RE: [gnso-rap-dt] question for Mike Rodenbaugh regarding amendment language

[martinsutton@xxxxxxxx]

Mike,

Useful thoughts, thank you.

This issue links in with the UoC recommendations - lack of minimum 
standards across contracting parties creates variances in the ability 
(and/or willingness) to take effective action against misuse of domains.

Looking back, I think the way that we've 'bundled' the original 
recommendations for malicious abuse into one may now be causing some 
dilution issues that you've highlighted.  However, the previous 
discussions identifying the concerns for mandatory policies related to the 
fact that malicious/criminal abuse adapts quickly to knew techniques and 
opportunities, with responsive policy and standards applied at a much 
slower pace.  Recognising that cross-industry best practices can adapt 
quickly to the abuses they can be more effective versus following the 
policy route but may not always be a long-term need.  Personally, I would 
expect best practices that do offer long-term solutions are elevated to 
mandated policies as and when proven - feeding into UoC where applicable. 
What disadvantages would you envisage if we did not stress the mandatory 
element within this recommendation? 

Regards

Martin

Martin C SUTTON 
Group Risk 
Manager, Group Fraud Risk and Intelligence | HSBC HOLDINGS PLC HGHQ
Group Security & Fraud Risk
8 Canada Square,Canary Wharf,London,E14 5HQ,United Kingdom
________________________________________________________________

Phone.     +44 (0)20 7991 8074 / 7991 8074
Mobile.     +44 (0) 7774556680
Email.       martinsutton@xxxxxxxx
________________________________________________________________



"Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx> 
Sent by: owner-gnso-rap-dt@xxxxxxxxx
Feb 08 2010 22:04

Mail Size: 32789

Please respond to
<icann@xxxxxxxxxxxxxx>


To
"'RAP-WG'" <gnso-rap-dt@xxxxxxxxx>
cc

Subject
RE: [gnso-rap-dt] question for Mike Rodenbaugh regarding amendment 
language

  Entity
   HSBC Holdings plc - GMO



In fact, ICANN has imposed and enforced the UDRP for more than ten years, 
in an effort to deal with cybersquatting.  Moreover, ICANN contracting 
parties have always had the ability to deal with misuse of any kind, via 
their contracts with registrants and with each other -- with the possible, 
seemingly inexplicable exception of the .com/.net Registry Agreements.  So 
yes, ICANN could impose more specific anti-abuse rules if it chooses, 
there is nothing in the contracts or in law that would prevent that. 
 
Indeed the contractual regime has been in place for many years, empowering 
contracting parties to take action to address misuse.  Most have taken 
that opportunity and have robust systems and processes in place to deal 
with misuse.  The problem has been the inconsistent (sometimes willfully 
abusive) manner in which some contracting parties have chosen to deal with 
such problems (or not).  Best practices should be reviewed, with an eye 
towards mandating some of those practices for everybody, to create a more 
level playing field for the contracting parties (whether they want it or 
not) and more importantly to make it easier for third parties and law 
enforcement to get action from contracting parties to address abuse of 
third party rights.
 
Mike Rodenbaugh
RODENBAUGH LAW
tel/fax:  +1 (415) 738-8087
http://rodenbaugh.com
 
From: Greg Aaron [mailto:gaaron@xxxxxxxxxxxx] 
Sent: Monday, February 08, 2010 1:11 PM
To: 'Frederick Felman'; 'Mike Rodenbaugh'; 'RAP-WG'
Subject: RE: [gnso-rap-dt] question for Mike Rodenbaugh regarding 
amendment language
 
Dear Mike:
 
So you?re saying that if a registrant misuses a domain name (unrelated to 
registration-related processes such as how the domain is created, updated, 
transferred, etc.), ICANN can regulate how that is dealt with? 
 
All best,
--Greg
 
 
 

From: Frederick Felman [mailto:ffelman@xxxxxxxxxxxxxxx] 
Sent: Monday, February 08, 2010 3:48 PM
To: Mike Rodenbaugh; RAP-WG
Subject: Re: [gnso-rap-dt] question for Mike Rodenbaugh regarding 
amendment language
 
I agree with Mike.


On 2/8/10 12:44 PM, "Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx> wrote:
That is not precisely what I am saying. 
 
A domain name registration lasts from the time it is registered until the 
time it is no longer registered.  If it is abused during that time, then 
it is within ICANN and its contracting parties? remit to address, as is 
made very clear in all of the relevant contracts (except Verisign?s 
Registry Agreements for .com/.net) and otherwise by law and industry 
practice.  The problem is the inconsistency with which some contracting 
parties respond (or fail to respond) to complaints of abuse. 
Minimum/mandatory standards for handling those complaints should be 
adopted.
 
I do not believe this is an ?Alternate View? but one that has been 
supported by most of the WG all along.
 

