<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi All,</p>
<p>I would like to support Stephanie's comments and I am sorry her
computer broke down at such a critical moment. But I do want to
share that her comments are brilliant and well-reasoned -- and
walk us through the complexities of a very difficult area. As
befits the co-author of the Canadian data protection law, her
analysis of the requirements of GDPR and the short-comings of the
models is important and badly needed. It's a "real-world" analysis
for a situation we have in front of us - ICANN and real companies
in the registration industry trying to comply with the GDPR and
data protection laws around the world. I fully endorsing adopting
as much as possible from her comments. <br>
</p>
<p>Also safe travels to LA!<br>
</p>
<p>Best regards, Kathy<br>
</p>
<br>
<div class="moz-cite-prefix">On 1/28/2018 8:14 AM, Stephanie Perrin
wrote:<br>
</div>
<blockquote
cite="mid:fa17fc04-1dcb-3e73-b97a-df12164f65db@mail.utoronto.ca"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p><font size="+1"><font face="Lucida Grande">I am sorry I let you
down. To be frank, the discussion on the main list was all
over the map, my desire to throw my comment out there to be
trashed by folks not following these matters was pretty
minimal. However, I have had a complete meltdown with my
computer and my ISP, which slowed me down enormously, and
there was no room for error.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Here are a few
compromise positions:</font></font></p>
<p><font size="+1"><font face="Lucida Grande">1. I can summarize
at the end of the analysis of the different positions, the
various views (I acknowledged EFF's position but did not go
into it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">2. I can add a more
thorough discussion of the law enforcement ask, the IP
lawyer ask, etc. and why option 3 deals with those issues
successfully.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">3. I can discuss
the data commissioner's expressed views on these matters.
There will be no support from them for a wholesale cutting
off of access for cyber investigators. IF you have any
ideas on how to square that circle, I am all ears. It is a
big problem....while I can be accused of caving in to a
moderate position because I have been both a govt
policy/legislative wonk and an exec in a privacy
commissioner's office, I think you have to acknowledge I
have decades of experience fighting off law enforcement in
back rooms. If we want to be taken seriously, we have to
acknowledge there is a problem. (it is of course their fault
there is a problem, but that is another narrative....)</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I am also very happy
saying there is a wide range of views in NCSG. But if you
want a narrow answer to the question of whether it is 2b or
3, please pay attention to what Goran said in the IPC
webinar the other day...do not feel tied to 1,2, or 3, we
simply pulled them into models. COmments on all aspects
raised, suggestions of other models etc are welcome.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">SO I think we can
say of your models we like 2b for this, 3 for that, and our
favorite proposal so far is the ECO one. Strategically, and
bearing in mind we still have years of pdps ahead of us and
this is an interim measure, supporting the registrars seems
to me a good idea, particularly when they have gone to the
work and expense they have to produce an excellent proposal.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Have to go drop the
dog at camp, perhaps we can talk this evening in LA or
tomorrow morning at breakfast?</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Steph</font></font><br>
</p>
<div class="moz-cite-prefix">On 2018-01-28 10:36, farzaneh badii
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAN1qJvB7zz7KYa8rBdqPuewJF032NYvCdPuYzup+6X2OfKP6tQ@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif">I tell you what is
sticking in my throat Stephanie: You are way too late and we
relied on you and you delivered late. I don't want Law
Enforcement be viewed as legitimate force globally and you
know where I am from. Does Eco model address my worry?</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div><font face="verdana, sans-serif">Farzaneh </font></div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Sun, Jan 28, 2018 at 10:29 AM,
Stephanie Perrin <span dir="ltr"><<a
href="mailto:stephanie.perrin@mail.utoronto.ca"
target="_blank" moz-do-not-send="true">stephanie.perrin@mail.utoronto.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Well I am
sorry that I did not get the comment in as well.
There is a lot to read and I have read it (unlike
many). WE need to know where the opposition is
coming from.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">The ECO
comments have been out there a while, and they
deal with the models. There is absolutely nothing
wrong with endorsing another group's position.
