PONAR: Call for Participation

Internet | International | Accountability

This document lists the various groups I am inviting for assistance on the PONAR (Protocol for Online Abuse Reporting) project. As I get endorsements and sponsors I will update this document.

Ordinary folks who are the aggrieved parties

I was directly motivated to start this effort based on conversations over the years with people who have been the victims of online abuse and harassment. I have expressed some of the early formative ideas of PONAR to members of victim's aid group are taking their considerations quite seriously.

What PONAR should do for ordinary people who get hit by online harassment is to be able to directly initiate a formal process for reporting it without any complications.

Online publishers/bloggers

Any person, blogger or otherwise, who has the power to remove and content from their site is a publisher. In my research, I've found that publishers generally want to do the right thing (such as removing offensive comments), it's often a matter of expediency. The PONAR system helps streamline this process for them as well.

Citizen Media Thought Leaders

The citizen media thought leaders (often influential bloggers) have helped shape the norms of blogging and citizen journalism. One challenge is that they typically, end to support the rights of bloggers to publish above anything else– even if at the expense of private people (see the Chilling Effects Clearinghouse). 

On the other hand, there are a number of civic-minded folks I have spoken to who do want restore civilities to public interest forums on the Internet, and I am looking forward to their consideration here.

Responses: Marius Chitosca at Howard Rheingold's SmartMobs reviewed PONAR favorably on 6/24: "The new approach benefits from two leading advantages: well-formed data by the petitioner, so a third party involvement is no longer necessary, and the database storage capabilities that a structured format carries within, making possible its submission to careful analysis."

Legal Community

What is being offered through PONAR is a way to automate what lawyers do for a fee, so there might just be some natural resistance from the legal community. Still, there are many lawyers, particularly in the academic/entrepreneurial community, who are working on appropriate conversions of legal processes to software code.

Responses: I've gotten a very favorable response from a leading Internet law center; along with a bit of skepticism from an ICANN observer.

Internet Account Providers

Google, Microsoft, Yahoo, MySpace: These are the major players, and they will play the greatest roles in how the user accesses to the PONAR system. All three tend to get whacked on occasion for not doing enough to safeguard privacy. The PONAR system should be part of their public- interest contributions to the development of a safe Internet.

All of the above parties have come together, in fact, for the StopBadware clearinghouse run by the Berkman Center, Oxford University, and Consumer Reports; Google has integrated in the database within the search results. The one piece missing from StopBadware is a way to notify site owners automatically and reliably; Google has conceded this. Which brings us to…


Finding the publisher of a website is a concern of ICANN. Their most recent meeting was last week in San Juan, PR; the Whois working group met on June 24th, and I submitted comments into the group. The GNSO (Generic Names Supporting Organization) has been looking into the of trying to ensure that the WHOIS system can support both privacy (which is effectively being granted by domain proxies) and accountability (which is needed by anyone trying to track down the website owner). In March, the GNSO WHOIS Task Force issued some recommendations, including the introduction of an Operational Point of Contact (OPoC) which would replace the technical and administrative contacts with an effective business-as-a-proxy (for example, the registrar).

Personal abuse is likely only a small problem, as compared to fraud and copyright infringement.  Most of the abuse reporting of this type comes from businesses and nonprofits. These communities were worried that they would not be able to pursue potential lawbreakers without ready access to the Whois data. The summary of public comments included these points:

  • The OPoC should ensure contact with the registered name holder in a defined and short period of time.
  • OPoCs should have specified responsibilities for passing communications, including legal notifications, to the registered name holder.

As it happens, PONAR was conceived to address just these points by being an electronic proxy. OPoC shouldn't be a person; it should be a web service.

Update, June 25th: I've read the 56-page transcript from Sunday's meeting. I cannot do it justice with a complete summary, but I will try and highlight points related to PONAR. OPoC is still alive and appears to have growing support. It's been agreed that law enforcement should have unrestricted access, and accredited banks as well– that's the perks with being accredited. Bertrand de La Chapelle suggested that pattern analysis can be done in a blind fashion; I believe he suggested that a domain can be queried to find out whether the same email address/name has registered other domains. Chair Philip Shephard asked about auditing/recordkeeping; the registrars contigent felt it might be a burden. de La Chappelle, once again, offered a creative suggestion of a "third party neutral copy of the log." I think they'd all be ver happy with a system like PONAR.

It's also become clear to me reading the transcript that a filed report could trigger a notification not just to the subdomain publisher, but to the domain and to the registrar simultaneously.

What's missing from the OPoC discussions is that subdomain publishers remain beyond the reach of the Registrars. That's why the PONAR implementation would have to go beyond ICANN and extend to the IAP's/hosting companies.

My recommendation to ICANN remains that they develop the PONAR service in parallel to the existing WHOIS database for the time being. The organizations pursuing IP/brand abuse would choose to file via PONAR. There are many advantages. Customers could see immediately (or nearly enough) if a website is suspecting of wrongdoing. Furthermore, ICANN can raise the bar for registrary compliance by requiring registries to support a PONAR server.

If it's a success, the WHOIS database can be quietly retired. This should be a success. How is it that an industry can sing the praises of web services without doing so on the governance of the entire Internet?

The side benefit to this, of course, is that ordinary folks would have a one-click way of reporting abuse, too.