The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record.
>> FARZANCH BADII: Hi everyone. Welcome to the noncommercial users constituency workshop about content regulation and private ordering as Internet Governance institutions. Noncommercial users constituency is a constituency of ICANN, Internet Corporation for Assigned Names and Numbers. We have seen in the Internet field that there are many private actors and platforms that get engaged with content regulation and takedown of content. We want to avoid that at Internet Governance institutions. And in this session we are going to focus specifically on ICANN and how it might get involved with content regulation, and why it should not get involved with content regulation and how that affects freedom of speech.
So on this panel we have Becky Burr from the ICANN board who can make real decisions. And we also have Brian Cute from the .ORG registry. And he is going to talk to us about the contractual relation of .ORG and ICANN, how that affects their decision on content takedown and their general decision on content takedown.
And we have Tatiana Tropina. Tatiana is a noncommercial stakeholder group counselor. And also she is a cybersecurity and cybercrime researcher at Max Planck Institute. She is going to tell us more about how Domain Name System abuse attempts at ICANN can sometimes lead us to content regulation.
And my name is Farzanch Badii and I am the Chair of the noncommercial stakeholder group. I used to be the Chair of the noncommercial users constituency.
And we have Milton Mueller, cofounder of NCUC. And we also have two remote panelists, Annemarie. She has recently written a very intriguing paper about how ICANN actually gets involved with content regulation. And we also have Tim Smith from the Canadian Pharmacy Association who will talk about how policies of ICANN can affect content regulation and domain name takedown.
So without further ado I'm going to go to Annemarie. Annemarie is going to be online. So if you could put the headsets on your ears so that you can hear her. And Annemarie, if you could start your presentation that would be great. Thanks.
>> ANNEMARIE BRIDY: Sure. I just wanted to take a few minutes to sort of overview the Article that I wrote. So everyone knows that ICANN has been involved almost from the conception resolving disputes over trademarks in Domain Names. But ICANN has never been involved in adjudicating over copyright or any other kind of content on websites. Public messaging on that point has always been very clear. That line in the sand shifted though in 2013 when ICANN adopted contracts, DNS and intermediaries from to fill a level scaffold for privacy order and trademark notice takedown within the DNS.
So that contractual scaffold is located in the direction of a new ICANN registry called Specification 11, public interest commitment. Specification 11 requires every new ccTLD registry operator to pass along to registrars, require registrars to pass along to registers a contractual provision prohibiting privacy on counterfeiting and providing consequences, requests for breach including the expansion of domain names.
So copyright and trademark holders have taken the position with ICANN that registrars have to not only include this passalong provision in their contracts with registries but also have to enforce it by extending Domain Names in response to notices of abuse of rightholders. They are registrars out of compliance with their contractual commitments to ICANN.
So far ICANN has extended registrars on getting court orders before they suspend Domain Names for alleged private sites. Compliance are on significant and continuous pressure from rightsholders on this point. And I guess the folks in the room who are from ICANN can speak to that better than I can.
The other important development I want to highlight with respect to migration, content regulation to the DNS is the 2016 trusted notifier arrangements between Donuts and the Motion Picture Association of America. That program allows Donuts, which is the registry operator of hundreds of new ccTLDs to bypass registrars and send Domain Names at the registry level if a registrar refuses to take action in response to the MPAA complaint.
Donuts is designed to its discretion without any public legal process which Domain Name should be suspended or cancelled. So together I think the trusted notifier program represents an unprecedented expansion in to content regulation at the Internet's application layer by DNS and intermediary. And those of us who believe that ICANN and intermediaries should limit their limits to IANA functions I think these are troubling functions. That's my summary of the Article.
>> FARZANCH BADII: Okay. Thank you very much. And so considering what our major, how can this affect freedom of expression?
>> MILTON MUELLER: Okay. So the ‑‑ has done a great service as a lawyer by analyzing the relationship between ICANN's new RA ‑‑ registrar accreditation agreement and particularly spec 11. We do know that at that period of time 2013 ICANN was under enormous pressure not only from copyright holders but from law enforcement agencies who wanted to effectively make the domain names who are Internet intermediaries take on responsibility of enforcement. This is a big push by the Intellectual Property interest as well as law enforcement to push more and more responsibility on to intermediaries. We see the same thing happening now with the big platforms, Facebook and so on and Twitter in which people who want to control or sensor certain forms of speech are expecting the intermediary to do it for them.
In the U.S. we have this principle of ‑‑ regarding content posted by their users. Now generally free speech advocates have very strongly supported this principle of intermediary immunity. We don't want them to be acting as a gatekeeper who will be essentially filtering what comes on to their platform in an extra legal way. That is very simply are afraid that they might get in to trouble so that minimize their costs by blocking or preventing things from being costed that might get them in to trouble regardless of whether they are illegal.
So in relation to ‑‑ for freedom of speech are not good, if we extend this principle in to the Domain Name System. Now since 2013 I think there has been a lot of pushback in the ICANN environment. ICANN has a mission statement that prohibits it from getting involved in content regulation. Unfortunately some of the earlier arrangements were grandfathered. So that, for example, certain kinds of contractual commitments registries made prior to the new bylaws being passed in 2016 will still be in effect but going forward no more of these agreements are supposed to be possible.
