<div><div dir="auto">I won't be in LA until wed. Pc has to decide until tmrw the latest. I acknowledge all that. Expertise etc etc. But it will be easier to go for a more protective approach and then to a layered approach. The other way round is more difficult. I want us to think about this more. </div><div dir="auto"><br></div><div dir="auto">And my question about ECO model went unanswered.</div><div dir="auto"><br></div><div dir="auto">I want Tatiana to also weigh in she has been working with law enforcement as well and knows a lot. She is traveling so I guess there will be a delay. </div><div dir="auto"><br></div><div dir="auto">But Stephanie, you need to also acknowledge that the law enforcement you dealt with is a different kind. Law enforcement in the region I come from is more scary than protective. The last thing I can fathom is that they get empowered to ask for people's data. Not all of them are bad. But in systems where blasphemy is a crime punished with capital punishment we have to be careful with the access of law enforcement to data. Have you considered this in the equation? Or does this not matter? I'm all for cost benefit analysis so if you have and you think still the layered approach can protect and bring more benefit then well I am all ears.</div><div dir="auto"><br></div><div dir="auto">Flying to DC now. </div><br><div class="gmail_quote"><div>On Sun, Jan 28, 2018 at 11:14 AM Stephanie Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca">stephanie.perrin@mail.utoronto.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">I am sorry I let you
down. To be frank, the discussion on the main list was all
over the map, my desire to throw my comment out there to be
trashed by folks not following these matters was pretty
minimal. However, I have had a complete meltdown with my
computer and my ISP, which slowed me down enormously, and
there was no room for error.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Here are a few
compromise positions:</font></font></p>
<p><font size="+1"><font face="Lucida Grande">1. I can summarize at
the end of the analysis of the different positions, the
various views (I acknowledged EFF's position but did not go
into it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">2. I can add a more
thorough discussion of the law enforcement ask, the IP lawyer
ask, etc. and why option 3 deals with those issues
successfully.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">3. I can discuss the
data commissioner's expressed views on these matters. There
will be no support from them for a wholesale cutting off of
access for cyber investigators. IF you have any ideas on how
to square that circle, I am all ears. It is a big
problem....while I can be accused of caving in to a moderate
position because I have been both a govt policy/legislative
wonk and an exec in a privacy commissioner's office, I think
you have to acknowledge I have decades of experience fighting
off law enforcement in back rooms. If we want to be taken
seriously, we have to acknowledge there is a problem. (it is
of course their fault there is a problem, but that is another
narrative....)</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I am also very happy
saying there is a wide range of views in NCSG. But if you
want a narrow answer to the question of whether it is 2b or 3,
please pay attention to what Goran said in the IPC webinar the
other day...do not feel tied to 1,2, or 3, we simply pulled
them into models. COmments on all aspects raised, suggestions
of other models etc are welcome.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">SO I think we can say
of your models we like 2b for this, 3 for that, and our
favorite proposal so far is the ECO one. Strategically, and
bearing in mind we still have years of pdps ahead of us and
this is an interim measure, supporting the registrars seems to
me a good idea, particularly when they have gone to the work
and expense they have to produce an excellent proposal.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Have to go drop the
dog at camp, perhaps we can talk this evening in LA or
tomorrow morning at breakfast?</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Steph</font></font><br>
</p></div><div text="#000000" bgcolor="#FFFFFF">
<div class="m_-4256475482672100589moz-cite-prefix">On 2018-01-28 10:36, farzaneh badii
wrote:<br>
</div>
<blockquote type="cite">
<div>
<div class="gmail_default" style="font-family:verdana,sans-serif">I tell you what is
sticking in my throat Stephanie: You are way too late and we
relied on you and you delivered late. I don't want Law
Enforcement be viewed as legitimate force globally and you
know where I am from. Does Eco model address my worry?</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_-4256475482672100589gmail_signature" data-smartmail="gmail_signature">
<div>
<div><font face="verdana, sans-serif">Farzaneh </font></div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Sun, Jan 28, 2018 at 10:29 AM,
Stephanie Perrin <span><<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Well I am
sorry that I did not get the comment in as well.
There is a lot to read and I have read it (unlike
many). WE need to know where the opposition is
coming from.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">The ECO
comments have been out there a while, and they deal
with the models. There is absolutely nothing wrong
with endorsing another group's position. Their
legal analysis is excellent, in my view.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Ignoring the
reality that there is a cybercrime problem out there
is, in my view, not a thoughtful position to take.