Their legal analysis is excellent, in my view.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Ignoring
the reality that there is a cybercrime problem out
there is, in my view, not a thoughtful position to
take. I can attempt to reword it if you point me
to precisely what is sticking in your throats. We
want layered access....a failure to support
layered access at this point in time will set us
back years, we finally have ICANN agreeing to it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I am happy
to send my comments in myself if you don't support
them. I think they are well informed and
realistic. I think Option 3 was thrown out there
as a poison pill and I am not taking it.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">let me
know.....</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers
Steph</font></font><br>
</p>
<div>
<div class="h5">
<div class="m_-8128406081380222753moz-cite-prefix">On
2018-01-28 09:50, farzaneh badii wrote:<br>
</div>
<blockquote type="cite">
<div>
<div dir="auto">Hello Stephanie </div>
<div dir="auto"><br>
</div>
<div dir="auto">Is eco model in the models that
offered by Icann? Is it model 2b which you
supported in the doc you sent us? If not then
we cannot support it now. I suggest going for
the highest protection now until we work out
something better. You can always go down from
highest protection to layered access etc but
for now and since we don't have much time to
reach consensus I think we can stick to model
3. I wish you had sent us your document
sooner so that we could work on it. Also your
argument for not supporting model 3 in the
document is not really based on substance it's
based on the fact that it won't get support in
the community. There is a May deadline.
Community can come up with consensus after the
deadline on another leas protective model.
but ICANN org can't wait! <br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">I suggest pc members weigh in on
this deadline is tomorrow and we would like to
know our positoon before the intersessional.</div>
<br>
<div class="gmail_quote">
<div>On Sun, Jan 28, 2018 at 9:17 AM Stephanie
Perrin <<a
href="mailto:stephanie.perrin@mail.utoronto.ca"
target="_blank" moz-do-not-send="true">stephanie.perrin@mail.<wbr>utoronto.ca</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida
Grande">I will try to get the
revised comments on the models that
have been submitted in before I run
for the plane at 2 EDT...but that
may not happen. The legal analysis
will come next week, it is a lot
harder and more complex....but I
want to get my questions on the
table. It will be a long time
before this is over....</font></font></p>
<p><font size="+1"><font face="Lucida
Grande">We need to endorse the ECO
model very strongly, in my view.
While option 3 looks good, it is
rather unworkable.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida
Grande">cheers SP</font></font><br>
</p>
</div>
<div text="#000000" bgcolor="#FFFFFF">
<div
class="m_-8128406081380222753m_6396244989369319936moz-cite-prefix">On
2018-01-27 14:09, Ayden Férdeline wrote:<br>
</div>
<blockquote type="cite">
<div>Thanks Rafik</div>
<div> <br>
</div>
<div>I’m going to hold off on endorsing
this for 24 hours until I read the
comments currently being drafted
by Stephanie. </div>
<div> <br>
</div>
<div>To be clear, this is not to say
that I do not endorse this statement.
It sounds logical to me and consistent
with our principles. But if Stephanie
has a 15-page document coming I’d like
to make sure we’re being consistent in
our messaging. </div>
<div> <br>
</div>
<div>Of course, being so close to the
final day for submissions, I’ll write
again on-list tomorrow in the absence
of any other statements being on the
table, as we cannot miss this
submission deadline. </div>
<div> <br>
</div>
<div>Sincere thanks to Milton for
drafting this. </div>
<div> <br>
</div>
<div>Best wishes, Ayden</div>
<div> <br>
</div>
<div
id="m_-8128406081380222753m_6396244989369319936protonmail_mobile_signature_block">Sent
from ProtonMail Mobile</div>
<div> <br>
<div>
<div> <br>
</div>
On Sat, Jan 27, 2018 at 10:50, Rafik
Dammak <<a
href="mailto:rafik.dammak@gmail.com"
target="_blank"
moz-do-not-send="true">rafik.dammak@gmail.com</a>>
wrote:</div>
<blockquote
class="m_-8128406081380222753m_6396244989369319936protonmail_quote"
type="cite">
<div dir="auto">
<div>Hi all,
<div dir="auto"> <br>
</div>
<div dir="auto">We got a comment
for the GDPR compliance model.
The deadline for submission
ins the 29th Jan, which is the
coming monday. We need act
quickly within this weekend .</div>
<div dir="auto"> <br>
</div>
<div dir="auto">Best,</div>
<div dir="auto"> <br>
</div>
<div dir="auto">Rafik </div>
<br>
<div class="gmail_quote">----------
Forwarded message ---------- <br>
From: "Mueller, Milton L" <<a
href="mailto:milton@gatech.edu" target="_blank" moz-do-not-send="true">milton@gatech.edu</a>>
<br>
Date: Jan 26, 2018 6:05 PM <br>
Subject: [NCSG-Discuss]
Comments on the Whois
compliance models <br>
To: <<a
href="mailto:NCSG-DISCUSS@listserv.syr.edu"
target="_blank"
moz-do-not-send="true">NCSG-DISCUSS@listserv.syr.edu</a><wbr>>
<br>
Cc: <br>
<br type="attribution">
<blockquote
class="m_-8128406081380222753m_6396244989369319936quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204)">
<div link="#0563C1"
vlink="#954F72"
lang="EN-US">
<div
class="m_-8128406081380222753m_6396244989369319936m_-2216294355849967392WordSection1">
<p class="MsoNormal">I
offer the following as
a first draft of the
NCSG position on the
12 January 2018 call
for comments released
by ICANN org. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Principles
</p>
<p class="MsoNormal">Our
evaluation of the
models offered by
ICANN are based on
three fundamental
principles. No model
that fails to conform
to all three is
acceptable to the
NCSG. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">1.
