Quoting Mawaki Chango <[log in to unmask]>:
> I agree with you as to forwarding your earlier message to the GNSO
> Council list, without further discussion on this list and further
> elaboration.
>
> Please note, however, that Robert Guerra sent a message with the same
> concern, you certainly are not the only one concerned. Here are my
> two cents:
>
> 1) If we want to go further on this, and I do think it is a relevant
> to do so, I would advise that we also request the "plaintiff" to
> explain and document how end users credentials of another network end
> up being disclosed on their web servers and pages, and based on their
> policy provisions what actions they have or should have taken against
> the person/service responsible of such misuse. Why nothing has been
> done in that regard, and contact has not been made with MySpace to
> inform them of whatever steps were taken to resolve that issue. As an
> end user, I wouldn't like to see my identity credentilas in a network
> service that I use be disclosed by any organization be it an NCUC
> member.
I am concerned less with the specifics of this case then with the
process generally. While it is useful to receive full information on
this particular incident, I believe it more importnat to focus on the
general concern tht this leaves far too much power in the hands of
registrars. Even if Go Daddy behaved entirely correctly, the next
registrar may not.
I would also very much like to know how Go Daddy determined what harm
would result from elimination of the name. How did Go Daddy satisfuy
itself that it's actions would not have caused significant harm to
innocent parties? Or did it really believe that the potential harm of
the released information was so great that it justified immediate
action regardless. And, if this is the case, what procedures did it
have in place to restore service to innocent third parties.
> 2) ICANN has reponsibility to do something there, while it should
> avoid micro-regulation and micro-management. At least because all
> this industry is highly geograpically distributed, and there is a
> void in many countries to that effect (the former explaining the
> latter, maybe.) As for issues such as the grace period, etc. ICANN
> could have a safeguard policy that would require a minimum of notice
> to be given and steps to be taken before any drastic measure such as
> shutting down a website. If necessary, provision could be made for
> the principle of subsidiarity wherever there might be conflict with
> national regulations.
Indeed, what the appropriate steps are is another conversation. It
may simply be enough to put registrars on notice that such behavior
will arouse regulatory scrutiny. It may be worthwhile to make a
formal request, either by the NCUC to the Registrar Constituency or
requesting that the GNSO make such a request, that the Registrar
community adopt a "best practcices" document. Or some form of
enforcement action via the ICANN process to prevent a name deletion
may be necessary.
Like Sitefinder, the question is not merely "what was the right thing
to do here," but "what is the process for ensurng that the right
result hapens consistently in the future." This need not take the
form of regulation (although that might ultimately prove necessary).
But it seems to me that it warrants rather more than "how do you even
suspect a registrar might act inappropriately."
Harold
> Just general ideas.
>
> Mawaki
>
|