I think in all the discussions intermediary responsibility and immunity Domain Name System tends to be overlooked but it is one of the real bottlenecks and choke points that people try to assert control. And one of the purposes of this panel is to bring ‑‑ raise awareness among people about the importance of domain system and ICANN regulation in this area of overlapping in to content regulation.
>> FARZANCH BADII: Thank you. So Becky, do you think that we are at risk of ICANN ‑‑ at risk of content regulation at ICANN?
>> BECKY BURR: Thanks for the question. I wear several hats here. And I want to start by putting those on the table. I remember the ICANN board. I also was the lawyer who negotiated the registrar accreditation agreement in 2015 on behalf of the registrars. And I am employed by Neustar, which is a registry. Just so that everyone understands the perspective I am coming from, I was at the table when the very first registrar accreditation was negotiated between Verisign and ICANN. And the world's ‑‑ in specification 1 with prohibition on content was very important. And as I said ICANN has refrained from regulating content from doing any of those things. I understand the concern about the trusted notifier system in the following way. I think that at one point Fadi took a little credit for the trusted notifier decision. And I tend to think that he may have been taking credit as opposed to an actual ‑‑ an actual ‑‑ I certainly as a registry never felt any pressure to use one of those systems. I have views on the systems that we can talk about. But and, of course, the mission statement is going very clear.
Now with respect to picks, with respect to the provision in the contract that says that you will require registrars to flow down ‑‑ to include a prohibition, I think that ICANN's track record on enforcement of that provision is ‑‑ is very clear. Obviously if the provisions were not formed down that that would be a violation and that this have not stepped in to intervene with respect to whether or not the provision is being enforced. And with respect to the picks, if you look at the standard picks, I think that the only standard pick that could potentially be argued to violate the bylaws is not the content at all. It is a ‑‑ it is the one that prohibits closed generics which is ‑‑ because that just wasn't ‑‑ that wasn't a piece of policy that was developed by the community.
But the other standard picks are pretty straightforward and I think quite reasonable and don't touch content. So I don't think those create an issue. There were some folks who put a lot of promises in to the voluntary picks. I agree that some of those are problematic. On the other hand, you know, they put those in on a voluntary basis and they were actually quite voluntary because there were a lot of registries in the room who said we are going to have a set of standard public interest commitments. We are going to negotiate them and understand how they are going to be enforced. This way is a disaster. But some ‑‑ some registries did put those in and they made commitments that ‑‑ about things that frankly are outside of ICANN's mission statement. I don't believe that ICANN has been called upon to get in the middle of those yet. And I think that however ICANN does it, ICANN will be careful and extremely mindful of the prohibition on content regulation.
There is a kind of funny thing though that just to be clear, people throw those picks in because they wanted to get a contract. And they thought they were going to get a benefit from it. And they got in line to do that. And so from a contractual point of view completely outside of the content regulation, there is a ‑‑ there is a disconnect and a bit of discomfort about why people should have been able to make commitments to get in line in front of other people and then not have to live up to them. So that's not about content regulation. It is just about sort of equity.
So my view is that ICANN is extremely clear about the content prohibition. There are some situations in which remaining faithful to that prohibition could be difficult but I see no interest in ‑‑ on ICANN's part in weighing in on that.
>> FARZANCH BADII: Thank you very much, Becky. So there are some concerns. It is not like that we are here for nothing. Okay. Great. So thank you very much. If Tim is on the panel ‑‑ he could make his intervention.
>> TIM SMITH: Can you hear me?
>> FARZANCH BADII: Yes, we can.
>> TIM SMITH: I wanted to talk a little bit about trusted notifier from our standpoint, the national pharmacy standpoint and a statement about the ‑‑ their agreement between APO and (?). We are watching the ‑‑ helping the domain name association. And ‑‑ notifier show up there. Something to be moving forward and, of course, we already need to observe most places is where our attention is. Where we define that, include evidence. And in general doesn't have too many concerns with voluntary initiatives or some private forum. We do have concerns ‑‑ become trusted notifier. And so that's an issue that we have with the healthy practices as they are stated. That we are a member and an associate member of bla.org with the domain name association. Hopefully we can have some participation in the way of healthy practices. But I guess just to state about licenses where they dispense medications that are approved by the health authority where ‑‑ when we ‑‑ and to reply about the regulations the way we operate.
As a matter of fact I guess we are our own self‑regulatory body and do our own private ordering because not everyone can become a member of our own association. Not only one pharmacy meets our standards. So that's just a notifier. Moving forward if not properly managed, I think can be a concern for legitimate operators on (?). ICANN, too, we know the concerns that they have. Is the way in which dot com and where I serve at that pharmacy industry was related to trade based association to manage a global resource and why we see something like a dot pharmacy having potential to becoming a trusted destination for Internet users seeking legitimate R1 pharmacy services. What we see in their registration criteria is ‑‑ becomes sort of a domestic marketplace and traditional marketplace if national (?) around it.
