Re: Comments of Coalition for Online Accountability re .tel renewal agreement

[Jonathan Curley <jonathan.p.curley@xxxxxxxxx>]

First I would like to ask ICANN, can you please extend the public
comment period for a further 30 days, this is if you're able to do so.

Second I have read the COA pdf that was attached to the comment the
honorable gentleman made, and while I'm not as legally versed as the
COA representative is while acting in their respective role, I find
most of what was stated reasonable if it is solely based on the dot
tel extension being opened up, and as a dot tel registrant I don't
object overall to what was put forward, but I do object to minor
things in regards to details, and of one or more statements and
requests for implementation.

As stated above you may have been responding on the basis that the dot
tel extension is opened up, I don't believe it will be so I mention
these amendments to the SAS service in relation to it staying a
partially closed system, if it was opened up in some way I would hope
the SAS system stays in place and is rolled out to other extensions.

I understand what the SAS is for and have read documents in the past,
but I'm by no means perfectly intellect on the SAS as a core subject
and must explain my point by discussing other services I have
witnessed.

I believe anyone who obtains SAS data must act in accordance with the
laws of data protection, as Telnic are incorporated in the United
Kingdom which is still a member (though allegedly outgoing) in the EU
with EU laws, I think for now all data must only be shared with those
of whom are deemed necessary in order to undertake a lawful or legal
duty, and that of which is in accordance with the aforementioned data
protection laws.

I do not think they have to be SAS members themselves, as long as the
data that is shared from a reputable SAS member to a none SAS member
was done so lawfully, and in pursuit of legal recourse, which then
resulted in a lawful outcome that was not an abuse of the service, if
the data is abused by the person who received the information from an
SAS account holder, then the SAS member or group should be punished
with very large fines and shamed in its local newspapers (if they
still exist), much like the way bankrupts are shamed for their actions
and miss managements, as well as permanently being banned from using
the SAS and prosecuted if they use a 3rd party to collect data from
the SAS for themselves.

Regardless of what is already in place and mentioned in the pdf, I
also think anyone who signs up for the SAS must pass a more stringent
test and as such should be subject to a more extensive "business and
operating license" check to determine fully who they are and why they
want the data, as well as what individual's in their business will
have access to the data through the businesses SAS account, and of
whom they might share it with to be placed on record, but I think more
legal recourse should be automatically enacted (as stated above) and
sought out by the registry themselves for breaches of it, or for mass
data scrapings for an unlawful purpose, and cutting someone's access
to it is not enough of a punishment when they can use a new account?
or get a 3rd party to join the SAS and continue to abuse it?

I think the SAS system is good and is acting as a windbreaker of sorts
to slow down the automated abuse of the dot tel whois system, while
keeping it open to those who require it for legal purposes, and as
such it should be rolled out to all extensions, because from what I
see many website owners unlawfully scrape the public data of the
whois, and then go on to use it for occasionally unjust 3rd party
online services, and in some cases of which require fees for the
removal of this data from online websites, and while the whois has its
own provisions of which say in some cases you can't do this, it's been
allowed to continue, and I have never heard of anyone being punished
for scraping whois data though they should be.

I also have the impression that whois data of other extensions is
being sold in bulk? by scrapers? companies? this may not be true but
its something that needs to be curbed if it is, as while its public
data it should be only used for selective purposes and not attained in
bulk, and so dot tel's SAS system is a good windbreaker and means
test.

If a company wants to take the whois data for the purpose of
brokerage, then so it should do so through the SAS but only if a
registrant has ticked a box in the control panel saying they are
willing to sell, and as such has then granted access to their full
whois data for this purpose, which it can then be given to any broker
requesting it if the SAS member is a bonafide domain broker (in
company form) and as such has a seller lined up, I have no objections
to my data being sucked into a 3rd party service from the whois, as
long as I have chosen to sell a domain, and that my full information
is never shared with the person who wishes to purchase it through a
3rd party service that can be anonymized, or that my information is
not collated and sold on, and the information is destroyed after its
use, though the point of dot tel was to not be as anonymous, but
everyone should have the right to choose if they are or not, and to
what degree they interact with others directly or indirectly and in
any situation, and that includes the SAS system.

Many registrars run and sell whois privacy schemes, which defeats the
point of an open whois system, and so having a partially closed whois
system like dot tel does allow for some privacy online (for natural
people) while giving those who run legitimate services and those
seeking legal recourse the opportunity to get access to the accurate
data for their purposes, I think data stored in a tel whois system
will be more accurate, and that would be in your favour.

I want to present an analogy in order to explain something else
better, if you have ever used YouTube you might have seen how the DMCA
process was abused to silence people's opinions, criticism and other
means of expression, as well as missed used by automation and false
flagging campaigns, in the COA pdf it mentions something about having
a rapid service for the removal of domains, but you also ask for a
faster system of automation by increasing the allowance of lookup
queries from 5.

I read and understand this in the terms of your group asking to be
allowed to spray a hose pipe of automatic flagging bots, that will do
auto-take-downs of domains based on anything it deems to be in any way
possible infringing?, and like with YouTube things are not always
accurate and fairly applied, and if you want to scan mass whois data
and do takedowns (if dot tel is still a closed system) it will itself
require a form of automated control panel arbitration, a process to
allow for a fair and balanced approach to legal requests.

https://www.youtube.com/watch?v=vOd_d8FhFyE
http://www.digitaltrends.com/opinion/google-defends-fair-use-on-youtube-against-dmca/

And as such I have no issues with automation unless it's implemented
correctly, and that the domains and content are not taken down without
the notice of the registrant, who should then be informed through the
control panel that if they do nothing it will be taken down (go dark)
in a week, if they then contest the removal of their domain or the
content (through the control panel) by pressing a button, only then
should the COA or other parties get sent the whois information through
the SAS and at this time the content and domain should be reinstated,
this is until as such time as the court determines it does infringe
and then Telnic will act to take it down permanently. As like with
YouTube you only get a user's data when they are ready to take you to
court for an unlawful DMCA, and both parties each then receive each
other's contact data in order to make those arrangements.

SAS access for law enforcement is fine and there are no issues, that
is unless a law enforcement body who is not UK or EU based requests
the information, and then the registrant should be informed unless
there's a court order or such that the registrant is under
investigation and they have a right to access the data and whois
information blindly and quietly.

I also do not think you should just be able to scrape the data as you
please, I think you should do lookups and put flags on domains and
it's content, but you should only receive the data if like on YouTube
they contest it as fair use or another provision for countering a bot
flagging campaign.

If it's opened up I'm sure you'll get all the normal provisions of a
normal domain whois, though I don't think they will open it up but if
they did I hope they keep the SAS.

I hope this is of some use to ICANN,

Regards

Jonathan Curley