For the past two years a diverse group of stakeholders from the ICANN community, including myself, has been working hard to come to a consensus on a set of recommendations related to development and implementation of an ICANN accreditation program for privacy & proxy service providers. The result of this effort will replace the interim specification defined in the 2013 Registrar Accreditation Agreement (RAA) that is due to expire at the end of 2016.

On May 5th, 2015 the Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) released its Initial Report to the community for comment and feedback and earlier this week the MPAA filed our official comments on the subject. The focus of our submission is on three important and central topics:

• Relay: Enabling our ability to resolve issues of abuse directly with the registrant, without the need to involve third parties.
• Disclosure: Developing a balanced and predictable framework for disclosure based on reasonable and lawful disclosure requests.
• Compliance and Accountability: Ensuring strong privacy and proxy service accountability backed up by an effective ICANN compliance regime.

Unfortunately, in recent weeks there have been a growing number of assertions that have sought to mischaracterize the MPAA’s position on privacy and proxy services. To clear up the matter, I want to stress that the MPAA supports 1) the legitimate use of privacy and proxy services, 2) the use of privacy services for all legal purposes, including commercial activity, and 3) that privacy providers should not be forced to reveal private information without verifiable evidence of abuse. However, any future accreditation agreement must also strike a balance to ensure that individuals hiding behind privacy and proxy services to conduct illegal and abusive activity can be found out. The MPAA believes a clear and effective accreditation framework supporting the three topics listed above is critical to the establishment of a trusted and secure internet, while continuing to protect the privacy and rights of domain name owners and Internet users alike.

To date over 11,000 comments have been received from Internet users based on hype and misinformation sponsored by certain registrars and advocacy groups—most coming via form letters. It is unfortunate that some statements made on these websites are misleading at best and in some cases completely false. The topic of privacy and proxy service accreditation is complex and nuanced as evidenced by two years of discussion that has resulted in a 98-page initial report.

Two specific statements have been made that I wanted to address directly.

First, it has been asserted that the working group decided that the ability to use privacy and proxy services for domains associated with “commercial activity’ be abandoned. This is misleading. In fact, the report explicitly states that “the WG agreed that the mere fact that a domain name is registered by a commercial entity or by anyone conducting commercial activity should not preclude the use of P/P services”. The MPAA believes that the working group should not consider a requirement that creates an outright ban on the use of P/P services to registrants who intend to use their registration for the purposes of “commercial activity.” However, we would support ongoing discussions on the evolution of policy surrounding the differences between commercial, personal, political and governmental use of the Internet as long as these discussions are secondary to the core topics of relay, disclosure, compliance and accountability.

Second, statements have been made that providers would be forced to terminate user’s privacy service and be required to give private contact details to anyone complaining that a domain violates their rights. This is simply false. As outlined in Annex E “Illustrative Disclosure Framework” of the report all requests for disclosure must meet specific detailed standards before action is taken. In addition, in the proposed framework providers continue to maintain broad discretion to reject complaints if they believe the purported abuse is not occurring. Finally, complaints can be rejected if there is information found that indicate that a complaint is pretextual.

As the working group wades through the many thousands of comments from the community, I look forward to continued deliberations and debate and the delivery of a final report before the expiration of the RAA interim privacy and proxy specification at the end of 2016.