Ron,
I like the concept - up to a point.
It's not obvious to me that quick removal of a domain name is the right remedy.
We forget that DNS is about more than websites. My family network is
multi-site, glued together with VPN tunnels, with file sharing and many other
functions riding on the tunnels. If my domain name vanished, not only would my
external facing websites go down, but my entire network would vanish within
hours. In fact, there's a good chance that I couldn't access the file server
containing my DNS registration records.
A more appropriate remedy would seem to be directing the ISP to block ports 80
and 443 - and perhaps OUTGOING traffic to ports 25, 587, and perhaps 465.
(These being webserver http/https and e-mail smtp, submission & smtps.) The
webserver is where offensive content is served to the public; e-mail is of
course SPAM. At least that targets the offending functions rather than the
entire domain. And yes, ICANN does have leverage over the ISPs.
Another thing to note is that most individuals have exactly one domain name
registered. The abusers register them by the dozens. Take away one of theirs,
and they just move on. Take away one from an organization with more than one,
and they can fall-back to stay in business while they appeal - their network
will have redundancy. (Or if not, shame on them.) But take away the only
domain name from an individual or small organization, and they're out of
business - quite possibly with no realistic way to reconfigure even if they
bought another domain name. (E.G. getting on an airplane to reconfigure remote
routers so they can find each-other using a new/temporary domain name is a
non-trivial matter.)
I was actually considering registering a backup domain name with a different
registrar 'just in case' - but some cybersquatter saw that my .net name was
taken (by me), and immediately grabbed the .com, .org, and other useful variants
of .net. And I'm not willing to pay the greenmail. I'd like to object - but
I'd lose since I didn't register my network name as a trademark :-(
Thinking about this, I wonder if there shouldn't be a different standard for an
identifiable individual (e.g. who provides an accurate address, a valid national
identity document, etc) who holds 1 or 2 (or some number less than dozens of)
domain names and has never (or not within several years) been found to be a
network abuser or employed by one. I'm not saying that we shouldn't be
accountable for deliberate/malicious actions - but perhaps less severe/dramatic
action should be taken pending resolution. Perhaps there should be a guaranteed
period where the domain name remains in place to allow reconfiguration. Perhaps
the ICANN fee for replacing the domain name should be waived...not that it's a
huge sum, but it's a small way to recognize the difference between the predators
and the innocent errors.
I'm not exactly sure how to make such a scheme loophole-free - but there is a
real difference between the serial abusers and the individuals/small
organizations that have no intent to damage others and are just trying to live
their lives on the network... It would be good to see this recognized.
Your notion of a longer time to appeal is a step in that direction - but it
still seems to me that the whole concept that domain name = website = content
distribution = kill the domain name to stop content distribution is flawed.
Speaking of content distribution: Trademark rights activists would do well to
invest some of their energy into getting DKIM/SPF adopted by all the major
e-mail clients - including patches for popular older versions. Forged e-mail is
rather a larger problem - how many of us have gotten 'Urgent security patch'
e-mail from [log in to unmask] - where, of course, the header is spoofed
and the patch is a virus. I suppose they could de-register microsoft.com - but
that isn't the source of the problem :-) Seriously, authenticated e-mail
would solve many of the other abuses of trademarks - but despite the
technologies' availability for many years, no traction has been obtained. And a
small fraction of the energy that has gone into the name (de-)registration
efforts could solve that...
---------------------------------------------------------
This communication may not represent my employer's views,
if any, on the matters discussed.
