We at Sitetruth.com operate a system which attempts to evaluate the legitimacy of the business behind business web sites. We do this by attempting to link the web site to a real-world business, then obtaining business background information from commercial sources. We thus have an interest in correct ownership data for web sites being easily available.
ICANN proposes that "Domain name registrations involving P/P service providers should be clearly labelled as such in WHOIS." We agree, and add that the "clear labeling" should be easily machine-parsable. We would consider this a negative indicator when evaluating business legitimacy.
As for the questions presented for public comment:
Q: "Should registrants of domain names associated with commercial activities and which are used for online financial transactions be prohibited from using, or continuing to use, P/P services?"
A: Yes. In many jurisdictions, a business must disclose the actual name and address of the business behind a web site, or be guilty of a criminal offense. See California Business and Professions Code section 17538, which reads:
"Before accepting any payment or processing any debit or credit charge or funds transfer, the vendor shall disclose to the buyer in writing or by electronic means of communication ... the legal name under which the business is conducted and, except as provided in paragraph (3), the complete street address from which the business is actually conducted." Also see The European Electronic Commerce Directive (2000/31/EC), which is even broader:
... Member States shall ensure that the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information:
(a) the name of the service provider;
(b) the geographic address at which the service provider is established;
(c) the details of the service provider, including his electronic mail address, which allow him to be contacted rapidly and communicated with in a direct and effective manner;
(d) where the service provider is registered in a trade or similar public register, the trade register in which the service provider is entered and his registration number, or equivalent means of identification in that register;
(e) where the activity is subject to an authorisation scheme, the particulars of the relevant supervisory authority"
The European Union's position is quite clear. While individuals have privacy rights under the European Privacy Directive, businesses do not. Online businesses are subject to stringent disclosure requirements. ICANN should follow that model.
Q: "Do you think it would be useful to adopt a definition of "commercial” or “transactional” to define those domains for which P/P service registrations should be disallowed? If so, what should the definition(s) be?
A: The definition of "commercial" should be that used in the European Directive on Electronic Commerce. That definition works for the EU. Any site which accepts payments, offers items for sale, or engages in transactions of value should be considered commercial. Whether advertising-supported sites should be considered commercial remains an open question.
Q: "Would it be necessary to make a distinction in the WHOIS data fields to be displayed as a result of distinguishing between domain names used for online financial transactions and domain names that are not?"
A: For a domain identified as "commercial" per the previous criteria, the information listed as required by the European Directive on Electronic Commerce should be publicly available.
> A: Yes. In many jurisdictions, a business must disclose the actual name and address of the business behind a web site, or be guilty of a criminal offense.
So, why should ICANN enforce this? Especially since this is not true of all jurisdictions -- but even if it were, why is it useful for ICANN to be involved in enforcing individual national or sub-national laws? Shouldn't the standard legal process of law enforcement (and lawmaking, if necessary) in each jurisdiction cover this? What is ICANN's role in enforcing criminal law?
What happens if California repeals that law? Should ICANN still have these requirements?
> See California Business and Professions Code section 17538, which reads: "[...] the vendor shall disclose to the buyer[...]"
This section doesn't seem to have a requirement for the vendor to disclose their information to the general public, nor does it seem to have a requirement for the buyer to disclose their information to the vendor, let alone the general public.
For instance, as you mention, ad-supported websites may or may not be considered commercial. I may be willing to disclose my legal name and street address to my advertisers, but not to my site readers.
> Any site which accepts payments, offers items for sale, or engages in transactions of value should be considered commercial.
Isn't this at odds with your prior claim that individuals have privacy rights that business do not? If I set up a tip jar via Stripe or PayPal for my open-source project, am I now a business?
And, again, what about private individuals who make payments? If I log into a website using OpenID based on my personal domain name, and buy something with a credit card, has my domain name now become a site that "engages in transactions of value"?
It seems like we should have good answers to these questions before adding additional requirements. Again, in the absence of a clear reason why law enforcement needs ICANN's help, the fact that criminal law requires things is not, by itself, a reason for ICANN to urgently require things. Criminal law will take care of itself.
In the EU at least, the distinction between citizens and commercial entities is often blurry, as I'm not sure about other places, but in the EU many countries have this notion of "authorized professional" as a legal commercial entity and many people are taking advantage of it. EU directives are also mostly guidelines (i.e. they specify a desired result, not how that should happen) and yes, disclosure of information about a business should happen, but the channel for that is not specified.
