Comment Close Date | Statement Name | Status | Assignee(s) and | Call for Comments | Call for Comments Close | Vote Announcement | Vote Open | Vote Reminder | Vote Close | Date of Submission | Staff Contact and Email | Statement Number |
---|---|---|---|---|---|---|---|---|---|---|---|---|
n/a | Policy Development Process (PDP) on Privacy & Proxy Services Accreditation Issues | ADOPTED12Y, 0N, 0A | Alan Greenberg | 17.04.2014 | 23.04.2014 20:00 UTC | 24.04.2014 00:00 UTC | 24.04.2014 00:00 UTC | 30.04.2014 | 01.05.2014 23:59 UTC | *23.04.2014 22:00 UTC | Glen de Saint Gery gnso.secretariat@gnso.icann.org | AL-ALAC-ST-0414-03-01-EN |
For information about this PC, please click here
FINAL VERSION TO BE SUBMITTED IF RATIFIED
Please click here to download of the copy of the pdf below.
FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC
The ALAC strongly supports amending the Privacy Proxy Specification such that:
- It is applicable to all Privacy and Proxy providers.
- The personal details of the beneficial user are verified in accordance with verification requirements in the 2013 RAA. The process should ensure that, at least when the information is collected, that the proposed beneficial user is a real person/organisation and that the contact details are those of the proposed beneficial user.
- Limits on access to the personal information of the beneficial user must be clear and balance the legitimate privacy requirements of the beneficial user as against the legitimate needs of law enforcement agencies and UDRP providers.
The ALAC further advises that in the case where a beneficial user is revealed during the process of a UDRP, and that UDRP proceeding finds in favour of the registrant and not the entity filing the UDRP, the identity and contact information of the beneficial user must NOT be revealed in any public document resulting from the UDRP.
FIRST DRAFT SUBMITTED
The ALAC strongly supports amending the Privacy Proxy Specification such that:
- It is applicable to all Privacy and Proxy providers.
- The personal details of the beneficial user are verified in accordance with verification requirements in the 2013 RAA. The process should ensure that, at least when the information is collected, that the proposed beneficial user is a real person/organisation and that the contact details are those of the proposed beneficial user.
- Limits on access to the personal information of the beneficial user must be clear and balance the legitimate privacy requirements of the beneficial user as against the legitimate needs of law enforcement agencies and UDRP providers.
One further thought. The current UDRP process requires that the beneficial user be reported in the results of the UDRP, regardless of outcome. This allows a beneficial user to be revealed publicly even if the win the dispute and if the UDRP was filed with the explicit intent of revealing the beneficial user. I would suggest that in the interest of protecting registrants who opt for privacy, we recommend that the PDP WG consider the possibility of the beneficial user not be revealed in the case of a failed UDRP. It is unclear (to me) if this is strictly within the scope of the PDP, but if not, the WG could make a recommendation that this be done when the UDRP is revised (scheduled in the near future).
4 Comments
Holly Raiche
Both Carlton and I are members of the P/P WG, and so won't hold the pen on this. However, for those who have not been following the discussions and are not involved in this WG, a bit of background:
ALAC has, for a very long time, been concerned with the accuracy of Whois data and, particularly, with Whois data sitting behind privacy/proxy services. ALAC welcomed many of the amendments to the RAA in 2013 as they strengthened requirements that would lead to a more accurate Whois data based. Those amendments included a specification for Whois accuracy and a specification for privacy/proxy services - and the WG that is seeking these comments is the WG that is working through the details of what should be required under the privacy/proxy services. What ALAC welcomed in the 2013 changes:
Resellers:
Welcomed expanded definition of Reseller (1.22) to cover any entity that participates in the Registrar’s distribution channel for domain name registrations.
Whois Accuracy – requirement
The requirement for registrar validation/verification of the accuracy of Whois information has been significantly strengthened through the specific requirement (3.7.8) for registrar compliance with the Whois Accuracy Program specification and the specification itself). The missing piece is registrar response to public complaints about inaccurate whois data.
WHOIS ACCURACY PROGRAM SPECIFICATION
Validation of data now must happen within 15 days. Validation must include:
The Specification also says that when a registrant wilfully provides ‘inaccurate or unreliable’ information, or fails to respond for 15 days to registrar inquiries about the accuracy of contact details, the registrar must either suspend or terminate the registration until the registrar has validation of the information.
SPECIFICATION ON PRIVACY AND PROXY REGISTRATIONS
The basic requirements are that privacy/proxy services must only be offered in accordance with the specification, that there must be full disclosure of terms (including circumstances under which information will be revealed and the process followed, having an abuse point of contact available 24/7, and ‘well founded’ must be followed up within 24 hours. The contact details must be held in escrow and allegations of malicious conduct, cybersquatting and other illegal activities must be forwarded within 5 business days.
Working Group Discussions
The issues that have been most discussed (very heatedly at times) include:
The number of charter questions listed above is daunting; most of them raise important issues that deserve significant thought and discussion. However, if ALAC is to have input, my suggestion (wearing a WG hat) is to highlight the issues that have been important to ALAC -
have an accreditation system that means that, somewhere, registrant details are collected, verified, and retained
registrants using p/p services must have their details verified - whether or not they are ever displayed
there must clearly be limits on access to that personal information - which raises important issues law enforcement vs privacy
Rinalia Abdul Rahim
I agree with Holly that at the very least the ALAC needs to respond on the most important aspect of the issue. Here is a simple statement based on Holly's suggestion:
The ALAC strongly believes that there must be a Proxy and Privacy Services Accreditation System that allows for registration information to be collected, verified and retained. Registrants using proxy and privacy services must have their information verified regardless of whether the information is displayed or made public. Limits on access to that information must be made clear by balancing the needs of law enforcement agencies and the privacy needs of the registrants.
Best regards,
Rinalia
Holly Raiche
Suggested final comments.
The ALAC strongly supports amending the Privacy Proxy Specification such that:
Alan Greenberg
Slightly revised:
The ALAC strongly supports amending the Privacy Proxy Specification such that:
One further thought. The current UDRP process requires that the beneficial user be reported in the results of the UDRP, regardless of outcome. This allows a beneficial user to be revealed publicly even if the win the dispute and if the UDRP was filed with the explicit intent of revealing the beneficial user. I would suggest that in the interest of protecting registrants who opt for privacy, we recommend that the PDP WG consider the possibility of the beneficial user not be revealed in the case of a failed UDRP. It is unclear (to me) if this is strictly within the scope of the PDP, but if not, the WG could make a recommendation that this be done when the UDRP is revised (scheduled in the near future).