Re: From Christian -- Re: [gnso-ff-pdp-may08] Meta: Strawman - Process vs. Policy

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

Well said, Marc.

The focus of this and many of the legality threads is on the rights of 
registrants.

We too often look a registrants as the end of the domain food chain. They are 
not. Users are.

At the risk of not having numbers to corroborate my claim, I will argue that 
Internet users outnumber registrants by at least one order of magnitude but 
most likely by several.

I think Marc's principle - registrants have the right to argue to reinstate - 
is one that caters to Internet users. It is widely practiced today with spam 
block listing. If your mailer begins relaying spam, your domain may be block 
listed. If you are block listed, you can argue your case with the block listing 
organization or ISP and have your domain removed from the list.

Something that is lost when we conceptualize notions of suspension and block 
listing is that the a) the incidence of false positives is small, b) attempts 
have been made to contact the offending parties with no success, and c) 
registrants impacted by false positives are inconvenienced but commonly suffer 
smaller losses (if any) than the Internet users who are phished.



On 8/3/08 5:06 PM, "Marc Perkel" <marc@xxxxxxxxxx> wrote:



Wendy Seltzer wrote:

Mike Rodenbaugh wrote:



For the record, talk of "due process" is a US Constitutional notion that is
entirely misplaced when we are talking about private parties contracting
with one another, whether in the US or elsewhere.




I disagree.  We may not be talking about Due Process with caps, but I
think we should clearly be asking what procedural safeguards are due any
time we take action that might reduce some parties' rights.  In this
case, we're talking about actions that might deprive domain registrants
of the ability to use the names they've registered. That shouldn't be
done without giving them notice and opportunity to respond, or recourse
if they're wrongly terminated.

I think a speedy process for registrants to protest and get their domains 
reinstated after they are taken down would be in their due process rights. But 
as to doing that before they are taken down - I have to disagree. If we had to 
wait for a registrant to be notified first while that are in the process of 
ripping off thousands of people then that would be unreasonable. I think the 
victims of these criminal have rights too and when choosing between who's 
rights to favor I would side with the victims.

If an innocent domain is taken down however then they should have the right to 
be able to petition to have their domain reinstated. Generally most people in 
business, upon seeing that they had made an honest mistake, would not only 
correct the mistake but also correct the process that led to the mistake. So 
I'm on the side of registrars to take action to stop domains who they 
reasonably believe are engaging in fraudulent activity.


I'm not saying, of course, that fraudulent purchasers have rights to
domain names, but that lawful purchasers should have the opportunity to
respond when they're accused of fraudulent or criminal activity.
Otherwise, malicious or mistaken reports can deprive legitimate
registrants of their contractual expectations.

Do you let the fraud continue while waiting for the domain owner to respond?

On a separate note. If a domain is in the "tasting" period where they haven't 
even paid for the domain yet - would they also have rights? I would think that 
someone with a domain that isn't even 5 days old would have limited rights as 
compared to one that is an established domain.


 ICANN exists to manage



the DNS, that necessarily must include policy to mitigate criminal use of
the DNS, in order to avoid both harm to end users and potential liability to
contracting parties.




While private parties in contractual relationships must ensure that they
are not engaging in or actively soliciting criminal activity, they are
under no obligation -- and I would say should be under no obligation --
to monitor the activities of others.  I do not believe that ICANN's
mandate or mission includes becoming a branch of the law enforcements of
the multitude of jurisdictions into which the Internet's DNS resolution
extends.




While I agree that ICANN needs to avoid becoming law enforcement there is also 
a duty of a business to take reasonable steps to ensure that their product 
isn't abuse in a criminal way or causes a public hazard. For example, a bar has 
some duty to ensure that it doesn't create a crime problem in the neighborhood 
by turning a blind eye to criminal activity that they know is happening and 
choose to do nothing about. Sometime you have to take the knife our of the 
criminals hands before you give them the chance to argue they have a right to 
use the knife. Especially if the knife has blood on it.

Similarly - I'm paid to block spam and fraud. So if I see someone impersonating 
a bank I block the email. I don't continue to allow it while I write the domain 
owner to give them due process as to why I shouldn't allow them to try to 
defraud my customers.

I believe registrars are business people of good will and that no registrar 
want to shut down legitimate web sites. But when they see fraud happening then 
it is reasonable for them to choose to stop it. After the site is stopped then 
the registrant should have a quick procedure to point out mistakes and I would 
thing the registrar would quickly fix the mistake or face liability if they 
were negligent.