FW: [ORG-law] NOMINET Revised draft recommendations for discussion

Victoria McEvedy victoria at MCEVEDY.EU
Thu Oct 13 11:34:51 CEST 2011


It may make sense for this group to co-ordinate with/feed into ORG's submissions to Nominet also -attached.



There are a number of common members on each group ---any of us can act as a liaison.



Best,







Victoria McEvedy

Principal

McEvedys

Solicitors and Attorneys

cid:669FC637-760A-4D2F-B56E-2C180C1870CC



81 Oxford Street,

London W1D 2EU.





T:    +44 (0) 207 243 6122

F:    +44 (0) 207 022 1721

M:   +44 (0) 7990 625 169



www.mcevedy.eu



Authorized and Regulated by the Solicitors Regulation Authority #465972

This email and its attachments are confidential and intended for the exclusive use of the addressee(s).  This email and its attachments may also be legally privileged. If you have received this in error, please let us know by reply immediately and destroy the email and its attachments without reading, copying or forwarding the contents.

This email does not create a solicitor-client relationship and no retainer is created by this email communication.



From: Jim Killock [mailto:jim at openrightsgroup.org]
Sent: 12 October 2011 20:53
To: ORG legal discussions
Subject: [ORG-law] Fwd: IMPORTANT: NOMINET Revised draft recommendations for discussion



Also, FYI and comments

---------- Forwarded message ----------
From: Jim Killock <jim at openrightsgroup.org<mailto:jim at openrightsgroup.org>>
Date: Wed, Oct 12, 2011 at 8:50 PM
Subject: IMPORTANT: NOMINET Revised draft recommendations for discussion
To: The ORG Advisory Council discussion list <org-advisory at lists.openrightsgroup.org<mailto:org-advisory at lists.openrightsgroup.org>>


Hi all,

This really is it: whatever we are happy or unhappy with, we must say now.



If anything in this document would in our view endanger ORG's reputation or our strategic concerns about self-regulation, please say now.

On the positive side, it seems to make clear



(1) Law enforcement takes responsibility for requests and their accuracy

(2) if suspensions are appealed, the appellant can force a court order to be required

(3) Most or all of our transparency requirements are met



At a glance, also,



(1) the scope of "distribution of counterfeit goods" needs to be narrowed to "criminal distribution of physical counterfeit goods"



Please take time to look and read if you can. Unlike many previous processes we have been involved in, we are both having a very significant impact (this document is based on what they are calling "ORG's draft", essentially agreed with our allies) and we will be held accountable for this document.



Thank you,



Jim

---------- Forwarded message ----------
From: Tania Baumann <Tania.Baumann at nominet.org.uk<mailto:Tania.Baumann at nominet.org.uk>>
Date: Wed, Oct 12, 2011 at 5:37 PM
Subject: Revised draft recommendations for discussion


Dear issue group participants,



Please find attached a revised set of draft recommendations on Domain Names Used in Connection with Criminal Activity, based on the discussions held at the 4th issue group meeting. Apologies for the slight delay in getting these out as it was important that the Secretariat had the opportunity to speak with a number of participants who were unable to attend the meeting in order that the next iteration of the recommendations was an accurate reflection of views.



As agreed by the issue group, the draft document:

-          Seeks to elucidate in greater detail the policy principles

-          Includes additional points that were agreed at the meeting

-          Incorporates a number of elements from the ORG draft circulated on which there was consensus at the meeting or through follow-up discussions with issue group participants  who were unable to attend.



Please note that this document should be considered an executive summary for the Board and it is envisaged that a longer report that outlines the thinking of the issue group will accompany the top-line recommendations.



Please also note that as discussed on the matter of form, there are certain aspects of the ORG document that serve as background on the policy process that will be conveyed to the Board as part of the Secretariat's briefing, rather than as part of issue group's recommendations.



At this stage, we have not included in the proposed recommendations, the recommendations made in the ORG document on how the procedural implementation of the policy itself, such as the consultation as it is suggested that this matter is touched on again when we meet colleagues next week when there will hopefully be a full spectrum of participants, and in the context of the latest set of recommendations.



