RE: [gnso-acc-sgb] Follow-up regarding ESA proposal forsub-group (b)
- To: "Milton Mueller" <Mueller@xxxxxxx>, <gnso-acc-sgb@xxxxxxxxx>
- Subject: RE: [gnso-acc-sgb] Follow-up regarding ESA proposal forsub-group (b)
- From: "Michael Warnecke" <mwarnecke@xxxxxxxxxx>
- Date: Tue, 22 May 2007 16:13:37 -0400
We are not applying two different standards (i.e., that all registrants
are dishonest while all Whois requestors are honest). In both cases, the
default position is presumed honesty unless circumstances caution
It is NOT the perspective of ESA or its member companies that all domain
name registrants are "potential criminals who can be monitored by anyone
for any reason." When we query the Whois service, it is in direct
response to infringing activity already occurring on or through a
specific domain name that involves our members' content. The registrant
has attracted the scrutiny through how he or she has chosen to use the
domain name. No one is obligated or required to register a domain name.
But once someone uses the domain name in a way that infringes IP rights,
facilitates phishing, etc., any response necessarily involves learning
more about the registrant.
Access by "anyone for any reason" is not the proposal ESA put forward.
Our proposal is confined to specific users seeking the data for a
limited range of purposes over a discrete period of time. And, as I said
before, we are willing to further tighten the scope of third
We are not depriving registrants of due process, as you suggest. The
DMCA take-down procedure includes a counter-notification mechanism that
provides a clear path for the registrant to oppose the removal of
While it is certainly possible that determined liars could circumvent
the system, that same risk holds true in a wide variety of commercial
and private transactions into which people routinely enter.
Nevertheless, private civil enforcement has worked reasonably well as a
discipline against widespread abuse in these other contexts and adapting
it for use here may prove useful.
Regarding your "how would anyone know who is cheating" argument, the
proposal is not yet in comprehensive form, but we are open to discussing
further mechanisms that would allow for greater transparency.
From: owner-gnso-acc-sgb@xxxxxxxxx [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
On Behalf Of Milton Mueller
Sent: Monday, May 21, 2007 11:45 AM
To: gnso-acc-sgb@xxxxxxxxx; Michael Warnecke
Subject: Re: [gnso-acc-sgb] Follow-up regarding ESA proposal
Thanks for the detailed response. Here are some of my reactions:
>>> "Michael Warnecke" <mwarnecke@xxxxxxxxxx> 5/21/2007 10:59 AM >>>
>our proposal includes a meaningful enforcement mechanism: a complaint
>procedure that would permit a third party to challenge the
>continued access if that party can demonstrate that the subscriber
>materially misrepresented the purpose of its access or grossly abused
The problem is that your proposal includes no viable mechanism to allow
third parties to monitor what people are doing with the data. How could
a data protection authority, a company or an ordinary user know what
someone else is doing with the data? Abuse would have to be quite gross
for anyone to notice, and the challenge procedure would allow it to
continue for weeks or months.
This constitutes a massive shift in what some constituencies think the
burden of proof should be. Users of whois are considered innocent until
proven guilty, whereas all domain name registrants are considered
potential criminals who can be monitored by anyone for any reason. It is
interesting that you apply two different standards. You think domain
name registrants who _might_ engage in fraud must be subject to constant
surveillance and action against them taken so quickly that no due
process is possible, but you think people using Whois data should be
able to engage in abuse until someone complains and proves their case.
Don't you think the same standard of equity should apply in both cases?