As an example of why your mention of European directives is bullshit, Romania is an EU member, yet the WHOIS information for our .ro TLD is locked behind www.rotld.ro. So in order to find out the WHOIS information about a domain, you have to go to a web interface and then go through a CAPTCHA screen meant to prevent crawlers.
Personally, I have yet to hear about a valid use-case for automated crawling of WHOIS information.
Also, Sitetruth.com is a shady business. I mean, you block ads on search engines you don't own and you do so for commercial purposes. That smells to me like copyright infringement. And seriously, who patents an ad blocker?
"You block ads on search engines you don't own and you do so for commercial purposes. That smells to me like copyright infringement."
Some content providers have the idea that their ad-based business model is somehow protected by copyright, and that users can't block ads. This has no basis in law and has gone nowhere in court.[1]
"And seriously, who patents an ad blocker?"
Google's Eric Schimdt once testified before Congress that it was technically impossible for Google to evaluate the legitimacy of web site operators. We did it. That meets one of the strongest criteria for invention - the big guys tried to do it and failed. Ad Limiter is a demo of that.
We're looking for someone who wants to take a bite out of Google. Yahoo gave up on search and became a Bing reseller, and Bing is just too confused internally. As computing gets cheaper, it becomes cheaper to provide search services, which makes Google vulnerable. As costs went down, ad density should have decreased. But it didn't. This puts Google on the wrong side of Moore's Law. A non ad supported search engine may become feasible, especially in the mobile space where it can go on the phone bill. It's interesting to see what Verizon is starting to do with Bing.
Great, so if I'm being harassed, and I accept donations or set up a legal defense fund or whatever, I'll have to dox myself.
This is a real-names policy, just like Facebook currently has, with all of the problems and oppression that brings. Adding the distinction of "commercial activities" is about as help as it is in licensing (i.e. it isn't at all helpful).
We at Sitetruth.com operate a system which attempts to evaluate the legitimacy of the business behind business web sites. We do this by attempting to link the web site to a real-world business, then obtaining business background information from commercial sources. We thus have an interest in correct ownership data for web sites being easily available.
ICANN proposes that "Domain name registrations involving P/P service providers should be clearly labelled as such in WHOIS." We agree, and add that the "clear labeling" should be easily machine-parsable. We would consider this a negative indicator when evaluating business legitimacy.
As for the questions presented for public comment:
Q: "Should registrants of domain names associated with commercial activities and which are used for online financial transactions be prohibited from using, or continuing to use, P/P services?"
A: Yes. In many jurisdictions, a business must disclose the actual name and address of the business behind a web site, or be guilty of a criminal offense. See California Business and Professions Code section 17538, which reads:
"Before accepting any payment or processing any debit or credit charge or funds transfer, the vendor shall disclose to the buyer in writing or by electronic means of communication ... the legal name under which the business is conducted and, except as provided in paragraph (3), the complete street address from which the business is actually conducted." Also see The European Electronic Commerce Directive (2000/31/EC), which is even broader:
... Member States shall ensure that the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information:
(a) the name of the service provider; (b) the geographic address at which the service provider is established; (c) the details of the service provider, including his electronic mail address, which allow him to be contacted rapidly and communicated with in a direct and effective manner; (d) where the service provider is registered in a trade or similar public register, the trade register in which the service provider is entered and his registration number, or equivalent means of identification in that register; (e) where the activity is subject to an authorisation scheme, the particulars of the relevant supervisory authority"
The European Union's position is quite clear. While individuals have privacy rights under the European Privacy Directive, businesses do not. Online businesses are subject to stringent disclosure requirements. ICANN should follow that model.
Q: "Do you think it would be useful to adopt a definition of "commercial” or “transactional” to define those domains for which P/P service registrations should be disallowed? If so, what should the definition(s) be?
A: The definition of "commercial" should be that used in the European Directive on Electronic Commerce. That definition works for the EU. Any site which accepts payments, offers items for sale, or engages in transactions of value should be considered commercial. Whether advertising-supported sites should be considered commercial remains an open question.
Q: "Would it be necessary to make a distinction in the WHOIS data fields to be displayed as a result of distinguishing between domain names used for online financial transactions and domain names that are not?"
A: For a domain identified as "commercial" per the previous criteria, the information listed as required by the European Directive on Electronic Commerce should be publicly available.