If colleagues have any queries at all, please do not hesitate to get in touch. Please be reminded that the next meeting will be on Thursday 20 October 14.30 - 17.00 at MBW in Victoria (10 Greycoat Place).



Best wishes,



Tania





Tania Baumann

Head of Secretariat

Nominet

Tel: +44 (0)1865 332360<tel:%2B44%20%280%291865%20332360>
Fax: +44 (0)1865 332292<tel:%2B44%20%280%291865%20332292>

Mob: +44 (0)7766 83 72 85<tel:%2B44%20%280%297766%2083%2072%2085>

 These are the recommendations of the Issue Group on Domain Names used in connection with criminal activity.

1.     In line with the company's public purpose mission to promote a safe and trusted internet space, and in order to defend its private interests, Nominet should have a specific and published abuse policy that governs an expedited process by which it addresses the criminal use of domain names in its terms and conditions.

2.     With a view to providing certainty and clarity for stakeholders, Nominet's abuse policy should clearly define the circumstances and procedures by which Nominet will suspend a .uk domain name following notification that it is being allegedly used in connection with criminal activity.

3.     The policy's operation should be transparent and consistent, to promote the  confidence of all stakeholders.  It is important that Nominet's procedures replicate due process as far as possible to protect the rights and freedoms of registrants, and to mitigate the potential for disproportionate outcomes.

Scope

4.     Nominet's policy must be proportionate in scope, giving recognition to the fair and legitimate interests of registrants.

5.     To enable the relatively swift adoption of lightweight procedures, the scope of the policy should apply to a limited subset of criminal activity in the first instance. The policy must explicitly exclude civil disputes and cases where freedom of expression and other fundamental rights of the registrant or third parties are central to the dispute at issue.

6.     [As a matter of principle, the issue group believes that the association of a domain with criminal activity should bring the domain within the scope of the abuse policy, potentially rendering it liable to suspension, and that with certain limited exceptions as noted above, the nature of the suspected offence is immaterial.] The way in which Nominet might address a wider set of criminal activities within the policy should be examined under the policy process after an assessment and review of the policy's implementation.

7.     The policy should apply where:

a)     the nature of the alleged criminal activity creates a clear risk of imminent serious harm to individuals. This would include, for example, phishing, the unlicensed sale of medicines, and botnets; or,

b)     the domain is directly involved in the distribution of counterfeit goods.

Application and acceptable notification

8.     Domain name suspension by reason of its alleged use in connection with criminal activity should only be undertaken following a notification by a senior officer of a UK public law enforcement authority that has criminal law enforcement duties and has established a "trusted relationship" with Nominet under the policy. As such, notifications from private party or foreign law enforcement agencies should be specifically excluded from this policy.

9.     Where a foreign law enforcement agency wishes to make a notification to Nominet, this should be made through the usual mutual legal assistance channels and under a principle of double-criminality.

10.  Nominet should develop and publish, in cooperation with UK public law enforcement agencies, a defined framework by which UK public law enforcement agencies can meet the "trusted" requirements. In addition to the requirements outlined at 16(b), this framework could include training, agreements to make notifications under the policy subject to audit procedures, and frameworks to establish SPOC-type procedures.

11.  The ability to make a notification under the policy should only be available to those trusted UK public law enforcement agencies under the principle of "last resort".  "Last resort" is defined as the exhaustion of available alternatives before seeking a suspension via Nominet. Such alternatives may include approaching the registrant, the registrar, or the host.

12.  An acceptable notification must:

a)     Clearly identify the requesting law enforcement agency who must be recognised as a trusted law enforcement agency under the policy;

b)     Comply with the procedure set out in the policy and any published materials such as templates by Nominet;

c)     Include a declaration of an authorised senior officer on behalf of the agency that suspension of the domain is proportionate, necessary, and urgent and meets the standard set out in 7(a) or 7(b), and that the agency has exhausted available alternatives to deal with the domain;

d)     Certify that the evidence gathered to support the notification has been to a prosecutorial standard and that it is 'beyond reasonable doubt' that the domain is integral to the carrying out of the alleged crime.