Rather than being reflective of the way that people use the Internet today which is to cross borders, define medications that the user wants, trustworthy or can afford it, and without pharmacy criteria doesn't reflect what is value ‑‑ people who have had benefitted from being able to attain medication from the pharmacy. So I have seen that as the content regulation as well by restricting what could be a trusted domain name to a small group of very restricted criteria.
>> FARZANCH BADII: Thank you, Tim. Now we go to Brian. Can you tell us how the contractual relations between para and ICANN can affect your governance and content takedown? And also if you could add on your strategy of taking down content.
>> BRIAN CUTE: Thanks. Can everyone hear me clearly? Thank you. So to start at the beginning the public industry registry doesn't believe that registry operators should be arbitrators of content on the Internet. That's a principle and belief. And when we address the question of do we take down a dot org we tend to focus on principles. And we do have a takedown policy and practice that we have ‑‑ is very robust and that we followed over the years with those two principles at the heart of it. What we articulate within our abuse and takedown policy when we talk technical abuse of the DNS. That's an important distinction. Keeps us away from content where we don't think we should go, phishing, malware, Botnets. That's how we approach this takedown of content and what we try to manage rightfully as a registry content operator of ICANN. And with every rule there is always an exception. So all the one content exception I can speak to is child pornography. We do take that down. We have a process for that. It is illegal and unethical and we think that's an appropriation exception to don't touch content.
The question of content that's raised recently with some events in Charlottesville, Virginia, in the Dudley store site was around hate speech and hate speech as repugnant that that that is protected speech. We wouldn't take that down. However exception, U.S. law and if reside in the U.S. legally, if there is a clear and specific call to violence within hate speech we take that down. So there is lines, there is very careful exceptions and that's how we try to manage the line between content and DNS technical abuse at public interest registry.
What we see is the bigger concern and the concerns that are on the table about ICANN and contracted parties, which are fair to discuss, is the environment as we know as registry operators, as service providers and registrars. There is increasing Government pressure from many points from registries, from registrars, for other service providers to take down content and that pressure is increasing. On the other hand, you see operators putting forward a trusted notifier model. That's their right. That's their prerogative. And we see a trusted notifier model as a way to manage their zone, but we look at the model that's out there and say we don't think that that addresses due process as fully as we think those principles should be addressed.
So as operators in that environment and increasing Government pressure and other service providers offering models, we think it is incumbent on us to think about what are the right approaches to this very thorny question. We have the example of the cloud fairy CEO who wakes up one morning and says I don't think that site should be on my platform. That's not the approach. There should be thought and process to that. In the last year we had been socializing with, discussing a potential policy to address systemic copyright abuse. In that frame we were considering an abuse, a type of abuse which was illegal on its face. And the clear purpose of the site is to perpetrate systemic copyright. We were discussing that condition ICANN and other fora with stakeholders. You see a lot of important feedback and clear feedback from stakeholders. And last year we decided to pull back from that effort and reflect. And what we are reflecting on right now in addition to the challenging environment that we all have to address one way or the other is as a service provider, as a registry, also as a service provider, if you are going to be adopting important policies of this nature, what process do you use. The policy we were considering was not a policy that had to go through the ICANN process at all by definition under the contract. Not within ICANN.
So if that's the case and we are providing global service what should the proper process be for engaging stakeholders, putting together inputs for defining what the policy could be and making a thoughtful decision at the end of the day because we believe we can't sit back on the sidelines while discovering pressure increases and bad regulation comes down and other service providers offer models that I woke up this morning and don't think this content should be on my platform. Consumers can vote with their feet. That's still a choice. We don't think that's the right model or approach. And we need to be talking about what the right process to these questions is.
>> FARZANCH BADII: Thank you very much, Brian. I am going to leave the questions for later, after Tatiana's intervention.
>> TATIANA TROPINA: Actually can we ask Brian something before our intervention?
>> FARZANCH BADII: It is about how DNS as far as ICANN can affect content regulation.
>> TATIANA TROPINA: Thank you very much. So I think that despite the fact that it is clearly outlined in ICANN's mission that ICANN is not going to get root in content regulation, but I believe some of the initiatives that are going on in the ICANN organization and ICANN community are actually kind of providing some driving force to the debates which bring us back to the content regulation issues. And one of them is the DNS abuse. And starting from like what kind of DNS abuse should be reported to ICANN and analyzed by ICANN. And secondly what kind of actions ICANN registries and registrars should take in relation to this DNS abuse which is not properly defined. Like, for example, at the recent ICANN meeting the community, cross community session discussed the DNS abuse reporting and even during preparation for the session it was so clear that the views of the community are not matching at all because there are some voices that we should add. For example, child abuse images to the abuse that has to be followed by ‑‑ to ICANN despite ICANN's limited mission.