I can attempt to reword it if you point me to
precisely what is sticking in your throats. We want
layered access....a failure to support layered
access at this point in time will set us back years,
we finally have ICANN agreeing to it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I am happy
to send my comments in myself if you don't support
them. I think they are well informed and
realistic. I think Option 3 was thrown out there as
a poison pill and I am not taking it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">let me
know.....</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Steph</font></font><br>
</p>
<div>
<div class="m_-4256475482672100589h5">
<div class="m_-4256475482672100589m_-8128406081380222753moz-cite-prefix">On
2018-01-28 09:50, farzaneh badii wrote:<br>
</div>
<blockquote type="cite">
<div>
<div dir="auto">Hello Stephanie </div>
<div dir="auto"><br>
</div>
<div dir="auto">Is eco model in the models that
offered by Icann? Is it model 2b which you
supported in the doc you sent us? If not then we
cannot support it now. I suggest going for the
highest protection now until we work out
something better. You can always go down from
highest protection to layered access etc but for
now and since we don't have much time to reach
consensus I think we can stick to model 3. I
wish you had sent us your document sooner so
that we could work on it. Also your argument for
not supporting model 3 in the document is not
really based on substance it's based on the fact
that it won't get support in the community.
There is a May deadline. Community can come up
with consensus after the deadline on another
leas protective model. but ICANN org can't
wait! <br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">I suggest pc members weigh in on
this deadline is tomorrow and we would like to
know our positoon before the intersessional.</div>
<br>
<div class="gmail_quote">
<div>On Sun, Jan 28, 2018 at 9:17 AM Stephanie
Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida
Grande">I will try to get the revised
comments on the models that have been
submitted in before I run for the
plane at 2 EDT...but that may not
happen. The legal analysis will come
next week, it is a lot harder and more
complex....but I want to get my
questions on the table. It will be a
long time before this is over....</font></font></p>
<p><font size="+1"><font face="Lucida
Grande">We need to endorse the ECO
model very strongly, in my view.
While option 3 looks good, it is
rather unworkable.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida
Grande">cheers SP</font></font><br>
</p>
</div>
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936moz-cite-prefix">On
2018-01-27 14:09, Ayden Férdeline wrote:<br>
</div>
<blockquote type="cite">
<div>Thanks Rafik</div>
<div> <br>
</div>
<div>I’m going to hold off on endorsing
this for 24 hours until I read the
comments currently being drafted
by Stephanie. </div>
<div> <br>
</div>
<div>To be clear, this is not to say that
I do not endorse this statement. It
sounds logical to me and consistent with
our principles. But if Stephanie has a
15-page document coming I’d like to make
sure we’re being consistent in our
messaging. </div>
<div> <br>
</div>
<div>Of course, being so close to the
final day for submissions, I’ll write
again on-list tomorrow in the absence of
any other statements being on the table,
as we cannot miss this submission
deadline. </div>
<div> <br>
</div>
<div>Sincere thanks to Milton for drafting
this. </div>
<div> <br>
</div>
<div>Best wishes, Ayden</div>
<div> <br>
</div>
<div id="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936protonmail_mobile_signature_block">Sent
from ProtonMail Mobile</div>
<div> <br>
<div>
<div> <br>
</div>
On Sat, Jan 27, 2018 at 10:50, Rafik
Dammak <<a href="mailto:rafik.dammak@gmail.com" target="_blank">rafik.dammak@gmail.com</a>>
wrote:</div>
<blockquote class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936protonmail_quote" type="cite">
<div dir="auto">
<div>Hi all,
<div dir="auto"> <br>
</div>
<div dir="auto">We got a comment
for the GDPR compliance model.
