Whois
+ Publication by the proxy service of its process for revealing and relaying information
+ Standardization of reveal and relay processes and timeframes, consistent with national laws
+ Maintenance of a dedicated abuse point of contact for the proxy service provider
+ Due diligence checks on licensee contact information.
5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices.
6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use.
Footnote 1 (all the remaining text)
As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers:
- Proxy Service – a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?]
- Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20)
- Affiliate retail proxy service provider – entity operating under a common controlling interest of a registrar.
- Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions.
- Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship.
--- end
same text attached
Kathy
--
--
_______________________________________________
Rt4-whois mailing list
Rt4-whois(a)icann.org<mailto:Rt4-whois@icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
3
6
Dear Review Team Members,
My sincerest apologies for the confusion earlier today…
Attached you will find the latest version of the master document. Also available on the wiki: https://community.icann.org/display/whoisreviewprivate/Draft+report
Please read the report very carefully, in particular the last three chapters which are "fairly new". Your feedback, final language and edits are more than welcome!
For your convenience, I have enclosed the table of contents (see below).
Any major amendments should be emailed to the list for Review Team discussion. Typos and minor edits on the hand, should be emailed to me.
Please do not hesitate to contact me should you have questions or concerns.
Many thanks in advance.
Kind regards
Very best regards
Alice
Table of Contents
Chapter 1: Executive Summary 10
Chapter 2: The WHOIS Review Team, Scope of Work & Key Definitions 12
Chapter 3: The Complex History of WHOIS Policy17
Chapter 4: An Evaluation of ICANN’s Efforts to Monitor and Enforce its Policies “Compliance Efforts”32
Chapter 5: Internationalization Registrant Data and the Difficult Problem of WHOIS Translation36
Chapter 6: Understanding the Needs of Stakeholders41
Chapter 7: Gap Analysis72
Chapter 8: Recommendations78
--
Alice Jansen
Assistant, Organizational Reviews
6 Rond Point Schuman, Bt.5
B-1040 Brussels
Belgium
Direct dial: +32 2 234 78 64
Mobile: +32 4 73 31 76 56
Skype: alice_jansen_icann
2
1
Hi All,
Tx for the many comments about the "centralized database" recommendation
(now #14). I have worked with Michael and Omar on it, and would like to
propose the following, narrower, recommendation:
===> Rec 14: To improve access to the WHOIS data of .COM and .NET
gTLDs, the only remaining Thin Registries, ICANN should set up a
dedicated, multilingual interface website to provide thick Whois data
for them.
Here's the original text.
===> 14. To make WHOIS data more accessible for consumers, ICANN should set
up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names.
Best,
Kathy
--
6
9
Dec. 1, 2011
I guess the key to me in clarifying the role of a proxy provider and liability as a registrant is where and what contract would we clarify and what mechanism do we have to hold them liable?
From: Seth M Reiss [mailto:seth.reiss@lex-ip.com]
Sent: Wednesday, November 30, 2011 4:03 PM
To: Susan Kawaguchi; 'Kathy Kleiman'
Cc: rt4-whois(a)icann.org
Subject: RE: [Rt4-whois] streamlined proxy recommendation language
I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there.
I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here.
I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do.
I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory.
Seth
From: Susan Kawaguchi [mailto:susank@fb.com]
Sent: Wednesday, November 30, 2011 1:29 PM
To: Kathy Kleiman; Seth M Reiss
Cc: rt4-whois(a)icann.org
Subject: RE: [Rt4-whois] streamlined proxy recommendation language
HI Seth,
I am going to respond to you out of order
In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable.
We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior.
Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable.
I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with.
I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers.
Susan
From: rt4-whois-bounces(a)icann.org [mailto:rt4-whois-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Wednesday, November 30, 2011 3:15 PM
To: Seth M Reiss
Cc: rt4-whois(a)icann.org
Subject: Re: [Rt4-whois] streamlined proxy recommendation language
Great comments, Seth. I defer to Susan and James, as the experts on this material.
Best,
Kathy
:
Thank you Kathy for breaking this out. I have not been good about reviewing the entire document.