Those who advocate for copyright, nonsustained copyright abuse to be reported to ICANN make some argument that, for example, pirated material can contain some links to malware and raise technical abuse. So to me it doesn't sound like an argument I would buy personally, but there is a lot of option to sell this argument also because from 2013 does not define illegal in a narrow technical sense. And so we do struggle with ICANN, first of all, with this notion of DNS abuse which ICANN always says has to be made to now technical mission but made some of the parts of the community which represented and many members may not agree with these.
Notion of preventive approach and how ICANN registries and registrars should react to the abuse reported. Should we take actions or not and should ICANN coordinate these actions. And while it is clear for many community members that DNS abuse can be beneficial, portion of ‑‑ reporting on DNS abuse can be beneficial while you can analyze this data and see the risks and so on. Between collecting the data about DNS abuse and taking actual actions, the reports, there is some steps, like due process which are almost never considered during these debates. Like we think that DNS abuse is happening and we have to react but what is in between how ‑‑ what is the trusted source to report about DNS abuse. How many reports should be there. Should registrars and registries, content of their abusers, these steps are almost never discussed and just ignored because we ‑‑ from the fact that abuse is happening to the ‑‑ to the notion that we have somehow to be preventive to react to this. What is needed here is the clear and narrow definition of DNS abuse, technical definition related to ICANN nation. And now I hear a lot about ICANN and a lot during this content regulation and becoming a common abuse and this is supported by the board.
I really see that DNS abuse is kind of a way to circumvent depending on what abuse could be reported and what actions could be taken upon this. What we also think what is missing here is that I don't think ICANN registries or registrars is the right point to tackle DNS abuse. Technical abuse probably maybe. But in these discussions where we forget frequently there is a domain of law enforcement. And I don't believe that takedown ‑‑ website takedown or domain name takedown will help to catch the criminal. Probably not.
I see your face. I think that you can intervene and argue with me if you don't believe in the fact that it is the mode of law enforcement to catch the criminals. They strongly believe in this. I do believe that it is only we who know the due process, but it is the function of criminal work and criminal procedure law. And we should not replace it with the private judgment with no borders. Thank you.
>> FARZANCH BADII: Great. Are there any comments or questions? Did you want to say something?
>> My name is Caden. I am a hosting provider that totally disagrees with Tatiana. This concept of due process and everything else is ‑‑ I have no issue with the concept but the reality of it is as a hosting provider I have a duty of care to my clients and that means that my clients need to be able to use our services if they pay us for hosting or pay us to send e‑mails. They need those e‑mails to go to the destinations. So what that means in real terms if we find people abusing our hosting platform we are going to shut them down. I am not going to start getting in to questions of due process. Signs up for hosting account with us using a stolen credit card, probably a stolen identity and within 25 minutes of signing up has started sending out huge quantities of Spam, of phishing, phishing e‑mails and many other kinds of charming things. If you want me to have due process for that kind of thing, I am afraid there is nothing for us to discuss because it is not just going to happen.
>> TATIANA TROPINA: I think that we are talking a bit of a different thing. And now I was mostly talking about judgment about content. Having due process in your company and taking down whatever you want, you can do anything with regard to content. I don't care. You know, if you don't want anyone to put the pictures of tomatoes and host them on a website which is on your platform, I don't care what kind of rules you establish and what kind of due process you will have. But I do care when all of you come together at ICANN and decided ICANN might establish the rules for this, this is where my hard stop is. What you do in your own personal platform or registries or registrars it is your private domain. Do what you want. And the law gives you this opportunity.
>> PARTICIPANT: So I want to go a little bit further than Tatiana and I would still care what you do on your private hosting platform in terms of due process. We have a set of principles which suggests that yes, of course, you can decide you don't want to host pictures of tomatoes on your platform, but if you do, you have to be transparent about that. You have to have a process so that if someone actually has zucchini and you take that down, they can't say that hey, that wasn't a tomato, that was a zucchini. In cases where the content is seriously illegal that can be adapted. Regardless of whether it is your private platform you should still ‑‑ legal ‑‑ you can do whatever you want. There should still be a process so that people have predictability and accountability in terms of what happens to the content that you are hosting for them. And the second point that I want to make is a question to Brian. Do you think ‑‑ so as you may now I was one of the ‑‑ as you ‑‑ I was one of the people who raised concerns about the copyright policy that you are considering. And I was wondering whether you would do it differently this way if you were considering putting up a policy whether ‑‑ whether it is on copyright or pharmaceuticals or something else. Would you do it in the same way or do you think there were some mistakes that were made and you might do it differently next time in terms of process?
>> BRIAN CUTE: Thanks for the question. And there were some mistakes that were made from my perspective in this lens at least in engagement. I mean that we understood we were considering a new abuse policy that didn't fit within ICANN's processes. We didn't have to run it through a PDP process. We won't have that obligation. It will involve ICANN. So we went about attempting to engage stakeholders both at meetings inside and out ICANN and inside ICANN and outside of ICANN in a period of about 18 months, but we looked back at that and said that just wasn't the best approach. And so to answer your question I think we would do that differently. That's why I tee up that question. What process should a service provider use or engage in and again this is an individual choice. Other service providers can do it differently. But how would we engage so that stakeholder input is heard and understood and that a rational outcome is there and the right approach is what the outcome is.
