Re: From Christian -- Re: [gnso-ff-pdp-may08] Meta: Strawman - Process vs. Policy

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

Christian,

When I say trusted and you or Wendy substitute "private", you change the 
discussion from one I intend to be technical in nature to one that has to do 
with law.

When I say "monitoring" and you or Wendy substitute "policing", you infer 
something altogether different (with at least some presumption of the potential 
for abuse). Again, this context switch takes us down a discourse path 
prematurely.

It is very hard to think any technical problem through to completion. It is 
harder still when the conversations bifurcate. I find it simpler to study a 
problem from a technical perspective and literally in vacuum, to see if a 
solution has technical merit (e.g., does it work and scale). If it does, then I 
find it easier to look at the non-technical impact. Jumping from "could I 
monitor X?" to "is this a violation of a constitutional protection in the 
context of a global Internet?" makes problem solving (for me at least) very 
difficult.

IMO, trusted and private are very different concepts. So are policing and 
monitoring. Cellular phone operators are one example of trusted parties and 
they can be public or private depending on where you live. Cellular phone 
operators also monitor call signal strength, endpoint (phone) location, etc.   
IMO, this is not a policing action.

I'm happy to discuss the concerns you raise. I would like us to be conscious of 
how word-swapping affects what we discuss.

On 8/3/08 4:56 PM, "Christian Curtis" <CCurtis79@xxxxxxxxx> wrote:

   Dave, please don't misunderstand me.  I'm not referring specifically to all 
attempts to identify trusted sources, and I'm not referring specifically to the 
proposal you brought up at the end of the call.  Honestly, that exchange 
happened so quickly that I didn't quite understand what you were proposing.  
I'm speaking more directly to the dangers that are inherent in endowing private 
parties with a policing function.  Mike O'Connor's comments about reaching a 
compromise between individual rights and the needs of law enforcement made me 
particularly nervous, because I don't believe that ICANN is the proper entity 
to balance these concerns.

    Mike Rodenbaugh, I think that you might actually be making my point for me. 
 It is that fact that constitutional protections do not apply between 
contracting parties that makes me nervous.  We've been asked to address the 
question of criminal conduct here.  To some degree, law enforcement agencies 
are applying pressure on us to do their jobs with the assertion that we're the 
only ones who can.  I'm really not comfortable taking that role.

    Part of the inefficiencies inherent to law enforcement are there to 
preserve justice and individual liberties.  It would, after all, be far more 
efficient to combat crime without trials, warrants, or defendants' rights.  
When it comes to speech crimes it's even more efficient to require the speaker 
to get permission before being allowed to speak at all.  Free societies, 
however, specifically require the more inefficient route for good reason.  I'm 
not comfortable circumventing these limitations by placing the onus of crime 
prevention on private entities.

      --Christian

On Sat, Aug 2, 2008 at 9:15 AM, Mike O'Connor <mike@xxxxxxxxxx> wrote:
My silence on this thread is partly due to it's quality.  This is a very rich 
discussion and I've still got several emails to read/ponder before I try to 
contribute.  But I'd like to merge two threads.  Mike Rodebaugh just floated a 
detailed proposal in the "[gnso-ff-pdp-may08] Question for Registrars - What 
kinds of solutions scare you?" thread, which I'm taking the liberty of 
attaching to this one.

Why?  Because I'm curious whether there are sufficient safeguards in that 
proposal to address the concerns that have been raised here -- and to look for 
suggestions on how it could be improved.

I see the glimmer of light at the end of the tunnel -- if we can get a speedy 
process defined (to thwart nimble bad-guys) that addresses due-process 
concerns, we're on the edge of a Very Good Thing.

m


At 08:02 AM 8/2/2008, Dave Piscitello wrote:
Once again, since my words are being misrepresented again, I will reiterate 
that there is a difference between private (which is the opposite of public) 
and trusted.

By (at least my) definition, trusted parties have some form of "oversight" (in 
this case, certification) and some form of controls over their behavior. How 
else do you assert trust?

Now, if the accreditation/certification requirements (establishing trust) 
demand some form of transparency, that's a valid topic for discussion, and a 
laudable one.

