ICANN ICANN Email List Archives

[gnso-dow123]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-dow123] Question for Internet Service Provider constituency members regarding customer information

  • To: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
  • Subject: Re: [gnso-dow123] Question for Internet Service Provider constituency members regarding customer information
  • From: sarah.b.deutsch@xxxxxxxxxxx
  • Date: Fri, 4 Mar 2005 08:56:17 -0500




I have written some responses to Bruce's questions from the U.S.
perspective in all caps below.  I'm answering these questions in my
capacity as a copyright and Internet attorney who has dealt with these
issues for many years, and not on behalf of the ISP constituency per se.

Sarah


Sarah B. Deutsch
Vice President & Associate General Counsel
Verizon Communications
Phone: 703-351-3044
Fax:      703-351-3670
sarah.b.deutsch@xxxxxxxxxxx




                                                                                
                                              
                      "Bruce Tonkin"                                            
                                              
                      <Bruce.Tonkin@melbourn        To:       
gnso-dow123@xxxxxxxxxxxxxx                                      
                      eit.com.au>                   cc:                         
                                              
                      Sent by:                      Subject:  [gnso-dow123] 
Question for Internet Service Provider            
                      owner-gnso-dow123@ican         constituency members 
regarding customer information                      
                      n.org                                                     
                                              
                                                                                
                                              
                                                                                
                                              
                      03/04/2005 02:58 AM                                       
                                              
                                                                                
                                              
                                                                                
                                              




Hello All,

I note that the current domain name WHOIS makes public information about
the registrant of a domain name.

With respect to misuse of Internet resources, often domain names are not
involved.

A party trying to track down information about a person infringing on
intellectual property rights or breaking a local law, may only have a
source IP address.

If a party looks up information on the source IP address, they will
typically find that an Internet Service Provider (ISP) is responsible
for that IP address.  In much the same way that a registrar is
responsible for managing a particular domain name record.

My question is do Internet Service Providers ever publish information
about their customers and what IP addresses they use?   (this may be
influenced by the local laws where an ISP is based)

IN THE U.S., CUSTOMER INFORMATION AND ASSOCIATED IP ADDRESSES ARE
CONSIDERED PRIVATE INFORMATION.  MOST IP ADDRESSES ARE ASSIGNED
DYNAMICALLY; YOU ARE TALKING ABOUT MILLIONS OF PIECES OF INFORMATION.

If a party contacts an Internet Service Provider about mis-use of the
Internet, what action does the Internet Service Provider take?

IF THE MISUSE RELATES TO ALLEGATIONS OF COPYRIGHT INFRINGEMENT, THE SERVICE
PROVIDER FOLLOWS THE PROCEDURES IN THE DIGITAL MILLENIUM COPYRIGHT ACT.  IF
THE MATERIAL IS HOSTED ON THE SERVICE PROVIDER'S SYSTEM OR NETWORK, THE
SERVICE PROVIDER RESPONDS TO A VALID "TAKE DOWN NOTICE" BY REMOVING OR
DISABLING ACCESS TO THE MATERIAL FROM THE SERVICE PROVIDER'S SYSTEM OR
NETWORK.  IF THE COPYRIGHT OWNER WANTS THE NAME OF THE SUBSCRIBER AND THE
MATERIAL THEY ARE COMPLAINING ABOUT IS ACTUALLY STORED ON THE SERVICE
PROVIDER'S SYSTEM OR NETWORK, THEY CAN SUBMIT AN EXPEDITED  SUBPOENA
OBTAINED BY THE CLERK OF A COURT FOR THE INFORMATION UNDER SECTION 512(H)
OF THE DMCA.  HOWEVER, IF THE MATERIAL OR ACTIVITY COMPLAINED OF DOES NOT
RESIDE ON THE SERVICE PROVIDER'S SYSTEM OR NETWORK (SUCH AS COMPLAINTS OF
INFRINGEMENTS OCCURRING ON P2P NETWORKS), THE ISP WILL NOT TURN OVER THE
CUSTOMER'S NAME UNLESS THE COPYRIGHT OWNER (1) FIRST FILES A SUIT IN
FEDERAL COURT; AND (2) OBTAINS A VALID SUBPOENA FROM A JUDGE OR MAGISTRATE.
THIS ISSUE WAS LITIGATED UP TO THE SUPREME COURT IN THE CASE OF RIAA V.
VERIZON AND CONFIRMED AGAIN IN RIAA. V. CHARTER COMMUNICATIONS.  THERE ARE
SIGNIFICANT PRIVACY, SAFETY AND DUE PROCESS ISSUES ASSOCIATED WITH TURNING
OVER CUSTOMERS' PERSONAL SUBSCRIBER INFORMATION.  THE POWER TO LINK A
CUSTOMER'S NAME, ADDRESS AND PHONE NUMBER WITH THE CONTENT AND PLACES THEY
HAVE VISITED ON THE INTERNET IS A VERY POWERFUL TOOL THAT MUST BE NARROWLY
TAILORED.

FOR NON-COPYRIGHT MATTERS, ISPS AGAIN, NEED A COURT-ISSUED SUBPOENA TO TURN
OVER THE CUSTOMER'S PERSONAL INFORMATION.  UNLIKE REGISTRATION OF  A DOMAIN
NAME, WHICH IS A PUBLIC RESOURCE AVAILABLE TO OTHERS AND REQUIRES
PUBLICATION, LIKE A LISTING IN  PHONE DIRECTORY, THE IP ADDRESSES OF
CUSTOMERS AND THEIR PRIVATE COMMUNICATIONS, ARE PROTECTED BY FEDERAL AND
STATE PRIVACY LAWS LIKE THE ELECTRONIC COMMUNICATIONS PRIVACY ACT.
MOREOVER, US LAW REQUIRES THAT THE ISP NOT ENGAGE IN MONITORING CUSTOMER'S
COMMUNICATIONS.

Is it to remove access to the particular IP address, or otherwise
suspend the customer's account?

ISPS CAN ENFORCE THEIR TERMS OF SERVICE IF THEY HAVE SUFFICIENT EVIDENCE OF
NETWORK ABUSE, BUT WHEN THE ALLEGED ACTIVITY TAKES PLACE ON THE USER'S
PERSONAL COMPUTER, VS. THE SERVICE PROVIDER'S NETWORK, THESE ARE DIFFICULT
JUDGMENT CALLS THAT DO NOT NECESSARILY REQUIRE THE ISP TO TAKE SUCH ACTION.
SECTION 512 (I) OF THE DMCA REQUIRES AN ISP TO HAVE A POLICY FOR THE
TERMINATION OF "REPEAT INFRINGERS" OF COPYRIGHT -- BUT MERE ALLEGATIONS OF
INFRINGEMENT NOT OCCURRING ON THE ISPS' SYSTEM OR NETWORK ARE NOT THE BASIS
FOR TERMINATION.


Or

Does the internet service provider provide information about the
customer associated with a source IP address to third parties such as
members of the intellectual property community?

NOT TO A PRIVATE PARTY WITHOUT A SUBPOENA (SEE EXPLANATION ABOVE)

What mechanisms have the internet service provider industry developed to
quickly respond to misuse of the Internet by their customers?

THEY COMPLY WITH LAW ENFORCEMENT INVESTIGATIONS, USE THEIR TERMS OF SERVICE
AND, IN THE COPYRIGHT AREA, FOLLOW THE DMCA AS DESCRIBED ABOVE.


I am interested in seeing if there are any learnings/practices from the
internet service provider industry (which in many respects pre-dates the
domain name industry) that can be applied to the domain name industry.

Regards,
Bruce Tonkin














<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy