[NCSG-PC] Fwd: [NCSG-Discuss] Comments on the Whois compliance models

Stephanie Perrin stephanie.perrin at mail.utoronto.ca
Sun Jan 28 18:14:08 EET 2018


I am sorry I let you down.  To be frank, the discussion on the main list 
was all over the map, my desire to throw my comment out there to be 
trashed by folks not following these matters was pretty minimal.  
However, I have had a complete meltdown with my computer and my ISP, 
which slowed me down enormously, and there was no room for error.

Here are a few compromise positions:

1.  I can summarize at the end of the analysis of the different 
positions, the various views (I acknowledged EFF's position but did not 
go into it.

2.  I can add a more thorough discussion of the law enforcement ask, the 
IP lawyer ask, etc. and why option 3 deals with those issues successfully.

3.  I can discuss the data commissioner's expressed views on these 
matters.  There will be no support from them for a wholesale cutting off 
of access for cyber investigators.  IF you have any ideas on how to 
square that circle, I am all ears.  It is a big problem....while I can 
be accused of caving in to a moderate position because I have been both 
a govt policy/legislative wonk and an exec in a privacy commissioner's 
office, I think you have to acknowledge I have decades of experience 
fighting off law enforcement in back rooms.  If we want to be taken 
seriously, we have to acknowledge there is a problem. (it is of course 
their fault there is a problem, but that is another narrative....)

I am also very happy saying there is a wide range of views in NCSG.  But 
if you want a narrow answer to the question of whether it is 2b or 3, 
please pay attention to what Goran said in the IPC webinar the other 
day...do not feel tied to 1,2, or 3, we simply pulled them into models. 
COmments on all aspects raised, suggestions of other models etc are welcome.

SO I think we can say of your models we like 2b for this, 3 for that, 
and our favorite proposal so far is the ECO one.  Strategically, and 
bearing in mind we still have years of pdps ahead of us and this is an 
interim measure, supporting the registrars seems to me a good idea, 
particularly when they have gone to the work and expense they have to 
produce an excellent proposal.

Have to go drop  the dog at camp, perhaps we can talk this evening in LA 
or tomorrow morning at breakfast?