>> FARZANCH BADII: But in some noncommercial we had constraints was ‑‑ issue with state and asked not to go ahead with that systematic copyright alternative to speech resolutions. So some stakeholders groups are in a position to this policy and we frankly don't think you should get involved or even come up with the idea that another third party should get involved with the speech resolution about copyright. When you see such a position which I understand that you argue that, but there is a lot of Government pressure to go ahead with these dispute resolution mechanisms. Does that mean that even after your stakeholder groups and those who are interested will tell you that we don't want an alternative dispute resolution for copyright or go ahead and adapt a policy?
>> BRIAN CUTE: To answer your question we are thinking about that. Again we ‑‑ we are being pulled back from it and reflecting on what the right way forward would be. With respect to any policy whether it was systemic copyright or any other policy, when you say third party, we think neutral third party with due process embedded at every step of the process and neutral third party that has the expertise and acumen to make a decision and is not invested in the outcome. We see a distinction between some of the models that are beginning to surface. So from a principles' perspective that's what we are thinking through. And whether it would be that policy or some other policy, the important point due process are not the center of it for our approach. And we want to make sure that an engagement for stakeholders is appropriately done.
>> FARZANCH BADII: Becky.
>> BECKY BURR: So I'm going to put on a hat that's entirely different than any of the ones that I disclosed and he is laughing at me. When I was in private practice, I had a company, a client whose company was a financial institution. It was actually a B‑to‑B financial institution. They had their ‑‑ the entire content of their Web page copied and posted with a domain that was similar but not the same. Soandsofinancial.co.uk is what it was signed up as. And it set up the functionality of the website pretty cleverly. So it texted hundreds of thousands of UK consumers with a message that said your loan documents are ready. Please go to dot dot dot to sign up for your loan documents. A lot of consumers, in fact, did respond to that. My client asked me to figure out how to stop that. So I, of course, we called the hosting company. The hosting companies took it down. But they appeared the next day. We called registrars. Registrars took it down but it appeared the next day. We called registries and finally after a week, it took a week to do this, the consumers were being affirmatively harmed. It wasn't ‑‑ but the thing that was incredible to me about it was I spoke to ‑‑ I spoke to the heads of the different registries and registrars that I spoke to. I used my personal relationships with them to get this dealt with.
There was essentially no system for dealing with this kind of thing within the registries and registrars that I was talking to at that time and it was some time ago. And I sort of felt like well, if it took me a week to solve this problem, what would it take somebody who is not familiar with it. Wearing my hat as a registry operator like Makali I will take stuff down and I do think we have an obligation to protect all of our customers and users out there.
So the ‑‑ I just think it is a more complicated issue than one might think because there is lots of different kinds of content. So I just wanted to say I'm with Makali. If something is harming consumers, I'm going to take it down. If it was completely obvious to me that it was entirely stolen, I would probably take it down, too.
>> TATIANA TROPINA: Excuse me, can I quickly ask this question. Not the ICANN hat, regarding takedowns, but would you like ICANN to tell you what to take down?
>> BECKY BURR: No, I would not like ICANN to take ‑‑ to tell me what to take down. And if Makali or anybody else was to come to ICANN and ask for a system that did that, I would resist it entirely. And I think that the private ordering issue is what's really at stake here. Registries and registrars are commercial actors who have the ability to address issues that they see abuses that they see on their platforms. ICANN should not be involved in that when it is content. And as wearing my board hat, if anybody was to come and ask for that, I think I would certainly say no and I think all of the board members that I work with would say no and I think the ICANN organization would say no.
>> MILTON MUELLER: Now that we get in to the heart of the issue, yes, in the real world at the Internet operational concerns dictate rapid action many times. And the way the ICANN regime approaches this is to give private actors a lot of flexibility to act on a contractual basis with their customers and hopefully there is enough competition among actors to prevent them from abusing this power. And if they take things down randomly, arbitrarily in really an objectionable manner then the customers go elsewhere. So I think we could probably agree on that. And maybe some people who think ‑‑ probably Europeans who think that that should be statute rather than contractual. But I think the problem comes when the Government steps in and puts pressure on a private mediator that is external to the market. Nothing to do with consumer demand or supply.
And I guess my first question is to Brian is sort of like you mentioned this pressure. What form does this take? Are they threatening you and visited by black helicopters and taken away from Guantanamo Bay, or are they coming in the office and saying you have a nice business and it would be a shame if something happened to it? I am wearing my ‑‑ I have a Christmas hat that has like a snowman with a can on his nose and that's the hat I am wearing now.
>> FARZANCH BADII: Thank you very much.
>> BRIAN CUTE: Thank you, Milton. I think we have all sensed this and we do that approach. We are very rigorous about requiring court orders, requiring subpoenas. We have a very clear legal process for takedowns. We publish what we do on our website in terms of those types of takedowns. And since we are sitting in the UN and a little bit of diplomacy is warranted there are certain Governments who we have all observed, service providers to take content down within their jurisdiction. There are some approaches and laws in different jurisdictions that are putting pressure on us without naming names but yes, this is something that we ‑‑
>> MILTON MUELLER: Tell us more about the way that they exert pressure.