To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently.
Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable.
The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate.
Seth
From: rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Wednesday, November 30, 2011 12:24 PM
To: rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
Subject: [Rt4-whois] streamlined proxy recommendation language
Hi All,
I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close.
They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive.
here's the text:
Data Access- Proxy Service
1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers.
2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN.
3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement.
Such voluntary guidelines may include:
+ Proxy services provide full contact details as required by the Whois
+ Publication by the proxy service of its process for revealing and relaying information
+ Standardization of reveal and relay processes and timeframes, consistent with national laws
+ Maintenance of a dedicated abuse point of contact for the proxy service provider
+ Due diligence checks on licensee contact information.
5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices.
6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use.
Footnote 1 (all the remaining text)
As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers:
- Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?]
- Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20)
- Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar.
- Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions.
- Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship.
--- end
same text attached
Kathy
--
--
2
1
Well-said Seth.
To the list...
I don't believe that a liability-shielding proxy system is in the public interest. It is certainly in the interest of the service provider but I see no benefit to the licensee or to the public.
The proxy, sitting as it does between the licensee and those referencing the Domain Name (the public), chooses how and/or when to pass information. Presumably these determinations are made according to some agreement between the proxy and licensee. ICANN has no and should not have any interest in the terms on these agreements. It, and the public, are not a party to them.
ICANN does have a direct contractual relationship with Registrars and Registries and indirectly, through Registrars to Registrants; by specifying terms that must appear in any Registrant agreement. It is through these contracts that ICANN can and does control the entries in the Domain Name System and it is through these contracts that ICANN could influence the behavior of proxy services, even without specifically mentioning them.
If we stick to the model we labored over in Dakar, Registrants are Registrants. Registrants may choose to shield certain bits of PII through a privacy service. This information can be revealed where and when appropriate (I don't recall the specific language we adopted.) Privacy services might need to be recognized or certified.
SLAs can be inserted into Registrant (and other) agreements indicating acceptable response times to certain specific requests. Failure to honor the SLAs results in consequences of increasing severity up to and including *mandatory* revocation (or decertification).
Proxies then become Registrants and have all the rights and responsibilities of a Registrant. Should a proxy wish to limit its liability, it does so by separate contract with its licensees. Failure by a proxy, or a licensee through a proxy, to honor the SLAs of the Registrant agreement results in the "standard" consequences, including mandatory revocation of the registered name.
This is a system that would work, would avoid the pitfalls of the current ad hoc mechanisms, and would provide less maneuvering room for legal opinion. Liability would flow according to contract rather than to the least contractually protected entities, registrants and the public, as is current practice.
On Nov 30, 2011, at 3:09 PM, "Seth M Reiss" <seth.reiss(a)lex-ip.com<mailto:seth.reiss@lex-ip.com>> wrote:
Thank you Kathy for breaking this out. I have not been good about reviewing the entire document.
To respond to Peter’s question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently.
Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable.
The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a “safe harbor” would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate.
Seth
From: rt4-whois-bounces(a)icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Wednesday, November 30, 2011 12:24 PM
To: rt4-whois(a)icann.org<mailto:rt4-whois@icann.org>
Subject: [Rt4-whois] streamlined proxy recommendation language
Hi All,
I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close.
They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive.
here's the text:
Data Access- Proxy Service
1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers.
2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN.
3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement.
Such voluntary guidelines may include:
+ Proxy services provide full contact details as required by the Whois
+ Publication by the proxy service of its process for revealing and relaying information
+ Standardization of reveal and relay processes and timeframes, consistent with national laws
+ Maintenance of a dedicated abuse point of contact for the proxy service provider
+ Due diligence checks on licensee contact information.
5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices.
6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use.
Footnote 1 (all the remaining text)
As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers:
- Proxy Service – a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?]
- Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20)
- Affiliate retail proxy service provider – entity operating under a common controlling interest of a registrar.
- Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions.
- Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship.
--- end
same text attached
Kathy
--
_______________________________________________
Rt4-whois mailing list
Rt4-whois(a)icann.org<mailto:Rt4-whois@icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
1
0