<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>FW: Dot-Info Abusive Use Policy and NCUC</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>Here's an important change that seems to have happened on the sly.<BR>
Anyone able to follow up on this and review the materials and develop a position?<BR>
<BR>
-----Original Message-----<BR>
From: George Kirikos [<A HREF="mailto:george@loffs.com">mailto:george@loffs.com</A>]<BR>
Sent: Sat 7/19/2008 2:25 AM<BR>
To: robin@robingross.com; mueller@syracuse.edu; nhklein@gmx.net<BR>
Subject: Dot-Info Abusive Use Policy and NCUC<BR>
<BR>
Hi folks,<BR>
<BR>
Have you been following the .INFO Abusive Use Policy that was just<BR>
approved by ICANN, without a public comment period and without<BR>
widespread consultation (especially amongst registrants)?<BR>
<BR>
<A HREF="http://www.icann.org/registries/rsep/">http://www.icann.org/registries/rsep/</A><BR>
<A HREF="http://www.icann.org/registries/rsep/afilias-abuse-funnel-request-rev-03jul08.pdf">http://www.icann.org/registries/rsep/afilias-abuse-funnel-request-rev-03jul08.pdf</A><BR>
<A HREF="http://www.icann.org/registries/rsep/jones-to-afilias-18jul08.pdf">http://www.icann.org/registries/rsep/jones-to-afilias-18jul08.pdf</A><BR>
<BR>
I had written about it at:<BR>
<BR>
<A HREF="http://www.circleid.com/posts/86215_potential_danger_ahead_dot_info_policy/">http://www.circleid.com/posts/86215_potential_danger_ahead_dot_info_policy/</A><BR>
<BR>
as well as at:<BR>
<BR>
<A HREF="http://forum.icann.org/lists/registryservice/">http://forum.icann.org/lists/registryservice/</A><BR>
<BR>
I believe this to be a *very* dangerous precedent, depriving<BR>
registrants of due process, providing poor definitions of "abusive<BR>
use" (i.e. including words like "without limitation" that leave the<BR>
definition wide open), and giving the registry the power to cancel<BR>
domains at its discretion (instead of simply removing them from the<BR>
zone file). It sets up the registry operator as police officer, DA,<BR>
judge, jury and executioner. It also creates a precedent of removing<BR>
the role of the GNSO in policy making, and instead puts it into the<BR>
hands of the registries.<BR>
<BR>
There was an interesting article in Forbes from a few months ago that<BR>
touched on this very issue:<BR>
<BR>
<A HREF="http://www.forbes.com/technology/2008/02/12/phishing-cyber-crime-tech-security-cx_ag_0213phish.html">http://www.forbes.com/technology/2008/02/12/phishing-cyber-crime-tech-security-cx_ag_0213phish.html</A><BR>
<BR>
Even members of the Anti-Phishing Working Group were divided over the matter:<BR>
<BR>
"This is the equivalent of a death penalty for a Web site," admits<BR>
Fred Felman, a spokesperson for MarkMonitor, one of the brand<BR>
management and security firms that would be accredited by the program.<BR>
"If we remove a legitimate e-commerce business from the Web, it could<BR>
lose millions in revenue that doesn't come back."<BR>
<BR>
"Even so, the penalties for liquidating a legitimate site could be<BR>
significant. "Who would be responsible for false positives?" asks<BR>
Edmon Chung, who runs the registry for sites ending in .asia. "The<BR>
devils are in the details. We want to help with this cause, but we<BR>
need to take a close look at it legally."<BR>
<BR>
"Verisign, for instance, which administers the Web's millions of .com<BR>
and .net sites, has declined to comment on the APWG initiative even<BR>
though it is a member of APWG and has long supported the group's<BR>
anti-phishing advocacy work. Tim Callan, a vice president for the<BR>
company's security division, says that false positives have to be<BR>
factored into the equation. "As long as there have been spam filters<BR>
and blacklists, there have been legitimate businesses that get<BR>
punished," he says."<BR>
<BR>
Afilias doesn't appear to have consensus amongst registars, either,<BR>
according to Tucows:<BR>
<BR>
<A HREF="http://discuss.tucows.com/pnews/read.php?server=discuss.tucows.com&group=tucows.services.domains.general&artnum=37368">http://discuss.tucows.com/pnews/read.php?server=discuss.tucows.com&group=tucows.services.domains.general&artnum=37368</A><BR>
<BR>
"This is definitely an issue we're actively involved in. It's a<BR>
dangerous precedent, and I think that sentiment was largely shared<BR>
among registrars at the Registrars Constituency meeting during the<BR>
recent ICANN conference (Afilias came in to make a presentation on<BR>
this new policy). We'll be working closely with the Constituency to<BR>
address this issue."<BR>
<BR>
I would hope that this is something that would be of concern to NCUC,<BR>
as there will be false positives, which can affect free speech,<BR>
censorship, etc.. It creates an extremely dangerous precedent if it<BR>
used as a template for VeriSign in .com/net or PIR in .org.<BR>
<BR>
I'm sure you've read lots of boneheaded and poorly written contracts<BR>
coming out of ICANN, but this is simply one of the worst I've ever<BR>
seen. The intent is good, but the language is horrible. Legal<BR>
jurisdiction between countries is an extremely complex subject, and it<BR>
doesn't seem that Afilias has even considered the ramifications, nor<BR>
have any expertise in the area. We've seen how long the UDRP is,<BR>
describing a process for one type of abuse, yet Afilias thinks this<BR>
poorly worded contract has the proper checks and balances for all<BR>
other "abuses" that it decides to label in its own discretion?<BR>
Ridiculous.<BR>
<BR>
I plan to file a formal reconsideration request. I hope that if NCUC<BR>
sees the dangers in this proposed contract for its constituency, they<BR>
will do something or speak out (or perhaps join/support a<BR>
reconsideration effort). Due process is at stake. The proper route<BR>
would have been for Afilias to create a consensus policy, working<BR>
through the GNSO, but instead ICANN approved this half-baked policy.<BR>
<BR>
Sincerely,<BR>
<BR>
George Kirikos<BR>
416-588-0269<BR>
www.LOFFS.com<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>