>> BRIAN CUTE: It is usually a request for assistance and typically there is something criminal or illegal or think about, you know, a Botnet attack or anything. That's a very good example of something that's healthy that we do. That addresses technical abuse of the DNS working with law enforcement and is a clear Botnet that's about to be launched. That's on the technical abuse policy practice resident we think is appropriate. Absolutely. And sometimes there are requests for assistance and our practice has always been court ordered subpoena. Get us the necessary papers under the law that are required and we are happy to work with the government. When we receive requests for takedowns from outside the U.S., which is our home jurisdiction, we insist that those orders for papers be domesticated in the U.S. court in Virginia where we reside. We rely very heavily on process, on due process on rule of law in terms of what we do, but the pressure is real even if there aren't any black helicopters.
>> PARTICIPANT: Edmond Chung here. We are quite supportive of the position that ICANN should stay away from this and registries as much as possible to stay away from it. Building on what Brian was saying there are some realities in terms of like child abuse material, some realities about the hate speech stuff that is coming down the pipe that the question I want to bring out is whether there was a big pushback that nothing of this sort should be discussed at ICANN or Forum related in some kind of policy guidelines in ICANN. What about the types of due diligence that need to be done by registries and registrars to take those down. I sometimes think about whether that might be a good idea to lay out actually the types of due diligence that should be in place. And here's an example, recently that is a growing situation that I think it would warrant some interesting thoughts. And sharing it hopefully makes sense to everyone. And it is about phishing and it is about brands at the same time. Here what's happening in the world today. These systems are automatically picking up domain names and seeing if it contains a brand name. And the brand takes a look at it and they file something to the registrars and increasingly they are tagging them as phishing sites. So what happens is that once they attack phishing sites then registrars take notice and they do something.
And recently there has been a couple of cases that on the third level domain, a brand, imagine brand dot and it is a financial institution, brand dot domain, dot TLD and was filed as a phishing report in to the registrar. The domain owner happened to be my friend and that's why I kind of came to know about it. They noticed the registrant for a couple of times within 24 hours and then the site was completely taken down. What happened was that the poor person was running a domain that actually provided services to many clients that they put on the third level domain. And so they have lots of third level domains that are "brand names" and this one just happens to be a financial institute. And they were setting up a demo site and, you know, they were taking down.
It took the ‑‑ it look like what Becky was saying, it took me about 12 hours to get the site back up, but I can imagine if it wasn't somebody who was in the industry it is going to take days. And they would have lost a lot of business. Probably the business will have to go somewhere else or change the domain. So that brings me to the question of, you know, since all this thing is coming in and just by saying that, you know, we are only taking care of domain abuse in the technical sense may not be so clear‑cut anymore, especially with these type of situations.
So the question again back to ‑‑ is there some reason that that ICANN community should actually address this issue and think about what the takedown process and due diligence ‑‑ due process should be for registries and registrars to actually take action because right now yes, it is kind of good that we each do their own thing. But, you know, is there some merit to think about a more uniform approach.
>> BRIAN CUTE: I just want to say DNS is a classic case of the ‑‑ there should be some kind of liability and responsibility for the person claiming abuse, right? When somebody abuses the process by calling a standard kind of overexpansive trademark claim, a phishing site and triggering all of these actions could there be some kind of liability for doing that. I mean I am not sure what kind of legal mechanisms would have to be involved but that's a form of abuse. Right?
>> PARTICIPANT: Not just that retribution but the due process that should be in place at the registrar to "fight" these type of requests.
>> FARZANCH BADII: Okay. Thank you. You have a comment. Put your headsets on.
>> ANNEMARIE BRIDY: My question is for Brian. It has to do with the copyright protocol that the public registry pulled back from last spring. And my question has to do with the gains, that copyright holders are going to the U.S. courts and getting courts to issue injunctions that are vital on all accounts and search engines. We are going in to court and violating copyright infringement suits and getting to the preliminary injunction stage and getting relief in the form of injunctions against all of these different intermediaries. I am thinking of the Siad case and also the records against (?) and some of the higher profile cases in the last couple of years.
So my question is you guys, that pretty far down the road with this seen with the teams and before you pulled it back and I guess this question is whether it is a little bit ‑‑ how did you become convinced that the copyright system is broken? You talk about how you guys rely on due process and court orders and you feel like that's the right process. And it seems to me that in direct courts and also abroad, rightholders are able to go in to court and get pretty quick injunctive relief, that courts combine registrars and registries and other types of intermediaries. I am wondering where the sense of brokenness came from and to get it so far down the road with an alternative dispute going in to protocol before you pull back from it.
