<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Thanks Kathy, and I
would just like to add that Goran basically reinforced his
message about not being slavish about model 1, 2 oe 3 when he
spoke to us this morning. And thanks for posting the link to
the ECO model on the list. It has been out there since
December 11, and to be frank I thought more people would have
looked at it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Stephanie</font></font><br>
</p>
<div class="moz-cite-prefix">On 2018-01-29 12:52, Kathy Kleiman
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1f3c016c-47a1-6dfa-3b53-004952885ad3@kathykleiman.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi All,</p>
<p>I would like to support Stephanie's comments and I am sorry her
computer broke down at such a critical moment. But I do want to
share that her comments are brilliant and well-reasoned -- and
walk us through the complexities of a very difficult area. As
befits the co-author of the Canadian data protection law, her
analysis of the requirements of GDPR and the short-comings of
the models is important and badly needed. It's a "real-world"
analysis for a situation we have in front of us - ICANN and real
companies in the registration industry trying to comply with the
GDPR and data protection laws around the world. I fully
endorsing adopting as much as possible from her comments. <br>
</p>
<p>Also safe travels to LA!<br>
</p>
<p>Best regards, Kathy<br>
</p>
<br>
<div class="moz-cite-prefix">On 1/28/2018 8:14 AM, Stephanie
Perrin wrote:<br>
</div>
<blockquote
cite="mid:fa17fc04-1dcb-3e73-b97a-df12164f65db@mail.utoronto.ca"
type="cite">
<p><font size="+1"><font face="Lucida Grande">I am sorry I let
you down. To be frank, the discussion on the main list
was all over the map, my desire to throw my comment out
there to be trashed by folks not following these matters
was pretty minimal. However, I have had a complete
meltdown with my computer and my ISP, which slowed me down
enormously, and there was no room for error.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Here are a few
compromise positions:</font></font></p>
<p><font size="+1"><font face="Lucida Grande">1. I can
summarize at the end of the analysis of the different
positions, the various views (I acknowledged EFF's
position but did not go into it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">2. I can add a
more thorough discussion of the law enforcement ask, the
IP lawyer ask, etc. and why option 3 deals with those
issues successfully.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">3. I can discuss
the data commissioner's expressed views on these matters.
There will be no support from them for a wholesale cutting
off of access for cyber investigators. IF you have any
ideas on how to square that circle, I am all ears. It is
a big problem....while I can be accused of caving in to a
moderate position because I have been both a govt
policy/legislative wonk and an exec in a privacy
commissioner's office, I think you have to acknowledge I
have decades of experience fighting off law enforcement in
back rooms. If we want to be taken seriously, we have to
acknowledge there is a problem. (it is of course their
fault there is a problem, but that is another
narrative....)</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I am also very
happy saying there is a wide range of views in NCSG. But
if you want a narrow answer to the question of whether it
is 2b or 3, please pay attention to what Goran said in the
IPC webinar the other day...do not feel tied to 1,2, or 3,
we simply pulled them into models. COmments on all aspects
raised, suggestions of other models etc are welcome.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">SO I think we can
say of your models we like 2b for this, 3 for that, and
our favorite proposal so far is the ECO one.
Strategically, and bearing in mind we still have years of
pdps ahead of us and this is an interim measure,
supporting the registrars seems to me a good idea,
particularly when they have gone to the work and expense
they have to produce an excellent proposal.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Have to go drop
the dog at camp, perhaps we can talk this evening in LA or
tomorrow morning at breakfast?</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Steph</font></font><br>
</p>
<div class="moz-cite-prefix">On 2018-01-28 10:36, farzaneh badii
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAN1qJvB7zz7KYa8rBdqPuewJF032NYvCdPuYzup+6X2OfKP6tQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif">I tell you what is
sticking in my throat Stephanie: You are way too late and
we relied on you and you delivered late. I don't want Law
Enforcement be viewed as legitimate force globally and you
know where I am from. Does Eco model address my worry?</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div><font face="verdana, sans-serif">Farzaneh </font></div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Sun, Jan 28, 2018 at 10:29 AM,
Stephanie Perrin <span dir="ltr"><<a
href="mailto:stephanie.perrin@mail.utoronto.ca"
target="_blank" moz-do-not-send="true">stephanie.perrin@mail.utoronto.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Well I
am sorry that I did not get the comment in as
well. There is a lot to read and I have read it
(unlike many). WE need to know where the
opposition is coming from.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">The ECO
comments have been out there a while, and they
deal with the models. There is absolutely
nothing wrong with endorsing another group's
position. Their legal analysis is excellent, in
my view.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Ignoring
the reality that there is a cybercrime problem
out there is, in my view, not a thoughtful
position to take. I can attempt to reword it if
you point me to precisely what is sticking in
your throats. We want layered access....a
failure to support layered access at this point
in time will set us back years, we finally have
ICANN agreeing to it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I am
happy to send my comments in myself if you don't
support them. I think they are well informed
and realistic. I think Option 3 was thrown out
there as a poison pill and I am not taking it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">let me
know.....</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers
Steph</font></font><br>
</p>
<div>
<div class="h5">
<div class="m_-8128406081380222753moz-cite-prefix">On
2018-01-28 09:50, farzaneh badii wrote:<br>
</div>
<blockquote type="cite">
<div>
<div dir="auto">Hello Stephanie </div>
<div dir="auto"><br>
</div>
<div dir="auto">Is eco model in the models
that offered by Icann? Is it model 2b which
you supported in the doc you sent us? If not
then we cannot support it now. I suggest
going for the highest protection now until
we work out something better. You can always
go down from highest protection to layered
access etc but for now and since we don't
have much time to reach consensus I think we
can stick to model 3. I wish you had sent
us your document sooner so that we could
work on it. Also your argument for not
supporting model 3 in the document is not
really based on substance it's based on the
fact that it won't get support in the
community. There is a May deadline.