The purpose of whois
must be strictly tied
to ICANN's mission.
That is, the data that
is collected and the
data that are
published must
directly and
demonstrably
contribute to ICANN's
mission as defined in
Article 1 of its new
bylaws. We reject any
definition of Whois
purpose that is based
on the way people
happen to make use of
data that can be
accessed
indiscriminately in a
public directory. The
fact that certain
people currently use
Whois for any purpose
does not mean that the
purpose of Whois is to
provide thick data
about the domain and
its registrant to
anyone who wants it
for any reason. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">2.
Whois service, like
the DNS itself, should
be globally uniform
and not vary by
jurisdiction. ICANN
was created to provide
globalized governance
of the DNS so that it
would continue to be
globally compatible
and coordinated. Any
solution that involves
fragmenting the
policies and practices
of Whois along
jurisdictional lines
is not desirable. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">3.
No tiered access
solution that involves
establishing new
criteria for access
can feasibly be
created in the next 3
months. We would
strongly resist
throwing the community
into a hopeless rush
to come up with
entirely new policies,
standards and
practices involving
tiered access to data,
and we do not want
ICANN staff to invent
a policy that is not
subject to community
review and approval.
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Based
on these three
principles, we believe
that Model 3 is the
only viable option
available. Model 3
minimizes the data
publicly displayed to
that which is required
for maintaining the
stability, security
and resiliency of the
DNS. Model 3 could be
applied across the
board, and would be
presumptively legal
regardless of which
jurisdiction the
registrar, registry or
registrant are in. And
Model 3 relies on
established legal due
process for gaining
access to additional
information. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">There
is room for discussion
about how much data
could be publicly
displayed under Model
3 consistent with
ICANN's mission. E.g.,
it may be within
ICANN's mission to
include additional
data in the public
record, such as an
email address for the
technical contact and
even possibly the name
of the registrant. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The
process of gaining
access to additional
data in Model 1 is
completely
unacceptable.
Self-certification by
any third party
requestor is, we
believe, not compliant
with GDPR nor does is
such access justified
by the purpose of
Whois or ICANN's
mission. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Model
2 might possibly be
acceptable if an
suitable set of
criteria and processes
were devised, but it
simply is not feasible
for such a
certification program
to be developed in 3
months. A
certification program
thrown together in a
rush poses huge risks
for loopholes, poor
procedures, and a
legal challenge to
ICANN, either from
DPAs or from
individuals affected.
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Dr.
Milton L. Mueller </p>
<p class="MsoNormal">Professor,
School of Public
Policy </p>
<p class="MsoNormal">Georgia
Institute of
Technology </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<fieldset
class="m_-8128406081380222753m_6396244989369319936mimeAttachmentHeader"></fieldset>
<pre class="m_-8128406081380222753m_6396244989369319936moz-quote-pre">______________________________<wbr>_________________
NCSG-PC mailing list
<a class="m_-8128406081380222753m_6396244989369319936moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is" target="_blank" moz-do-not-send="true">NCSG-PC@lists.ncsg.is</a>
<a class="m_-8128406081380222753m_6396244989369319936moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" target="_blank" moz-do-not-send="true">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>
</pre>
</blockquote>
</div>
______________________________<wbr>_________________
NCSG-PC mailing list
<a href="mailto:NCSG-PC@lists.ncsg.is" target="_blank" moz-do-not-send="true">NCSG-PC@lists.ncsg.is</a>
<a href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.ncsg.is/mailman/<wbr>listinfo/ncsg-pc</a>
</blockquote>
</div>
</div>
<div dir="ltr">--
</div>
<div class="m_-8128406081380222753gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div><font face="verdana, sans-serif">Farzaneh </font></div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
NCSG-PC mailing list
<a class="moz-txt-link-abbreviated" href="mailto:NCSG-PC@lists.ncsg.is">NCSG-PC@lists.ncsg.is</a>
<a class="moz-txt-link-freetext" href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc">https://lists.ncsg.is/mailman/listinfo/ncsg-pc</a>
</pre>
</blockquote>
</body></html>