Mike Rodenbaugh
RODENBAUGH LAW
tel/fax:  +1 (415) 738-8087
http://rodenbaugh.com <http://rodenbaugh.com/> 
 

From: Greg Aaron [mailto:gaaron@xxxxxxxxxxxx] 
Sent: Monday, February 08, 2010 12:35 PM
To: icann@xxxxxxxxxxxxxx; gnso-rap-dt@xxxxxxxxx
Subject: RE: [gnso-rap-dt] question for Mike Rodenbaugh regarding 
amendment language 

OK. Would you like to be listed as having an alternate view, that ?It is 
within ICANN?s remit to regulate uses of domain names unrelated to 
registration abuses??
 
All best,
--Greg

From: Mike Rodenbaugh [mailto:icann@xxxxxxxxxxxxxx] 
Sent: Monday, February 08, 2010 3:09 PM
To: gnso-rap-dt@xxxxxxxxx
Subject: FW: [gnso-rap-dt] question for Mike Rodenbaugh regarding 
amendment language 

Hi Greg,
 
Happy to try to clarify? nothing new here.  

I continue to disagree that ?mandatory practices to deal with use of 
domain names (unrelated to registration process abuses) seem outside of 
ICANN?s scope.?  I know that is gospel for the contracting parties, and 
ICANN Staff are always too happy to repeat it, but it ignores the UDRP and 
additional, plain language in almost all of the Registry Agreements 
(except Verisign?s).  It also ignores reality, as it is not generally 
possible to discern intent to abuse at the time of registration -- more 
often that abusive intent is only manifest upon occurrence of abuse. 
 
Furthermore, in reality, contracting parties can be held contributorily 
liable for abuse of their systems, even to the point that they literally 
could be sued out of existence and/or shutdown by a governmental 
authority, which likely would cause huge problems for ICANN and for 
affected registrants.  We all would like to avoid that possibility, so 
finding some minimum anti-abuse standards, mandatorily applicable to all 
contract parties, continues to make imminent sense to me.  Best practices 
would be a step in the right direction, but might not be worth the paper 
on which they are printed, not to mention all the time and effort that 
will go into devising them.  It would be better to use that effort to 
devise some mandatory/minimum rules that can be enforced by ICANN Staff.


Mike Rodenbaugh
RODENBAUGH LAW
tel/fax:  +1 (415) 738-8087
http://rodenbaugh.com <http://rodenbaugh.com/> 
 

From: owner-gnso-rap-dt@xxxxxxxxx [mailto:owner-gnso-rap-dt@xxxxxxxxx] On 
Behalf Of Greg Aaron
Sent: Monday, February 08, 2010 11:10 AM
To: mike@xxxxxxxxxxxxxx
Cc: gnso-rap-dt@xxxxxxxxx
Subject: [gnso-rap-dt] question for Mike Rodenbaugh regarding amendment 
language 

Hi, Mike.  The WG went through the final recommendations today, and I have 
a question regarding your response to #30 (creation of best practices to 
address illicit uses of domain names).
 
Your friendly amendment was: ?The effort should also consider mandatory 
minimum practices applicable to contracting parties, in addition to best 
practices.? 
 
The RAPWG did find an instance where there is an inherent relationship 
between registration abuses and malicious uses of domains: WHOIS 
accessibility (or lack of accessibility).  The group therefore agreed to 
make two recommendations about that topic.  WHOIS accessibility is a 
specific topic where the WG recommends that the GNSO look into practices 
applicable to contracting parties.
 
Otherwise, your amendment seems incompatible with the Recommendation.  The 
group has arrived at the best practice approach because mandatory 
practices to deal with use of domain names (unrelated to registration 
process abuses) seem outside of ICANN?s scope. 
 
Can you offer clarification on your comments?
 
All best,
--Greg
 

**********************************
Greg Aaron
Director, Key Account Management and Domain Security
Afilias
vox: +1.215.706.5700
fax: 1.215.706.5701
gaaron@xxxxxxxxxxxx 
**********************************
The information contained in this message may be privileged and 
confidential and protected from disclosure. If the reader of this message 
is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified 
that any dissemination, distribution or copying of this communication is 
strictly prohibited. If you have received this communication in error, 
please notify us immediately by replying to the message and deleting it 
from your computer.

 


************************************************************
HSBC Holdings plc
Registered Office: 8 Canada Square, London E14 5HQ, United Kingdom
Registered in England number 617987
************************************************************


-----------------------------------------
SAVE PAPER - THINK BEFORE YOU PRINT!

This E-mail is confidential.                      
                                                  
It may also be legally privileged. If you are not the addressee you
may not copy, forward, disclose or use any part of it. If you have
received this message in error, please delete it and all copies
from your system and notify the sender immediately by return
E-mail.                     
                                                  
Internet communications cannot be guaranteed to be timely secure,
error or virus-free. The sender does not accept liability for any
errors or omissions.