<div>I have now made some edits to Stephanie's Google Doc, to harmonise the formatting and I made a few stylistic changes. Thanks so much for drafting this Stephanie; the substance is great! I will make some further substantive edits later tonight, once I have finished reading the report myself.<br></div><div><br></div><div>Best wishes, Ayden <br></div><div class="protonmail_signature_block"><div class="protonmail_signature_block-proton protonmail_signature_block-empty"><br></div></div><div><br></div><div>‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐<br></div><div> On Friday, 16 November 2018 12:32, Rafik Dammak <rafik.dammak@gmail.com> wrote:<br></div><div> <br></div><blockquote type="cite" class="protonmail_quote"><div dir="ltr"><div>thanks Kathy, I appreciate your response and the work done in your comment. we will try to add possible edits to draft made by Stephanie.<br></div><div><br></div><div>Best,<br></div><div><br></div><div>Rafik<br></div><div><div><br></div><div class="gmail_quote"><div dir="ltr">Le ven. 16 nov. 2018 à 04:00, Kathryn Kleiman <<a href="mailto:kathy@kathykleiman.com" target="_blank">kathy@kathykleiman.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr">Hi Rafik and All, I'm happy to submit my comment
separately. It will be hard to reconcile in under a day, and it
may be good for noncommercial representatives to have multiple
voices in this comment process. <br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><b>One thing, though, that I am very, very worried about
is BY.1, a proposed change to the ICANN Bylaws <u>to delete </u><u>"safeguarding
registrant data."</u></b> If this change is made, when ICANN
studies and reviews future RDS/WHO services, it will only look at
how the RDS serves the "legitimate needs of law enforcement and
promote consumer trust" ==> who mine our data, not how our data
(and those of noncommercial registrants in all gTLDs) is being
protected and safeguarded. For a future RDS/WHOIS Review Team
perspective, it completely changes the data they will ge. From a
legal perspective, such a change to the Bylaws will haunt us for
decades to come (as a sign that safeguarding registrants and our
data no longer an ICANN priority.)<b></b><br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><b></b><br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><b></b>Feel free to use my language! (which I've also
added to Stephanie's comments...)<br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr">Please let me know if you would like to sign on
separately (more the merrier!)<br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr">Best, Kathy <b></b><br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><b style="font-weight:normal"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><i><span style="font-family:Arial"><span style="font-size:11pt"></span></span></i></span></span></b><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><b><span style="font-family:Arial"><span style="font-size:11pt">---------------------------------------------------------------------------------------------------------------------------- Kathy's Comment re: Opposing BY.1, RDS/WHOIS 2 Review Team Recomm to Change ICANN Bylaws ----</span></span></b></span></span><br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><b><span style="font-family:Arial"><span style="font-size:11pt"></span></span></b></span></span><br></p><p><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><b><span style="font-family:Arial"><span style="font-size:11pt">I. We Strongly Oppose the Following Recommendations and Ask that They be Deleted or Significantly Modified in the Final Report</span></span></b></span></span><b style="font-weight:normal"></b><br></p><p><b style="font-weight:normal"></b><br></p><ol style="margin-top:0pt;margin-bottom:0pt"><li style="list-style-type:upper-alpha;font-size:11pt;font-family:Arial;color:#000000;background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;margin-left:36pt" dir="ltr"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><i><span style="font-family:Arial"><span style="font-size:11pt">BY.1 Should Be Removed</span></span></i></span></span><br></p></li></ol><div><br></div><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-indent:36pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">We are deeply concerned about the deletion of protections for Registrants from New ICANN Bylaw Section 4.6(e)(ii) and ask that this recommendation be removed. It would eliminate “</span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><i><span style="font-family:Arial"><span style="font-size:11pt">the reference to ‘safeguarding registrant data’ in ICANN Bylaws section 4.6(e(ii)...” </span></span></i></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><b><span style="font-family:Arial"><span style="font-size:11pt">We find this recommendation to be a dangerous and short-sighted.</span></span></b></span></span><br></p><div><br></div><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">The current ICANN Bylaw is a balanced one. Section (e)(ii) provides:</span></span></span></span><br></p><div><br></div><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-indent:36pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">“e)</span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt"> </span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">Registration Directory Service Review</span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt"> </span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt"> </span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">* * * *</span></span></span></span><br></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:36pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">(ii) The Board shall cause a periodic review to assess the effectiveness of the then current gTLD registry directory service and whether its implementation meets the legitimate needs of law enforcement, promoting consumer trust and safeguarding registrant data (“Directory Service Review”).”