ICANN: Privacy & Proxy Services Accreditation Issues comments

[Julien T <julien.t43@xxxxxxxxx>]

Hello,

Working as a security professional, I think the avaibility of informations
in domain is critical to identify either a victim, either an
abnormal/malicious website.

Any commercial company should have those informations filled and validated
regularly.

On a privacy perspective, I perfectly understand single owner of a website
and I think they should be exclude based on non-commercial domain.
(opposite to 1.3.1 II 3) To avoid any problem, it should include small
revenues because of ads or donations. After, it transform on how to assess
"small revenus". big organizations have sometime public accounting
depending on countries but not small one.
In my view, proxy usage should be barred for any registered shared private
companies or gov institution, same of course for Proxy service.

When permitted, proxy service should be strictly controlled and allow fast
access to Law Enforcement, Security companies, Official CERTs (like ones
registered at First or Terena)

 From my reading of
https://gnso.icann.org/en/issues/raa/ppsai-initial-05may15-en.pdf

On 1.3.2, I'm not sure ICANN has mandate to force service to comply with
express stuff (or threatening to remove accreditation?). Ultimately, it
depends on local law.

On 1.3.3
* Should registrants of domain names associated with commercial activities
and which are used for online financial transactions be prohibited from
using, or continuing to use, P/P services? If so, why, and if not, why not?
Yes, but I would also include an health online professional services and
government services. Like bank, there is a mandatory trust for those acts
and a communication point/spokeperson should exist whatever the channel
(press, tv, internet, ...)
As said before, other exclusion could apply for example
security/para-military institution, companies on stock exchanges...
* If you agree with this position, do you think it would be useful to adopt
a definition of “commercial” or “transactional” to define those domains for
which P/P service registrations should be disallowed? If so, what should
the definition(s) be?
Clearly, a definition is needed to avoid future problems
ads when not being a primary revenue of a single individual should not be
concerned by the change.
I understand EFF and others position that non-professional user of the web
should keep some level of protection.
* Would it be necessary to make a distinction in the WHOIS data fields to
be displayed as a result of distinguishing between domain names used for
online financial transactions and domain names that are not?
That's a possibility but I don't think it as a mandatory.
Whatever ICANN push as a policy, we all known than error intentional or not
happen.

Thanks for your review.
Best regards,

Julien