ICANN should develop these processes in consultation with all interested stakeholders.
This work should take note of the studies of existing practices used by proxy/privacy service providers now taking place within the GNSO.
The Review Team considers that one possible approach to achieving this would be to establish, through the appropriate means, an accreditation system for all proxy/privacy service providers. As part of this process, ICANN should consider the merits (if any) of establishing or maintaining a distinction between privacy and proxy services.
The goal of this process should be to provide clear, consistent and enforceable requirements for the operation of these services consistent with national laws, and to strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum, this would include privacy, data protection, law enforcement, the industry around law enforcement and the human rights community.
ICANN could, for example, use a mix of incentives and graduated sanctions to encourage proxy/privacy service providers to become accredited, and to ensure that registrars do not knowingly accept registrations from unaccredited providers.
ICANN could develop a graduated and enforceable series of penalties for proxy/privacy service providers who violate the requirements, with a clear path to de-accreditation for repeat, serial or otherwise serious breaches.
In considering the process to regulate and oversee privacy/proxy service providers, consideration should be given to the following objectives:
• Clearly labeling WHOIS entries to indicate that registrations have been made by a privacy or proxy service;
• Providing full WHOIS contact details for the privacy/proxy service provider, which are contactable and responsive;
• Adopting agreed standardized relay and reveal processes and timeframes; (these should be clearly published, and pro-actively advised to potential users of these services so they can make informed choices based on their individual circumstances);
• Registrars should disclose their relationship with any proxy/privacy service provider;
• Maintaining dedicated abuse points of contact for each provider;
• Conducting periodic due diligence checks on customer contact information;
• Maintaining the privacy and integrity of registrations in the event that major problems arise with a privacy/proxy provider;
• Providing clear and unambiguous guidance on the rights and responsibilities of registered name holders, and how those should be managed in the privacy/proxy environment.
Executive Summary
Archived Executive Summaries
- Recommendation 10 (30 September 2016 v1)
- Recommendation 10 (30 June 2016)
- Recommendation 10 (31 March 2016)
- Recommendation 10 (31 December 2015)
- Recommendation 10 (30 September 2015)
- Recommendation 10 (30 June 2015)