The deadline for submission ins
the 29th Jan, which is the
coming monday. We need act
quickly within this weekend .</div>
<div dir="auto"> <br>
</div>
<div dir="auto">Best,</div>
<div dir="auto"> <br>
</div>
<div dir="auto">Rafik </div>
<br>
<div class="gmail_quote">----------
Forwarded message ---------- <br>
From: "Mueller, Milton L" <<a href="mailto:milton@gatech.edu" target="_blank">milton@gatech.edu</a>>
<br>
Date: Jan 26, 2018 6:05 PM <br>
Subject: [NCSG-Discuss] Comments
on the Whois compliance models <br>
To: <<a href="mailto:NCSG-DISCUSS@listserv.syr.edu" target="_blank">NCSG-DISCUSS@listserv.syr.edu</a>>
<br>
Cc: <br>
<br type="attribution">
<blockquote class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204)">
<div link="#0563C1" vlink="#954F72" lang="EN-US">
<div class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936m_-2216294355849967392WordSection1">
<p class="MsoNormal">I
offer the following as a
first draft of the NCSG
position on the 12
January 2018 call for
comments released by
ICANN org. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Principles
</p>
<p class="MsoNormal">Our
evaluation of the models
offered by ICANN are
based on three
fundamental principles.
No model that fails to
conform to all three is
acceptable to the NCSG.
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">1.
The purpose of whois
must be strictly tied to
ICANN's mission. That
is, the data that is
collected and the data
that are published must
directly and
demonstrably contribute
to ICANN's mission as
defined in Article 1 of
its new bylaws. We
reject any definition of
Whois purpose that is
based on the way people
happen to make use of
data that can be
accessed
indiscriminately in a
public directory. The
fact that certain people
currently use Whois for
any purpose does not
mean that the purpose of
Whois is to provide
thick data about the
domain and its
registrant to anyone who
wants it for any reason.
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">2.
Whois service, like the
DNS itself, should be
globally uniform and not
vary by jurisdiction.
ICANN was created to
provide globalized
governance of the DNS so
that it would continue
to be globally
compatible and
coordinated. Any
solution that involves
fragmenting the policies
and practices of Whois
along jurisdictional
lines is not desirable.
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">3. No
tiered access solution
that involves
establishing new
criteria for access can
feasibly be created in
the next 3 months. We
would strongly resist
throwing the community
into a hopeless rush to
come up with entirely
new policies, standards
and practices involving
tiered access to data,
and we do not want ICANN
staff to invent a policy
that is not subject to
community review and
approval. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Based
on these three
principles, we believe
that Model 3 is the only
viable option available.
Model 3 minimizes the
data publicly displayed
to that which is
required for maintaining
the stability, security
and resiliency of the
DNS. Model 3 could be
applied across the
board, and would be
presumptively legal
regardless of which
jurisdiction the
registrar, registry or
registrant are in. And
Model 3 relies on
established legal due
process for gaining
access to additional
information. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">There
is room for discussion
about how much data
could be publicly
displayed under Model 3
consistent with ICANN's
mission. E.g., it may be
within ICANN's mission
to include additional
data in the public
record, such as an email
address for the
technical contact and
even possibly the name
of the registrant. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The
process of gaining
access to additional
data in Model 1 is
completely unacceptable.
Self-certification by
any third party
requestor is, we
believe, not compliant
with GDPR nor does is
such access justified by
the purpose of Whois or
ICANN's mission. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Model
2 might possibly be
acceptable if an
suitable set of criteria
and processes were
devised, but it simply
is not feasible for such
a certification program
to be developed in 3
months. A certification
program thrown together
in a rush poses huge
risks for loopholes,
poor procedures, and a
legal challenge to
ICANN, either from DPAs
or from individuals
affected. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Dr.
Milton L. Mueller </p>
<p class="MsoNormal">Professor,
School of Public Policy
</p>
<p class="MsoNormal">Georgia
Institute of Technology
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<fieldset class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936mimeAttachmentHeader"></fieldset>
<pre class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936moz-quote-pre">_______________________________________________
NCSG-PC mailing list
<a class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a>
<a class="m_-4256475482672100589m_-8128406081380222753m_6396244989369319936moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" target="_blank">https://lists.ncsg.is/mailman/listinfo/ncsg-pc</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
NCSG-PC mailing list<br>
<a href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a><br>
<a href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" rel="noreferrer" target="_blank">https://lists.ncsg.is/mailman/listinfo/ncsg-pc</a><br>
</blockquote>
</div>
</div>
<div>-- <br>
</div>
<div class="m_-4256475482672100589m_-8128406081380222753gmail_signature" data-smartmail="gmail_signature">
<div>
<div><font face="verdana, sans-serif">Farzaneh </font></div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div></blockquote></div></div><div dir="ltr">-- <br></div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><font face="verdana, sans-serif">Farzaneh </font></div></div></div>