Re: [gnso-acc-sgb] Follow-up regarding ESA proposal forsub-group (b)

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Michael and all sgb members,

  How do we or any registrant know for a certainty that as you
state below, but do not delineate in your proposal that "When we
query the Whois service, it is in direct response to infringing
activity already occurring on or through a specific domain name
that involves our members' content."?

  From my reading and it seems others of ESA's proposal, ESA
is more interested in making private sector actors into some sort
of Whois Sam Spade investigative club.

Michael Warnecke wrote:

> Milton,
>
> We are not applying two different standards (i.e., that all registrants
> are dishonest while all Whois requestors are honest). In both cases, the
> default position is presumed honesty unless circumstances caution
> otherwise.
>
> It is NOT the perspective of ESA or its member companies that all domain
> name registrants are "potential criminals who can be monitored by anyone
> for any reason." When we query the Whois service, it is in direct
> response to infringing activity already occurring on or through a
> specific domain name that involves our members' content. The registrant
> has attracted the scrutiny through how he or she has chosen to use the
> domain name. No one is obligated or required to register a domain name.
> But once someone uses the domain name in a way that infringes IP rights,
> facilitates phishing, etc., any response necessarily involves learning
> more about the registrant.
>
> Access by "anyone for any reason" is not the proposal ESA put forward.
> Our proposal is confined to specific users seeking the data for a
> limited range of purposes over a discrete period of time. And, as I said
> before, we are willing to further tighten the scope of third
> parties/purposes.
>
> We are not depriving registrants of due process, as you suggest. The
> DMCA take-down procedure includes a counter-notification mechanism that
> provides a clear path for the registrant to oppose the removal of
> content.
>
> While it is certainly possible that determined liars could circumvent
> the system, that same risk holds true in a wide variety of commercial
> and private transactions into which people routinely enter.
> Nevertheless, private civil enforcement has worked reasonably well as a
> discipline against widespread abuse in these other contexts and adapting
> it for use here may prove useful.
>
> Regarding your "how would anyone know who is cheating" argument, the
> proposal is not yet in comprehensive form, but we are open to discussing
> further mechanisms that would allow for greater transparency.
>
> Mike
>
> -----Original Message-----
> From: owner-gnso-acc-sgb@xxxxxxxxx [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
> On Behalf Of Milton Mueller
> Sent: Monday, May 21, 2007 11:45 AM
> To: gnso-acc-sgb@xxxxxxxxx; Michael Warnecke
> Subject: Re: [gnso-acc-sgb] Follow-up regarding ESA proposal
> forsub-group (b)
>
> Michael:
> Thanks for the detailed response. Here are some of my reactions:
>
> >>> "Michael Warnecke" <mwarnecke@xxxxxxxxxx> 5/21/2007 10:59 AM >>>
> >our proposal includes a meaningful enforcement mechanism: a complaint
>
> >procedure that would permit a third party to challenge the
> subscriber's
> >continued access if that party can demonstrate that the subscriber
> either
> >materially misrepresented the purpose of its access or grossly abused
>
> >access privileges.
>
> The problem is that your proposal includes no viable mechanism to allow
> third parties to monitor what people are doing with the data. How could
> a data protection authority, a company or an ordinary user know what
> someone else is doing with the data? Abuse would have to be quite gross
> for anyone to notice, and the challenge procedure would allow it to
> continue for weeks or months.
>
> This constitutes a massive shift in what some constituencies think the
> burden of proof should be. Users of whois are considered innocent until
> proven guilty, whereas all domain name registrants are considered
> potential criminals who can be monitored by anyone for any reason. It is
> interesting that you apply two different standards. You think domain
> name registrants who _might_ engage in fraud must be subject to constant
> surveillance and action against them taken so quickly that no due
> process is possible, but you think people using Whois data should be
> able to engage in abuse until someone complains and proves their case.
>
> Don't you think the same standard of equity should apply in both cases?
>

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827