RE: [dow1-2tf] Moving forward on "conspicuous notice"?
- To: "Thomas Roessler" <roessler@xxxxxxxxxxxxxxxxxx>, "Marilyn Cade" <mcade@xxxxxxx>
- Subject: RE: [dow1-2tf] Moving forward on "conspicuous notice"?
- From: "Steven J. Metalitz IIPA" <metalitz@xxxxxxxx>
- Date: Tue, 19 Oct 2004 09:06:42 -0400
- Cc: "Milton Mueller" <mueller@xxxxxxx>, <dow1-2tf@xxxxxxxxxxxxxx>, "David Maher" <dmaher@xxxxxxx>
- Sender: owner-dow1-2tf@xxxxxxxxxxxxxx
- Thread-index: AcS1OdA9e7MIGBrlRc2DZW34RWjyWAAoGxwA
- Thread-topic: [dow1-2tf] Moving forward on "conspicuous notice"?
RE: "by re-emphasizing registrant "consent" to practices that are
actually privacy violations."
Thomas, you may believe that current practices are privacy violations,
and I respect your belief. But you also appear to believe that if a
registrant consents to current practices, it is still a privacy
violation. That position is a lot harder for me to understand, at least
as a legal issue.
What seems to be beyond question (and not really a matter of belief) is
that a registrar that does not obtain the consent of the registrant to
the "current practices" is in violation of its contractual duties to
ICANN and is subject to losing its accreditation. I know that some
registrars believe that obtaining consent is irrelevant, unnecessary, or
some North American imposition on their right to process data without
asking for registrant consent. But those registrars signed the RAA and
are responsible for carrying it out.
I agree that dropping "consent" from David's proposal would not change
what is in the RAA. But adopting David's proposal would make it clearer
that we think obtaining consent is not a mere formality and would
improve the chance that the consent obtained would be informed consent.
I can understand why some registrars (who are currently ignoring this
contractual obligation) might object to this, but I think you
mischaracterize it when you call it "a cheap attempt to avoid actually
dealing with privacy issues."
And as far as your contention that consent is alien to the purpose of
the policy, I refer you to the TF2 preliminary report:
a) incorporate compliance with the notification and consent
requirement (R.A.A. Secs. 18.104.22.168, 22.214.171.124) as part of its overall plan
to improve registrar compliance with the RAA. (See MOU Amendment
b) issue an advisory reminding registrars of the importance of
compliance with this contractual requirement, even registrars operating
primarily in countries in which local law apparently does not require
registrant consent to be obtained.
c) encourage development of best practices that will improve the
effectiveness of giving notice to, and obtaining consent from, domain
name registrants with regard to uses of registrant contact data, such as
by requesting that GNSO commence a policy development process (or other
procedure) with goal of developing such best practices.
[mailto:owner-dow1-2tf@xxxxxxxxxxxxxx] On Behalf Of Thomas Roessler
Sent: Monday, October 18, 2004 9:08 AM
To: Marilyn Cade
Cc: Milton Mueller; dow1-2tf@xxxxxxxxxxxxxx; David Maher
Subject: Re: [dow1-2tf] Moving forward on "conspicuous notice"?
On 2004-10-17 23:24:31 -0400, Marilyn Cade wrote:
> I'm confused by this discussion. Consent is mentioned in the Sec.
> 126.96.36.199. Are we suggesting that the TF ignore the requirements?
> Sorry, I'm having trouble following what the purpose of this exchange
Please don't conflate the policy discussion this task force is having
with a discussion of RAA 188.8.131.52.
The topic in this particular discussion is conspicuous notice, the
stated goal of the proposed policy is increasing registrant awareness.
The topic is *not* striking anything from the current RAA's section
*Re-iterating* the consent requirement from 184.108.40.206 in the new,
additional, policy that we are discussing does, in the first place, not
serve the policy's stated purpose. Nor has any participant in this
discussion brought forward an actual policy objective that would be
served by adding "consent" to the new policy we are discussing. That
alone should be reason enough to stick with the original wording that
was focused on notice, and did not contain the consent element.
Further, I believe that it would be unwise for this group to move
forward with a policy that could be read as a cheap attempt to avoid
actually dealing with privacy issues by re-emphasizing registrant
"consent" to practices that are actually privacy violations.
For this reason, I would suggest to stick with David's wording on
conspicuous notice, without the words "and consented" in the last
paragraph, and move on to further working on tiered access.
Thomas Roessler * Personal soap box at <http://log.does-not-exist.org/>.