>> BRIAN CUTE: Thanks for the question. And I'm not sure I understood the first part of it. There was some problem with the court system and cases that are being filed which would be important if that's the case. Again we rely on the due process rule of law. And we rely on court orders for takedowns. And if there was something not working in the judicial system appropriately, that would be a concern. We expect the courts to issue rulings on these matters. With respect to the copyright it is not deciding the system is broken. It was looking at a very narrow instance potentially with clear purpose of a website was to engage in systematic copyright abuse. It was an area that is akin to something that's illegal on its face. Think of a website that offers nothing but stolen credit cards. We have taken those down because they are illegal on their face. It wasn't a decision that the whole system is broken. We rely on the court and return and due process. And where there are opportunities to develop models that embed due process, that address an area thoughtfully, and that respect the rule of law and where a decision maker doesn't have a vested interest in the outcome those are the types of laws that we think the community should be thinking about.
>> PARTICIPANT: He didn't mean under the auspices of ICANN.
>> FARZANCH BADII: So I ‑‑ I hear a lot about respecting and protecting your customers. And I hear about the damages and harms that can be done to the customers when you don't take down content, but I do not hear a lot of things about how you actually harm freedom of speech and freedom of expression when you take down content. Are you worried about that?
>> PANELIST: Thanks for picking on me. It is my own fault. Freedom of speech, first off freedom of speech is not something that's global. I mean under the U.S. law there are heavy protections but those protections don't extend globally. We have an Irish company. We are subject to Irish law. Myself I have had several cases that involve blog posts that I wrote that are my own opinion and then categorized as highly defamatory. And my external counsel said I know you are going to hate this but can you please take this down because there is no way we are going to win this in court. When we see cases where rightsholders try to suppress speech by using Intellectual Property laws to shut stuff down, so, for example, we have an incident involving a small community group that was protesting against the construction of something, I think it might have been a factory or something else which was going to spew lots of charming gases in to the local atmosphere. They used a slightly modified impression build there that was built in the factory. And that company tried to get us to shut it down and we didn't and we wouldn't. For those cases what we will do is very similar to Brian we are going to politely say sort it out between yourself and then don't ask us to clear arbitrator. That's not our role.
And secondly, if you want to enforce everything you are trying to enforce, back that up with the actual paperwork in the correct jurisdiction. So then going back to the thing about the Government pressure, the recent Catalan referendum. We received multiple requests from the parts of the Spanish governments. We quite unhappily would have complied with them if they had domesticated with Irish law. If I was to do that it would never end because we have had the same from other Governments and the same from law enforcement agencies and other jurisdictions. That doesn't mean we are going to ignore certain types of things. But we are not interested in player arbitrator of what free speech is legal or not legal.
The thing I find kind of disturbing on the system of these conversations is that, you know, it is the thing around definitions which I think some people have mentioned. Some of the work that Tom and Dapel has done with the jurisdiction project has been helpful in drafting some kind of guiding kind of concepts and everything else. May not agree with all of them but it is giving some kind of boundaries around that. If we are the registrar of record but not the hosting provider we can only turn a domain off. We have no way to turn off a subdomain or a page. I have a completely binary decision and it is the same for Becky or Brian as registry operators. Some of this conversation needs to evolve to a point where you don't have a situation where somebody takes down an entire domain because of one bad subdomain. Or somebody, a workforce to take down an entire domain because of one page.
>> FARZANCH BADII: Thank you. Yes, go ahead.
>> PARTICIPANT: Roberto for the record. And I am speaking entirely in my own capacity and taking further responsibility for what I am saying. So take me down if you want. I was thinking while this discussion was going on I was thinking at what Larry that happens to be to my left said in a previous session about the process that brought then ‑‑ that was very successful, that migrated the authority of the U.S. administration. That had a big implication. There was a community effort. And there were lots of people that had different opinions. And then at one point in time some Consensus was reached. And we could progress because there was the willingness by way of the parties to come to us to a conclusion. So we are all aware that there are strongly, deeply different opinions in different parts of the ICANN community and the outside world. Because we shouldn't forget that outside the ICANN community there are other people that are affected by the decisions about content, about the way, you know, things should proceed about, whether there is going to be takedown and what circumstances and so on.
We are also aware, all of us, that there is at this point in time as under the eyes of everyone that there is increasing pressure with the excuse of ‑‑ with the excuse of whatever. For passing something for putting pressure today in to the operators for passing some idea that then as another effect has nothing to do with Botnet but to use this as a Trojan horse for achieving different results. What I see is that parts of the operators, for instance, donuts, just not to make names, have taken a certain position. I think that the position that they have taken is extreme is with my head as Chair of the board of public registry something I would not like my board to take as a decision. I have to recognize there is this sort of pressure. And if we leave the operators in this business alone, then they might take decisions that the end user community would not like.
So I'm looking forward. I also don't want ‑‑ I fully agree and I don't think that anybody in this room wants to have ICANN regulating this taking the regulator hat and forcing a behavior. But I think that those issues have to be discussed. And if we can ‑‑ if the community can come to an agreement about some guidelines, abandoning a little bit the religious approach that would bring us in a confrontation about all or nothing, I think that if we have some guidelines from the community that are sort of Consensus, quasi‑Consensus we will do a good step forward in finding a solution that is not perfect for anybody is at least good enough for most of the people. So it is ‑‑ I think that I would like to take this debate a bit away from the philosophical principles and say what can we do in practice and what ‑‑ taking in to account that there are different legislations. There are different cultures, that there are different problems. So I would like to see not in this session but in the future when this discussion is evolving to go in to some practical indication and take a direction so that towards reaching a sort of common understanding in the first place and then possibly a solution. Thank you.