Next, consider the possible consequences of this transparency to the accredited 
responder. Responders are put at risk of real-world (physical) harm where 
criminal elements are involved. This is fact, not fiction. The responder 
deserves no less concern for his safety (and his family's) than the registrant. 
Transparency (e.g., public disclosure of identities and contact information) is 
inappropriate (my opinion). However, transparency could well take the form of 
(again) trusted parties who are responsible for ensuring that accredited 
responders do not abuse their privileges and thus protect the privileges of 
registrants.

I'm trying hard here to illustrate that I take your point about safeguards 
seriously, but that you are misrepresenting what is being suggested with the 
accreditation process. Please do not dismiss the suggestion that accredited 
responders are targets for criminals lightly.]

If we are going to debate  a topic, please let's debate it with more precision. 
I think there are issues here that are being too quickly reacted to in a very 
polarizing fashion. Democratic forms of government typically have checks and 
balances.

Perhaps we can make better progress if we agree to a refinement of our process. 
If you offer a check (solution), consider also the impact to a registrant. If 
someone proposes a check, and you have misgivings over that check, by all means 
express that concern, but please take a moment to think of a balance and offer 
that along with your concern.

Lastly, and please offline, I would be very interested in discussing whether 
registering a domain is a privilege or a right.


On 8/1/08 9:58 PM, "Mike O'Connor" <mike@xxxxxxxxxx> wrote:



the list and Christian's email address aren't getting along at the
moment.  so i'm acting as intermediary for him while we get it
figured out.  Christian's post follows...

m


>Date: Fri, 1 Aug 2008 16:34:23 -0400
>From: "Christian Curtis" <wilderbeast@xxxxxxxxx>
>To: gnso-ff-pdp-may08@xxxxxxxxx
>Subject: Re: [gnso-ff-pdp-may08] Meta: Strawman - Process vs. Policy
>Cc: "Mike O'Connor" <mike@xxxxxxxxxx>
>X-Antivirus: AVG for E-mail 8.0.138 [270.5.10/1585]
>
>     I wanted to comment on the discussion we had at the end of the
> call, and I believe that this is the proper thread.  I'll leave the
> straw man alone for now, but I'd like to comment on the NCUC's
> broader concerns.
>
>     Democratic governments have certain safe-guards in place to
> prevent those entrusted with power from running rough-shod over
> personal freedoms we consider important.  One of these protections
> is the electoral process itself, which ensures that those who
> create the policies of the state and those who wield its power are
> ultimately accountable to the citizenry at large.  Other
> protections include separation of powers, access to courts, and the
> constitutional enshrinement of certain fundamental liberties.
>
>     Professor Setlzer commented that she gets very nervous when
> private entities start to act like governments.  Both I and the
> NCUC, share this concern.  Private entities like registries,
> registrars and ICANN are not encumbered by the same
> liberty-preserving safeguards as governments.  For example, the
> U.S. constitution protects its citizens from certain invasive or
> unjust conduct by the government.  It places little, if any,
> similar restrictions on similar conduct by private parties.
>
>    Any discussion about combating illegal activity at ICANN
> inherently raises these problems.  There is a distinct danger that
> remedies at this level could transform private parties into a sort
> of 'speech cop' charged with determining what content is
> permissible and what is not.  As the debacle with Dynadot and
> Wikileaks demonstrates, it may well be in the best interests of a
> registrar to ignore the free speech interests of its customer in
> the face of a powerful angry party.  Thrusting registrars,
> registries or ICANN into this role creates the danger that they
> could be pushed to implement more restrictive or arbitrary controls
> than the government can.
>
>     Though I respect Mike's comments about compromise generally, I
> do not believe that it is appropriate with regards to this
> issue.  ICANN does not exist to balance the policies of protecting
> civil liberties and combatting crime.  ICANN exists to coordinate
> the Internet.  The sort of policies we are discussing when we get
> into balancing free speech concerns against crime prevention belong
> to democratic governments with their carefully balanced structures
> and controls.
>
>     Respectfully, I must vigorously oppose any proposition that
> ventures into this forbidden territory.
>
>      --Christian




No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.5.10/1586 - Release Date: 8/1/2008 6:59 
PM