</span></span></span></span><br></p><div><br></div><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">The current Bylaw is fair and balanced -- with protection of the data subject as well as those who would have a legitimate and legal need to access their data. These New ICANN Bylaws were adopted pursuant to intensive discussions of the ICANN Community and are part of the balanced accountability processes and protections created.</span></span></span></span><br></p><div><br></div><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">To remove “safeguarding registrant data” will:</span></span></span></span><br></p><ol style="margin-top:0pt;margin-bottom:0pt"><li style="list-style-type:lower-alpha;font-size:11pt;font-family:Arial;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" dir="ltr"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">Harm the trust of domain name registrants (who impart their individual and organizational data (personal and sensitive) to their registrars, registries and indirectly to ICANN) with clear expectations of it being safeguarded, and</span></span></span></span><br></p></li></ol><div><br></div><ol style="margin-top:0pt;margin-bottom:0pt" start="2"><li style="list-style-type:lower-alpha;font-size:11pt;font-family:Arial;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" dir="ltr"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">Go against the tide of modern society. In the world of “big data,” governments and regulatory agencies everywhere are rushing to protect and “safeguard” the data of their citizens and customers. Safeguarding registrant data is a way of building trust and loyalty. It is the law of the European Union, the basis of the dozens of signatories to Convention 108 (including EU, Russia, Turkey, Morocco, Senegal, Uruguay and Argentina), and the basis of NTIA’s just closed </span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><i><span style="font-family:Arial"><span style="font-size:11pt">Request for Comment </span></span></i></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">on </span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><i><span style="font-family:Arial"><span style="font-size:11.5pt">Developing the Administration’s Approach to Consumer Privacy. </span></span></i></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11.5pt">In NTIA’s Request for Comment, the organization wrote: </span></span></span></span><br></p></li></ol><div><br></div><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:72pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">“Every day, individuals interact with an array of products and services, many of</span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt"> </span></span></span></span><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">which have become integral to their daily lives. Often, especially in the digital environment, these products and services depend on the collection, retention, and use of personal data about their users. Users must therefore trust that organizations will respect their interests, understand what is happening with their personal data, and decide whether they are comfortable with this exchange. Trust is at the core of the United States’ privacy policy formation.”</span></span></span></span><br></p><div><br></div><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="background-color:transparent"><span style="color:rgb(0, 0, 0)"><span style="font-family:Arial"><span style="font-size:11pt">To remove or change this Bylaw protection would violate key promises made in the ICANN Transition, and fundamental commitments of the ICANN Community to its foundation of domain name registrants. The publicity of such a change, alone, would undermine confidence in the DNS.</span></span></span></span><br></p><div><br></div><p><br></p><div>On 11/15/2018 4:11 AM, Rafik Dammak
wrote:<br></div><blockquote type="cite"><div dir="ltr"><div>Hi Kathy, <br></div><div><br></div><div>Thanks for the draft comment. <br></div><div>we got to work on finalizing an NCSG response.<br></div><div><br></div><div>Best,<br></div><div><br></div><div><div>Rafik<br></div><div> <br></div><div> <br></div><div class="gmail_quote"><div dir="ltr">Le mar. 13 nov. 2018 à 12:47, Kathryn Kleiman
<<a href="mailto:kathy@kathykleiman.com" target="_blank">kathy@kathykleiman.com</a>> a
écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Hi All,<br></div><div> <br></div><div> The deadline is almost upon us for the Registration
Directory Service <br></div><div> (RDS)-WHOIS2 Review Draft Report comments. I found the
RDS/WHO2 Draft <br></div><div> Report scary and fascinating -- it was supposed to stay
within the "four <br></div><div> corners" of the first Whois Review Team Report and it
didn't. It <br></div><div> proposes some truly dangerous changes. I am also
concerned by the long <br></div><div> discussion I heard (participated in) in Barcelona with
Alan, Katrin and <br></div><div> Susan (officers of RDS-WHO2 from ALAC, GAC Public Safety
Working Group <br></div><div> and Facebook) saying that they might continue their work,
do more <br></div><div> surveys and make more recommendations -- even as the EPDP
is in <br></div><div> progress! They should definitely stop!<br></div><div> <br></div><div> Huge thanks to Stephanie for being part of and surviving
this Review Team!<br></div><div> <br></div><div> Knowing that things are crazy busy, I kicked off a draft
comment from my <br></div><div> vantage point as Vice-Chair of the first WHOIS Review Team
(18 long <br></div><div> months in 2010-2011). Feel free to edit and expand!<br></div><div> <br></div><div> Posted at <br></div><div> <a href="https://docs.google.com/document/d/1h8ykLx-8dhCWposUJpKkBYf3Rg-oAZEqwCN131n-Yoo/edit?usp=sharing" rel="noreferrer" target="_blank">https://docs.google.com/document/d/1h8ykLx-8dhCWposUJpKkBYf3Rg-oAZEqwCN131n-Yoo/edit?usp=sharing</a><br></div><div> <br></div><div> Best, Kathy<br></div><div> <br></div><div> _______________________________________________<br></div><div> NCSG-PC mailing list<br></div><div> <a href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a><br></div><div> <a href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" rel="noreferrer" target="_blank">https://lists.ncsg.is/mailman/listinfo/ncsg-pc</a><br></div></blockquote></div></div></div></blockquote></div></blockquote></div></div></div></blockquote><div><br></div>