[NCSG-PC] Fwd: [NCSG-Discuss] Comments on the Whois compliance models

Sat Jan 27 21:09:27 EET 2018

Thanks Rafik

I’m going to hold off on endorsing this for 24 hours until I read the comments currently being drafted by Stephanie.

To be clear, this is not to say that I do not endorse this statement. It sounds logical to me and consistent with our principles. But if Stephanie has a 15-page document coming I’d like to make sure we’re being consistent in our messaging.

Of course, being so close to the final day for submissions, I’ll write again on-list tomorrow in the absence of any other statements being on the table, as we cannot miss this submission deadline.

Sincere thanks to Milton for drafting this.

Best wishes, Ayden

Sent from ProtonMail Mobile

On Sat, Jan 27, 2018 at 10:50, Rafik Dammak <rafik.dammak at gmail.com> wrote:

> Hi all,
>
> We got a comment for the GDPR compliance model. The deadline for submission ins the 29th Jan, which is the coming monday. We need act quickly within this weekend .
>
> Best,
>
> Rafik
>
> ---------- Forwarded message ----------
> From: "Mueller, Milton L" <milton at gatech.edu>
> Date: Jan 26, 2018 6:05 PM
> Subject: [NCSG-Discuss] Comments on the Whois compliance models
> To: <NCSG-DISCUSS at listserv.syr.edu>
> Cc:
>
>> I offer the following as a first draft of the NCSG position on the 12 January 2018 call for comments released by ICANN org.
>>
>> Principles
>>
>> Our evaluation of the models offered by ICANN are based on three fundamental principles. No model that fails to conform to all three is acceptable to the NCSG.
>>
>> 1. The purpose of whois must be strictly tied to ICANN's mission. That is, the data that is collected and the data that are published must directly and demonstrably contribute to ICANN's mission as defined in Article 1 of its new bylaws. We reject any definition of Whois purpose that is based on the way people happen to make use of data that can be accessed indiscriminately in a public directory. The fact that certain people currently use Whois for any purpose does not mean that the purpose of Whois is to provide thick data about the domain and its registrant to anyone who wants it for any reason.
>>
>> 2. Whois service, like the DNS itself, should be globally uniform and not vary by jurisdiction. ICANN was created to provide globalized governance of the DNS so that it would continue to be globally compatible and coordinated. Any solution that involves fragmenting the policies and practices of Whois along jurisdictional lines is not desirable.
>>
>> 3. No tiered access solution that involves establishing new criteria for access can feasibly be created in the next 3 months. We would strongly resist throwing the community into a hopeless rush to come up with entirely new policies, standards and practices involving tiered access to data, and we do not want ICANN staff to invent a policy that is not subject to community review and approval.
>>
>> Based on these three principles, we believe that Model 3 is the only viable option available. Model 3 minimizes the data publicly displayed to that which is required for maintaining the stability, security and resiliency of the DNS. Model 3 could be applied across the board, and would be presumptively legal regardless of which jurisdiction the registrar, registry or registrant are in. And Model 3 relies on established legal due process for gaining access to additional information.
>>
>> There is room for discussion about how much data could be publicly displayed under Model 3 consistent with ICANN's mission. E.g., it may be within ICANN's mission to include additional data in the public record, such as an email address for the technical contact and even possibly the name of the registrant.
>>
>> The process of gaining access to additional data in Model 1 is completely unacceptable. Self-certification by any third party requestor is, we believe, not compliant with GDPR nor does is such access justified by the purpose of Whois or ICANN's mission.
>>
>> Model 2 might possibly be acceptable if an suitable set of criteria and processes were devised, but it simply is not feasible for such a certification program to be developed in 3 months. A certification program thrown together in a rush poses huge risks for loopholes, poor procedures, and a legal challenge to ICANN, either from DPAs or from individuals affected.
>>
>> Dr. Milton L. Mueller
>>
>> Professor, School of Public Policy
>>
>> Georgia Institute of Technology
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180127/cdef7791/attachment.htm>