----- Original Message ----
From: Ron Wickersham <[log in to unmask]>
To: [log in to unmask]
Sent: Thu, July 22, 2010 4:07:37 PM
Subject: Re: Comments filed today by American Red Cross
<[log in to unmask]>
A<[log in to unmask]>
<[log in to unmask]>
<[log in to unmask]>
<[log in to unmask]>
<[log in to unmask]>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
BOUNDARY="-9179517130817782464-473526808-1279829257=:30959"
X-Proofpoint-Virus-Version: vendor=fsecure
engine=2.50.10432:5.0.10011,1.0.148,0.0.0000
definitions=2010-07-22_06:2010-07-22,2010-07-22,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
ipscore=0 phishscore=0
bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx
engine=6.0.2-1004200000 definitions=main-1007220102
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---9179517130817782464-473526808-1279829257=:30959
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Thu, 22 Jul 2010, tlhackque wrote:
> I know we all despise the spammers and fraud-mongers.=C2=A0 And removing =
and=20
prosecuting them will all due haste should certainly be a goal.=C2=A0
However, let's also remember that many individuals register domain names.=
=C2=A0=20
Perhaps their family name - or their pet's name - or... happens to be a key=
word=20
in a advertising campaign in a language they don't know for a product they'=
ve=20
never heard of on the other side of the globe that they've never visited.=
=C2=A0 And=20
that individual happens to take a vacation when Megacorp's legal department=
=20
decides to make an issue of it.=C2=A0
I don't think 20 days is unreasonable - in fact, I don't think 30 days is=
=20
unreasonable if I=C2=A0had to respond to such a complaint.=C2=A0 I certainl=
y don't have=20
your organization's legal resources.=C2=A0 And I do - occasionally - take v=
acations=20
without reading e-mail.
Of course, I'd also like the spammers off the network in a microsecond or l=
ess.=C2=A0=20
But =C2=A0let's not amplify the leverage that the large/deep pockets=C2=A0h=
ave over the=20
individuals.=C2=A0 Let's not assume that only the guilty will get charged.
And let's remember that "non-commercial" doesn't=C2=A0just mean large non-p=
rofit=20
groups.=C2=A0 It's supposed to include individuals who who are registrants =
- and are=20
not engaged in fraud or 'problematic' use.
thank you for adding this comment. i concurr and as a member of the
individual section (as well as a member of very small non-profit orgs that
have no legal department) the issues are quite different that what i imagin=
e
the interests of larger organizations (be they non-profit or commercial).
for an individual or member of a small org. it's hard to imagine a
curcumstance when we would be filing a complaint, although presumeably
we would have the same right as a large org to initiate a complaint process=
=2E
still, the rights to trademark (as known in the USA) appear to be ignored
by ICANN processes, and only nationally registrered (and not state register=
ed
or equally legal non-registered federal trademarks are recognized), and=20
even more unfortunately non-trademark use of a string of characters utilize=
d
in a manner that doesn't even mention the registered trademark holder's=20
organization or products or services is held by ICANN's rules to be
sufficiently offensive to the registered trademark holder that the non-
infringing use can be terminated.
may i offer a suggestion that might serve the large organizations interest
in getting real abuse terminated rapidly, but offer fairness to the small
organization or individual that doesn't have the resources (either legal,
financial, or even decision making) to respond rapidly?
the counter side to short time to respond is a long time to appeal. for
an individual or small organization, without hiring consultants and legal
professionals, research and collection of points to make a legitimate=20
appeal of a decision unfavorable to them can substitue for large sums of
money. also an individual may have other factors, such as employment
duties, responsibilites to care for an ill family member, and so forth,
that make them unable to effectively respond in a short time to an action
to take away their domain name. and if they decide to hire a lawyer they
may need time to reallocate or collect financial resources while an
opponent large organization has legal council on staff, ready for action
and already on the payroll.
therefore i propose that a decision unfavorable to an individual or small
organization be appealable for a year or at least 6 months.
the interests of the party bringing the complaint is recognized since=20
during that time, the domain (and the content deemed offensive to the=20
complaintant) would be suspended.
but the interests of the indiviual or small organization to gather a
meaningful presentation of their position would be preserved by giving
them time to cover material unfamiliar to them, to research the literature
for information relevant to their position, to search for other decisions
supportive of their interests, and if necessary to gather financial
resources (or even the time to find pro-bono representation).
would not this balance the interests of "rapid" removal of real bad actors
while preserving fairness for those unjustly accused of being a bad actor?
-ron
---9179517130817782464-473526808-1279829257=:30959--
|
