FW: Dot-Info Abusive Use Policy and NCUC
Milton L Mueller
mueller at SYR.EDU
Sat Jul 19 22:24:53 CEST 2008
Here's an important change that seems to have happened on the sly.
Anyone able to follow up on this and review the materials and develop a position?
-----Original Message-----
From: George Kirikos [mailto:george at loffs.com]
Sent: Sat 7/19/2008 2:25 AM
To: robin at robingross.com; mueller at syracuse.edu; nhklein at gmx.net
Subject: Dot-Info Abusive Use Policy and NCUC
Hi folks,
Have you been following the .INFO Abusive Use Policy that was just
approved by ICANN, without a public comment period and without
widespread consultation (especially amongst registrants)?
http://www.icann.org/registries/rsep/
http://www.icann.org/registries/rsep/afilias-abuse-funnel-request-rev-03jul08.pdf
http://www.icann.org/registries/rsep/jones-to-afilias-18jul08.pdf
I had written about it at:
http://www.circleid.com/posts/86215_potential_danger_ahead_dot_info_policy/
as well as at:
http://forum.icann.org/lists/registryservice/
I believe this to be a *very* dangerous precedent, depriving
registrants of due process, providing poor definitions of "abusive
use" (i.e. including words like "without limitation" that leave the
definition wide open), and giving the registry the power to cancel
domains at its discretion (instead of simply removing them from the
zone file). It sets up the registry operator as police officer, DA,
judge, jury and executioner. It also creates a precedent of removing
the role of the GNSO in policy making, and instead puts it into the
hands of the registries.
There was an interesting article in Forbes from a few months ago that
touched on this very issue:
http://www.forbes.com/technology/2008/02/12/phishing-cyber-crime-tech-security-cx_ag_0213phish.html
Even members of the Anti-Phishing Working Group were divided over the matter:
"This is the equivalent of a death penalty for a Web site," admits
Fred Felman, a spokesperson for MarkMonitor, one of the brand
management and security firms that would be accredited by the program.
"If we remove a legitimate e-commerce business from the Web, it could
lose millions in revenue that doesn't come back."
"Even so, the penalties for liquidating a legitimate site could be
significant. "Who would be responsible for false positives?" asks
Edmon Chung, who runs the registry for sites ending in .asia. "The
devils are in the details. We want to help with this cause, but we
need to take a close look at it legally."
"Verisign, for instance, which administers the Web's millions of .com
and .net sites, has declined to comment on the APWG initiative even
though it is a member of APWG and has long supported the group's
anti-phishing advocacy work. Tim Callan, a vice president for the
company's security division, says that false positives have to be
factored into the equation. "As long as there have been spam filters
and blacklists, there have been legitimate businesses that get
punished," he says."
Afilias doesn't appear to have consensus amongst registars, either,
according to Tucows:
http://discuss.tucows.com/pnews/read.php?server=discuss.tucows.com&group=tucows.services.domains.general&artnum=37368
"This is definitely an issue we're actively involved in. It's a
dangerous precedent, and I think that sentiment was largely shared
among registrars at the Registrars Constituency meeting during the
recent ICANN conference (Afilias came in to make a presentation on
this new policy). We'll be working closely with the Constituency to
address this issue."
I would hope that this is something that would be of concern to NCUC,
as there will be false positives, which can affect free speech,
censorship, etc.. It creates an extremely dangerous precedent if it
used as a template for VeriSign in .com/net or PIR in .org.
I'm sure you've read lots of boneheaded and poorly written contracts
coming out of ICANN, but this is simply one of the worst I've ever
seen. The intent is good, but the language is horrible. Legal
jurisdiction between countries is an extremely complex subject, and it
doesn't seem that Afilias has even considered the ramifications, nor
have any expertise in the area. We've seen how long the UDRP is,
describing a process for one type of abuse, yet Afilias thinks this
poorly worded contract has the proper checks and balances for all
other "abuses" that it decides to label in its own discretion?
Ridiculous.
I plan to file a formal reconsideration request. I hope that if NCUC
sees the dangers in this proposed contract for its constituency, they
will do something or speak out (or perhaps join/support a
reconsideration effort). Due process is at stake. The proper route
would have been for Afilias to create a consensus policy, working
through the GNSO, but instead ICANN approved this half-baked policy.
Sincerely,
George Kirikos
416-588-0269
www.LOFFS.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20080719/c07f03b7/attachment.html>
More information about the Ncuc-discuss
mailing list