>> FARZANCH BADII: So you want me to ask them?
>> TATIANA TROPINA: I can ask them. You are talking about resolution, about due process or takedowns.
>> PARTICIPANT: Let me phrase it better. So I think that it is obvious that Makali has the right to take down whatever he wants. That's fine. However, I think that since there are this sort of pressures and operators tend to take different solutions that they have the complete freedom to take, there is some sort of lack of uniformity in the system which is a good thing but can also be a bad thing. I mean I don't know. It is something that ‑‑ I don't see the debate going in to some practical things.
>> TATIANA TROPINA: I think that's the best illustration when I say that some of the community members there are the driving force of coming forward with some community solutions on what to take down and how to take down and what the due process. And for me this is engagement, if ICANN could be the platform for this? Roberto, whatever you are doing, don't do that in ICANN.
>> FARZANCH BADII: How about we ask ICANN to bind the registrars to be neutral and not take down content?
>> PARTICIPANT: I think you are doing a very good job of trolling me. Joking aside I mean the ‑‑ I think you are all right. I think we actually agree we don't want ‑‑ as a register I don't want ICANN to tell me what I can or cannot take down, what I should or not take down. Because that opens up a massive can of worms. And it is just ‑‑ it is not something that will end well. Personally when I read spec 11 in the registry contract when it was being pushed forward, I read some of the language in there and I died a little inside because it was so vague and so broad that oh, my God, this is going to cause problems. If you look at the registrar agreement, there is an abuse or reporting clause that comes in two parts. One part is specific to consumer protection and law enforcement, fine. That makes perfect sense. In the past ten years I think I received two notices from them and maybe half a dozen if I include our local search that still haven't worked out IP addresses can be shared, but we will not get in to that.
But the other side of which is the abuse, the way it is worded, and the expectation led to a situation where several of us spend a inordinate amount of time trying to mediate with the Intellectual Property people who assumed that if they reported something we were going to do something. And, you know, this is the kind of thing that it is the unintended consequences. The fact that somebody has the ability to report bad whatever, fine. I have no issue with that. But the expectation that the registrars or registries would take action opens up a massive can of worms. I mean one of the expressions we use in English, one man's freedom is the other man's terrorist. It is the same thing when it comes to all forms of content. If we can agree it is within ICANN's mission to deal with DNS stability. Somebody who is using a domain name or a platform to send out huge quantities of Spam, running Botnets, command and control, DDoS, all of that. If you are protecting that there is no point having conversation.
But everything kind of beyond that we need to have the ability to follow up processes, engage in that but I don't want a situation where ICANN is telling me I must protect Kati, for example.
>> TATIANA TROPINA: Can we ask one more question to bridge these two points? Roberto suggested that the ICANN community comes together and tell each other what to do and how to conserve this situation or another one.
>> PARTICIPANT: I think that there is a big difference between regulation and providing guidelines. That entirely the different operators can adopt or not. And this is something that was, for instance, a big discussion in the ‑‑ in the Internet of Things. There was also this issue about regulation and I hear the same pattern going on. There is something that is in between, between free for all and everybody does ‑‑ what they want without any kind of reference to a discussion that has been carried on. And the regulation that means that we decide a certain ICANN process on everyone and that's it. And I feel the lack of discussion on a specific case on what are ‑‑ what are the situations in which it would be better to do one thing and it would be better to do a different thing.
There are some border case lines and I don't have really, there is no specific goal that I am trying to reach with my intervention. And I am just asking the question, I mean shouldn't we discuss in practical terms what are the example of cases in which it is in the public interest that certain actions are taken and other cases in which it is not in the public interest.
>> FARZANCH BADII: Thank you very much. Are there any other comments on this? We have no comments on this issue. So we can wrap up this session or I can allow you to make your last comments.
>> PANELIST: What Roberto is saying makes a lot of sense. The concern we had in these discussions in the past with registrars and registries, if we try to formulate guidelines or best practices it suddenly becomes oh, these guidelines and best practices ‑‑ you all have to follow them. It becomes this kind of quasi‑regulation. And I don't want us to know how to thread that properly. We as service providers we should be consistent and clear about what we do in situations that we know how to deal with.
So putting something in there, some level of transparency about how we will handle certain types of abuse and all that makes perfect sense. Because ultimately as a business if I am acting inconsistently and pulling down zucchinis and tomatoes, I am going to lose business. And it doesn't make sense in my perspective. I think the problem is you don't want a situation where ICANN is mandating it.
>> FARZANCH BADII: Okay. We can wrap up this session. Thank you very much for attending. And we have formed a noncommercial users constituency. And we want to prevent to become a noncontent regulator. If you are a noncommercial user then you can take some of our brochures and join the constituency for freedom of speech and Human Rights and privacy and domain names.