Community can come up with consensus after
the deadline on another leas protective
model. but ICANN org can't wait! <br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">I suggest pc members weigh in
on this deadline is tomorrow and we would
like to know our positoon before the
intersessional.</div>
<br>
<div class="gmail_quote">
<div>On Sun, Jan 28, 2018 at 9:17 AM
Stephanie Perrin <<a
href="mailto:stephanie.perrin@mail.utoronto.ca"
target="_blank" moz-do-not-send="true">stephanie.perrin@mail.<wbr>utoronto.ca</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida
Grande">I will try to get the
revised comments on the models
that have been submitted in before
I run for the plane at 2
EDT...but that may not happen.
The legal analysis will come next
week, it is a lot harder and more
complex....but I want to get my
questions on the table. It will
be a long time before this is
over....</font></font></p>
<p><font size="+1"><font face="Lucida
Grande">We need to endorse the ECO
model very strongly, in my view.
While option 3 looks good, it is
rather unworkable.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida
Grande">cheers SP</font></font><br>
</p>
</div>
<div text="#000000" bgcolor="#FFFFFF">
<div
class="m_-8128406081380222753m_6396244989369319936moz-cite-prefix">On
2018-01-27 14:09, Ayden Férdeline
wrote:<br>
</div>
<blockquote type="cite">
<div>Thanks Rafik</div>
<div> <br>
</div>
<div>I’m going to hold off on
endorsing this for 24 hours until I
read the comments currently being
drafted by Stephanie. </div>
<div> <br>
</div>
<div>To be clear, this is not to say
that I do not endorse this
statement. It sounds logical to me
and consistent with our principles.
But if Stephanie has a 15-page
document coming I’d like to make
sure we’re being consistent in our
messaging. </div>
<div> <br>
</div>
<div>Of course, being so close to the
final day for submissions, I’ll
write again on-list tomorrow in the
absence of any other statements
being on the table, as we cannot
miss this submission deadline. </div>
<div> <br>
</div>
<div>Sincere thanks to Milton for
drafting this. </div>
<div> <br>
</div>
<div>Best wishes, Ayden</div>
<div> <br>
</div>
<div
id="m_-8128406081380222753m_6396244989369319936protonmail_mobile_signature_block">Sent
from ProtonMail Mobile</div>
<div> <br>
<div>
<div> <br>
</div>
On Sat, Jan 27, 2018 at 10:50,
Rafik Dammak <<a
href="mailto:rafik.dammak@gmail.com"
target="_blank"
moz-do-not-send="true">rafik.dammak@gmail.com</a>>
wrote:</div>
<blockquote
class="m_-8128406081380222753m_6396244989369319936protonmail_quote"
type="cite">
<div dir="auto">
<div>Hi all,
<div dir="auto"> <br>
</div>
<div dir="auto">We got a
comment for the GDPR
compliance model. The
deadline for submission ins
the 29th Jan, which is the
coming monday. We need act
quickly within this weekend
.</div>
<div dir="auto"> <br>
</div>
<div dir="auto">Best,</div>
<div dir="auto"> <br>
</div>
<div dir="auto">Rafik </div>
<br>
<div class="gmail_quote">----------
Forwarded message ----------
<br>
From: "Mueller, Milton L"
<<a
href="mailto:milton@gatech.edu"
target="_blank"
moz-do-not-send="true">milton@gatech.edu</a>>
<br>
Date: Jan 26, 2018 6:05 PM <br>
Subject: [NCSG-Discuss]
Comments on the Whois
compliance models <br>
To: <<a
href="mailto:NCSG-DISCUSS@listserv.syr.edu"
target="_blank"
moz-do-not-send="true">NCSG-DISCUSS@listserv.syr.edu</a><wbr>>
<br>
Cc: <br>
<br type="attribution">
<blockquote
class="m_-8128406081380222753m_6396244989369319936quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204)">
<div link="#0563C1"
vlink="#954F72"
lang="EN-US">
<div
class="m_-8128406081380222753m_6396244989369319936m_-2216294355849967392WordSection1">
<p class="MsoNormal">I
offer the following
as a first draft of
the NCSG position on
the 12 January 2018
call for comments
released by ICANN
org. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">Principles
</p>
<p class="MsoNormal">Our
evaluation of the
models offered by
ICANN are based on
three fundamental
principles. No model
that fails to
conform to all three
is acceptable to the
NCSG. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">1.