cheers Steph

On 2018-01-28 10:36, farzaneh badii wrote:
> I tell you what is sticking in my throat Stephanie: You are way too 
> late and we relied on you and you delivered late. I don't want Law 
> Enforcement be viewed as legitimate force globally and you know where 
> I am from. Does Eco model address my worry?
>
> Farzaneh
>
> On Sun, Jan 28, 2018 at 10:29 AM, Stephanie Perrin 
> <stephanie.perrin at mail.utoronto.ca 
> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>
>     Well I am sorry that I did not get the comment in as well. There
>     is a lot to read and I have read it (unlike many).  WE need to
>     know where the opposition is coming from.
>
>     The ECO comments have been out there a while, and they deal with
>     the models.  There is absolutely nothing wrong with endorsing
>     another group's position.  Their legal analysis is excellent, in
>     my view.
>
>     Ignoring the reality that there is a cybercrime problem out there
>     is, in my view, not a thoughtful position to take. I can attempt
>     to reword it if you point me to precisely what is sticking in your
>     throats.  We want layered access....a failure to support layered
>     access at this point in time will set us back years, we finally
>     have ICANN agreeing to it.
>
>     I am happy to send my comments in myself if you don't support
>     them.  I think they are well informed and realistic.  I think
>     Option 3 was thrown out there as a poison pill and I am not taking it.
>
>     let me know.....
>
>     cheers Steph
>
>     On 2018-01-28 09:50, farzaneh badii wrote:
>>     Hello Stephanie
>>
>>     Is eco model in the models that offered by Icann? Is it model 2b
>>     which you supported in the doc you sent us? If not then we cannot
>>     support it now. I suggest going for the highest protection now
>>     until we work out something better. You can always go down from
>>     highest protection to layered access etc but for now and since we
>>     don't have much time to reach consensus I think we can stick to
>>     model 3.  I wish you had sent us your document sooner so that we
>>     could work on it. Also your argument for not supporting model 3
>>     in the document is not really based on substance it's based on
>>     the fact that it won't get support in the community. There is a
>>     May deadline. Community can come up with consensus after the
>>     deadline on another leas protective model.  but ICANN org can't
>>     wait!
>>
>>     I suggest pc members weigh in on this deadline is tomorrow and we
>>     would like to know our positoon before the intersessional.
>>
>>     On Sun, Jan 28, 2018 at 9:17 AM Stephanie Perrin
>>     <stephanie.perrin at mail.utoronto.ca
>>     <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>>
>>         I will try to get the revised comments on the models that
>>         have been submitted in before I run for  the plane at 2
>>         EDT...but that may not happen.  The legal analysis will come
>>         next week, it is a lot harder and more complex....but I want
>>         to get my questions on the table.  It will be a long time
>>         before this is over....
>>
>>         We need to endorse the ECO model very strongly, in my view.
>>         While option 3 looks good, it is rather unworkable.
>>
>>         cheers SP
>>
>>         On 2018-01-27 14:09, Ayden Férdeline wrote:
>>>         Thanks Rafik
>>>
>>>         I’m going to hold off on endorsing this for 24 hours until I
>>>         read the comments currently being drafted by Stephanie.
>>>
>>>         To be clear, this is not to say that I do not endorse this
>>>         statement. It sounds logical to me and consistent with our
>>>         principles. But if Stephanie has a 15-page document coming
>>>         I’d like to make sure we’re being consistent in our messaging.
>>>
>>>         Of course, being so close to the final day for
>>>         submissions, I’ll write again on-list tomorrow in the
>>>         absence of any other statements being on the table, as we
>>>         cannot miss this submission deadline.
>>>
>>>         Sincere thanks to Milton for drafting this.
>>>
>>>         Best wishes, Ayden
>>>
>>>         Sent from ProtonMail Mobile
>>>
>>>
>>>         On Sat, Jan 27, 2018 at 10:50, Rafik Dammak
>>>         <rafik.dammak at gmail.com <mailto:rafik.dammak at gmail.com>> wrote:
>>>>         Hi all,
>>>>
>>>>         We got a comment for the GDPR compliance model. The
>>>>         deadline for submission ins the 29th Jan, which is the
>>>>         coming monday. We need act quickly within this weekend .
>>>>
>>>>         Best,
>>>>
>>>>         Rafik
>>>>
>>>>         ---------- Forwarded message ----------
>>>>         From: "Mueller, Milton L" <milton at gatech.edu
>>>>         <mailto:milton at gatech.edu>>
>>>>         Date: Jan 26, 2018 6:05 PM
>>>>         Subject: [NCSG-Discuss] Comments on the Whois compliance
>>>>         models
>>>>         To: <NCSG-DISCUSS at listserv.syr.edu
>>>>         <mailto:NCSG-DISCUSS at listserv.syr.edu>>
>>>>         Cc:
>>>>
>>>>             I offer the following as a first draft of the NCSG
>>>>             position on the 12 January 2018 call for comments
>>>>             released by ICANN org.
>>>>
>>>>             Principles
>>>>
>>>>             Our evaluation of the models offered by ICANN are based
>>>>             on three fundamental principles. No model that fails to
>>>>             conform to all three is acceptable to the NCSG.
>>>>
>>>>             1. The purpose of whois must be strictly tied to
>>>>             ICANN's mission. That is, the data that is collected
>>>>             and the data that are published must directly and
>>>>             demonstrably contribute to ICANN's mission as defined
>>>>             in Article 1 of its new bylaws. We reject any
>>>>             definition of Whois purpose that is based on the way
>>>>             people happen to make use of data that can be accessed
>>>>             indiscriminately in a public directory. The fact that
>>>>             certain people currently use Whois for any purpose does
>>>>             not mean that the purpose of Whois is to provide thick
>>>>             data about the domain and its registrant to anyone who
>>>>             wants it for any reason.
>>>>
>>>>             2. Whois service, like the DNS itself, should be
>>>>             globally uniform and not vary by jurisdiction. ICANN
>>>>             was created to provide globalized governance of the DNS
>>>>             so that it would continue to be globally compatible and
>>>>             coordinated. Any solution that involves fragmenting the
>>>>             policies and practices of Whois along jurisdictional
>>>>             lines is not desirable.
>>>>
>>>>             3. No tiered access solution that involves establishing
>>>>             new criteria for access can feasibly be created in the
>>>>             next 3 months. We would strongly resist throwing the
>>>>             community into a hopeless rush to come up with entirely
>>>>             new policies, standards and practices involving tiered
>>>>             access to data, and we do not want ICANN staff to
>>>>             invent a policy that is not subject to community review
>>>>             and approval.
>>>>
>>>>             Based on these three principles, we believe that Model
>>>>             3 is the only viable option available. Model 3
>>>>             minimizes the data publicly displayed to that which is
>>>>             required for maintaining the stability, security and
>>>>             resiliency of the DNS. Model 3 could be applied across
>>>>             the board, and would be presumptively legal regardless
>>>>             of which jurisdiction the registrar, registry or
>>>>             registrant are in. And Model 3 relies on established
>>>>             legal due process for gaining access to additional
>>>>             information.
>>>>
>>>>             There is room for discussion about how much data could
>>>>             be publicly displayed under Model 3 consistent with
>>>>             ICANN's mission. E.g., it may be within ICANN's mission
>>>>             to include additional data in the public record, such
>>>>             as an email address for the technical contact and even
>>>>             possibly the name of the registrant.
>>>>
>>>>             The process of gaining access to additional data in
>>>>             Model 1 is completely unacceptable. Self-certification
>>>>             by any third party requestor is, we believe, not
>>>>             compliant with GDPR nor does is such access justified
>>>>             by the purpose of Whois or ICANN's mission.
>>>>
>>>>             Model 2 might possibly be acceptable if an suitable set
>>>>             of criteria and processes were devised, but it simply
>>>>             is not feasible for such a certification program to be
>>>>             developed in 3 months. A certification program thrown
>>>>             together in a rush poses huge risks for loopholes, poor
>>>>             procedures, and a legal challenge to ICANN, either from
>>>>             DPAs or from individuals affected.
>>>>
>>>>             Dr. Milton L. Mueller
>>>>
>>>>             Professor, School of Public Policy
>>>>
>>>>             Georgia Institute of Technology
>>>>
>>>>
>>>
>>>         _______________________________________________
>>>         NCSG-PC mailing list
>>>         NCSG-PC at lists.ncsg.is  <mailto:NCSG-PC at lists.ncsg.is>
>>>         https://lists.ncsg.is/mailman/listinfo/ncsg-pc  <https://lists.ncsg.is/mailman/listinfo/ncsg-pc>
>>         _______________________________________________
>>         NCSG-PC mailing list
>>         NCSG-PC at lists.ncsg.is <mailto:NCSG-PC at lists.ncsg.is>
>>         https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>         <https://lists.ncsg.is/mailman/listinfo/ncsg-pc>
>>
>>     -- 
>>     Farzaneh
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180128/a9da7ed5/attachment.htm>


More information about the NCSG-PC mailing list