Here's an important change that seems to have happened on the sly. Anyone able to follow up on this and review the materials and develop a position? -----Original Message----- From: George Kirikos [mailto:[log in to unmask]] Sent: Sat 7/19/2008 2:25 AM To: [log in to unmask]; [log in to unmask]; [log in to unmask] Subject: Dot-Info Abusive Use Policy and NCUC Hi folks, Have you been following the .INFO Abusive Use Policy that was just approved by ICANN, without a public comment period and without widespread consultation (especially amongst registrants)? http://www.icann.org/registries/rsep/ http://www.icann.org/registries/rsep/afilias-abuse-funnel-request-rev-03jul08.pdf http://www.icann.org/registries/rsep/jones-to-afilias-18jul08.pdf I had written about it at: http://www.circleid.com/posts/86215_potential_danger_ahead_dot_info_policy/ as well as at: http://forum.icann.org/lists/registryservice/ I believe this to be a *very* dangerous precedent, depriving registrants of due process, providing poor definitions of "abusive use" (i.e. including words like "without limitation" that leave the definition wide open), and giving the registry the power to cancel domains at its discretion (instead of simply removing them from the zone file). It sets up the registry operator as police officer, DA, judge, jury and executioner. It also creates a precedent of removing the role of the GNSO in policy making, and instead puts it into the hands of the registries. There was an interesting article in Forbes from a few months ago that touched on this very issue: http://www.forbes.com/technology/2008/02/12/phishing-cyber-crime-tech-security-cx_ag_0213phish.html Even members of the Anti-Phishing Working Group were divided over the matter: "This is the equivalent of a death penalty for a Web site," admits Fred Felman, a spokesperson for MarkMonitor, one of the brand management and security firms that would be accredited by the program. "If we remove a legitimate e-commerce business from the Web, it could lose millions in revenue that doesn't come back." "Even so, the penalties for liquidating a legitimate site could be significant. "Who would be responsible for false positives?" asks Edmon Chung, who runs the registry for sites ending in .asia. "The devils are in the details. We want to help with this cause, but we need to take a close look at it legally." "Verisign, for instance, which administers the Web's millions of .com and .net sites, has declined to comment on the APWG initiative even though it is a member of APWG and has long supported the group's anti-phishing advocacy work. Tim Callan, a vice president for the company's security division, says that false positives have to be factored into the equation. "As long as there have been spam filters and blacklists, there have been legitimate businesses that get punished," he says." Afilias doesn't appear to have consensus amongst registars, either, according to Tucows: http://discuss.tucows.com/pnews/read.php?server=discuss.tucows.com&group=tucows.services.domains.general&artnum=37368 "This is definitely an issue we're actively involved in. It's a dangerous precedent, and I think that sentiment was largely shared among registrars at the Registrars Constituency meeting during the recent ICANN conference (Afilias came in to make a presentation on this new policy). We'll be working closely with the Constituency to address this issue." I would hope that this is something that would be of concern to NCUC, as there will be false positives, which can affect free speech, censorship, etc.. It creates an extremely dangerous precedent if it used as a template for VeriSign in .com/net or PIR in .org. I'm sure you've read lots of boneheaded and poorly written contracts coming out of ICANN, but this is simply one of the worst I've ever seen. The intent is good, but the language is horrible. Legal jurisdiction between countries is an extremely complex subject, and it doesn't seem that Afilias has even considered the ramifications, nor have any expertise in the area. We've seen how long the UDRP is, describing a process for one type of abuse, yet Afilias thinks this poorly worded contract has the proper checks and balances for all other "abuses" that it decides to label in its own discretion? Ridiculous. I plan to file a formal reconsideration request. I hope that if NCUC sees the dangers in this proposed contract for its constituency, they will do something or speak out (or perhaps join/support a reconsideration effort). Due process is at stake. The proper route would have been for Afilias to create a consensus policy, working through the GNSO, but instead ICANN approved this half-baked policy. Sincerely, George Kirikos 416-588-0269 www.LOFFS.com