Notifications, appeals and redress

13.  Nominet should take responsibility for notifying the registrant of the suspension unless compelled otherwise by law.

14.  Nominet must provide for appeals mechanisms that enable registrants to swiftly challenge suspensions, to seek remedy through the reversal of the suspension, and potential redress through the contract should Nominet fail to apply the policy correctly. In this connection, the issue group recommends that the Board make available the following range of appeals mechanisms for registrants:

a)     A transparent and independent appeals mechanism to assess and rule on Nominet's administration of the policy to which registrants may make an application. Such a mechanism should provide a swift and fee-free opportunity for registrants to challenge whether Nominet has correctly applied the policy. The decisions of the appeals body should be published and it may be helpful to look to Nominet's existing Dispute Resolution Service by way of example.

b)     The policy should enable recourse directly to the law enforcement agency that has originated the request. It is recognised that registrants may wish to resolve the basis of a notification directly with the respective LEA.

                                 i.         Only LEAs that undertake to operate a system of redress to respond to and resolve the registrant complaints within a swift and defined timeframe should be accepted as having a trusted relationship under the policy.

                                ii.         Only LEAs that undertake to publish complaints and their outcomes should be accepted as having a trusted relationship under the policy.

                              iii.         Nominet should cooperate with law enforcement agencies to agree what level of detail of information should be provided to registrants to facilitate direct recourse, but it is suggested that at a minimum the law enforcement agency and contact details of the senior officer who has authorised the notification should be provided.

c)     Registrants must also have the option of recourse to the judicial system. On the basis that investigations undertaken by law enforcement agencies should be to a prosecutorial standard, enabling genuine registrants who dispute a suspension to substantively challenge the notification is an important feature of a transparent and fair process. The policy should provide for a procedure where Nominet can require a court order from the law enforcement agency within a set period of time in order to continue a suspension where requested by a registrant. The procedure should include measures to prevent abuse.

d)     The policy should define under what circumstances the suspension of the domain might be reversed following remedy by the registrant. [Back to court order request by Nominet to LEA?].

15.  Nominet should publish data related to suspensions on a regular basis. At a minimum, this data should include:

a)     The name of the domain

b)     The date of the suspension

c)     The name of the public law enforcement agency generating the notification

d)     A statement of the nature of the alleged offence

16.  Nominet should publish an annual statistical summary of the:

a)     suspensions

b)     appeals

c)     categories of alleged offences

d)     requesting law enforcement agencies

that have been subject to the policy.

17.  There should be no implied obligation to act by Nominet and Nominet should not be restricted by the policy from acting under its existing procedures for breach of contract by a registrant.

18.  When the policy is operational, the Nominet Board should establish an independent panel to report on how the policy is working. It should also provide an assessment of the relative adherence to the policy by Nominet and UK law enforcement agencies.

19.  Nominet should hold further discussions under the policy process to review the acceptability and handling of third party requests for suspension.

20.  Nominet should communicate the outcome of its policy development to Government to inform its own deliberations in this field.



--
Jim Killock
Executive Director
Open Rights Group
+44 (0) 7894 498 127<tel:%2B44%20%280%29%207894%20498%20127>
http://www.openrightsgroup.org/







--
Jim Killock
Executive Director
Open Rights Group
+44 (0) 7894 498 127
http://www.openrightsgroup.org/



__________ Information from ESET NOD32 Antivirus, version of virus signature database 6539 (20111013) __________



The message was checked by ESET NOD32 Antivirus.



http://www.eset.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20111013/5e84e59a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1708 bytes
Desc: image001.jpg
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20111013/5e84e59a/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Draft recommendations short form v4.doc
Type: application/msword
Size: 45056 bytes
Desc: Draft recommendations short form v4.doc
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20111013/5e84e59a/attachment.doc>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20111013/5e84e59a/attachment.txt>


More information about the Ncuc-discuss mailing list