The purpose of whois
must be strictly
tied to ICANN's
mission. That is,
the data that is
collected and the
data that are
published must
directly and
demonstrably
contribute to
ICANN's mission as
defined in Article 1
of its new bylaws.
We reject any
definition of Whois
purpose that is
based on the way
people happen to
make use of data
that can be accessed
indiscriminately in
a public directory.
The fact that
certain people
currently use Whois
for any purpose does
not mean that the
purpose of Whois is
to provide thick
data about the
domain and its
registrant to anyone
who wants it for any
reason. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">2.
Whois service, like
the DNS itself,
should be globally
uniform and not vary
by jurisdiction.
ICANN was created to
provide globalized
governance of the
DNS so that it would
continue to be
globally compatible
and coordinated. Any
solution that
involves fragmenting
the policies and
practices of Whois
along jurisdictional
lines is not
desirable. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">3.
No tiered access
solution that
involves
establishing new
criteria for access
can feasibly be
created in the next
3 months. We would
strongly resist
throwing the
community into a
hopeless rush to
come up with
entirely new
policies, standards
and practices
involving tiered
access to data, and
we do not want ICANN
staff to invent a
policy that is not
subject to community
review and
approval. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">Based
on these three
principles, we
believe that Model 3
is the only viable
option available.
Model 3 minimizes
the data publicly
displayed to that
which is required
for maintaining the
stability, security
and resiliency of
the DNS. Model 3
could be applied
across the board,
and would be
presumptively legal
regardless of which
jurisdiction the
registrar, registry
or registrant are
in. And Model 3
relies on
established legal
due process for
gaining access to
additional
information. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">There
is room for
discussion about how
much data could be
publicly displayed
under Model 3
consistent with
ICANN's mission.
E.g., it may be
within ICANN's
mission to include
additional data in
the public record,
such as an email
address for the
technical contact
and even possibly
the name of the
registrant. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">The
process of gaining
access to additional
data in Model 1 is
completely
unacceptable.
Self-certification
by any third party
requestor is, we
believe, not
compliant with GDPR
nor does is such
access justified by
the purpose of Whois
or ICANN's mission.
</p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">Model
2 might possibly be
acceptable if an
suitable set of
criteria and
processes were
devised, but it
simply is not
feasible for such a
certification
program to be
developed in 3
months. A
certification
program thrown
together in a rush
poses huge risks for
loopholes, poor
procedures, and a
legal challenge to
ICANN, either from
DPAs or from
individuals
affected. </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">Dr.
Milton L. Mueller </p>
<p class="MsoNormal">Professor,
School of Public
Policy </p>
<p class="MsoNormal">Georgia
Institute of
Technology </p>
<p class="MsoNormal">
</p>
<p class="MsoNormal">
</p>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<fieldset
class="m_-8128406081380222753m_6396244989369319936mimeAttachmentHeader"></fieldset>
<pre class="m_-8128406081380222753m_6396244989369319936moz-quote-pre">______________________________<wbr>_________________
NCSG-PC mailing list
<a class="m_-8128406081380222753m_6396244989369319936moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is" target="_blank" moz-do-not-send="true">NCSG-PC@lists.ncsg.is</a>
<a class="m_-8128406081380222753m_6396244989369319936moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" target="_blank" moz-do-not-send="true">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>
</pre>
</blockquote>
</div>
______________________________<wbr>_________________
NCSG-PC mailing list <a
href="mailto:NCSG-PC@lists.ncsg.is"
target="_blank" moz-do-not-send="true">NCSG-PC@lists.ncsg.is</a>
<a
href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>
</blockquote>
</div>
</div>
<div dir="ltr">-- </div>
<div
class="m_-8128406081380222753gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div><font face="verdana, sans-serif">Farzaneh
</font></div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
NCSG-PC mailing list
<a class="moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is" moz-do-not-send="true">NCSG-PC@lists.ncsg.is</a>
<a class="moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" moz-do-not-send="true">https://lists.ncsg.is/mailman/listinfo/ncsg-pc</a>
</pre>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
NCSG-PC mailing list
<a class="moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is">NCSG-PC@lists.ncsg.is</a>
<a class="moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc">https://lists.ncsg.is/mailman/listinfo/ncsg-pc</a>
</pre>
</blockquote>
</body>
</html>