[NCSG-PC] Fwd: [NCSG-Discuss] Comments on the Whois compliance models
farzaneh badii
farzaneh.badii at gmail.com
Sun Jan 28 18:27:30 EET 2018
I won't be in LA until wed. Pc has to decide until tmrw the latest. I
acknowledge all that. Expertise etc etc. But it will be easier to go for a
more protective approach and then to a layered approach. The other way
round is more difficult. I want us to think about this more.
And my question about ECO model went unanswered.
I want Tatiana to also weigh in she has been working with law enforcement
as well and knows a lot. She is traveling so I guess there will be a delay.
But Stephanie, you need to also acknowledge that the law enforcement you
dealt with is a different kind. Law enforcement in the region I come from
is more scary than protective. The last thing I can fathom is that they get
empowered to ask for people's data. Not all of them are bad. But in systems
where blasphemy is a crime punished with capital punishment we have to be
careful with the access of law enforcement to data. Have you considered
this in the equation? Or does this not matter? I'm all for cost benefit
analysis so if you have and you think still the layered approach can
protect and bring more benefit then well I am all ears.
Flying to DC now.
On Sun, Jan 28, 2018 at 11:14 AM Stephanie Perrin <
stephanie.perrin at mail.utoronto.ca> wrote:
> I am sorry I let you down. To be frank, the discussion on the main list
> was all over the map, my desire to throw my comment out there to be trashed
> by folks not following these matters was pretty minimal. However, I have
> had a complete meltdown with my computer and my ISP, which slowed me down
> enormously, and there was no room for error.
>
> Here are a few compromise positions:
>
> 1. I can summarize at the end of the analysis of the different positions,
> the various views (I acknowledged EFF's position but did not go into it.
>
> 2. I can add a more thorough discussion of the law enforcement ask, the
> IP lawyer ask, etc. and why option 3 deals with those issues successfully.
>
> 3. I can discuss the data commissioner's expressed views on these
> matters. There will be no support from them for a wholesale cutting off of
> access for cyber investigators. IF you have any ideas on how to square
> that circle, I am all ears. It is a big problem....while I can be accused
> of caving in to a moderate position because I have been both a govt
> policy/legislative wonk and an exec in a privacy commissioner's office, I
> think you have to acknowledge I have decades of experience fighting off law
> enforcement in back rooms. If we want to be taken seriously, we have to
> acknowledge there is a problem. (it is of course their fault there is a
> problem, but that is another narrative....)
>
> I am also very happy saying there is a wide range of views in NCSG. But
> if you want a narrow answer to the question of whether it is 2b or 3,
> please pay attention to what Goran said in the IPC webinar the other
> day...do not feel tied to 1,2, or 3, we simply pulled them into models.
> COmments on all aspects raised, suggestions of other models etc are welcome.
>
> SO I think we can say of your models we like 2b for this, 3 for that, and
> our favorite proposal so far is the ECO one. Strategically, and bearing in
> mind we still have years of pdps ahead of us and this is an interim
> measure, supporting the registrars seems to me a good idea, particularly
> when they have gone to the work and expense they have to produce an
> excellent proposal.
>
> Have to go drop the dog at camp, perhaps we can talk this evening in LA
> or tomorrow morning at breakfast?
>
> cheers Steph
> On 2018-01-28 10:36, farzaneh badii wrote:
>
> I tell you what is sticking in my throat Stephanie: You are way too late
> and we relied on you and you delivered late. I don't want Law Enforcement
> be viewed as legitimate force globally and you know where I am from. Does
> Eco model address my worry?
>
> Farzaneh
>
> On Sun, Jan 28, 2018 at 10:29 AM, Stephanie Perrin <
> stephanie.perrin at mail.utoronto.ca> wrote:
>
>> Well I am sorry that I did not get the comment in as well. There is a
>> lot to read and I have read it (unlike many). WE need to know where the
>> opposition is coming from.
>>
>> The ECO comments have been out there a while, and they deal with the
>> models. There is absolutely nothing wrong with endorsing another group's
>> position. Their legal analysis is excellent, in my view.
>>
>> Ignoring the reality that there is a cybercrime problem out there is, in
>> my view, not a thoughtful position to take. I can attempt to reword it if
>> you point me to precisely what is sticking in your throats. We want
>> layered access....a failure to support layered access at this point in time
>> will set us back years, we finally have ICANN agreeing to it.
>>
>> I am happy to send my comments in myself if you don't support them. I
>> think they are well informed and realistic. I think Option 3 was thrown
>> out there as a poison pill and I am not taking it.
>>
>> let me know.....
>>
>> cheers Steph
>> On 2018-01-28 09:50, farzaneh badii wrote:
>>
>> Hello Stephanie
>>
>> Is eco model in the models that offered by Icann? Is it model 2b which
>> you supported in the doc you sent us? If not then we cannot support it now.
>> I suggest going for the highest protection now until we work out something
>> better. You can always go down from highest protection to layered access
>> etc but for now and since we don't have much time to reach consensus I
>> think we can stick to model 3. I wish you had sent us your document sooner
>> so that we could work on it. Also your argument for not supporting model 3
>> in the document is not really based on substance it's based on the fact
>> that it won't get support in the community. There is a May deadline.
>> Community can come up with consensus after the deadline on another leas
>> protective model. but ICANN org can't wait!
>>
>> I suggest pc members weigh in on this deadline is tomorrow and we would
>> like to know our positoon before the intersessional.
>>
>> On Sun, Jan 28, 2018 at 9:17 AM Stephanie Perrin <
>> stephanie.perrin at mail.utoronto.ca> wrote:
>>
>>> I will try to get the revised comments on the models that have been
>>> submitted in before I run for the plane at 2 EDT...but that may not
>>> happen. The legal analysis will come next week, it is a lot harder and
>>> more complex....but I want to get my questions on the table. It will be a
>>> long time before this is over....
>>>
>>> We need to endorse the ECO model very strongly, in my view. While
>>> option 3 looks good, it is rather unworkable.
>>>
>>> cheers SP
>>> On 2018-01-27 14:09, Ayden Férdeline wrote:
>>>
>>> Thanks Rafik
>>>
>>> I’m going to hold off on endorsing this for 24 hours until I read the
>>> comments currently being drafted by Stephanie.
>>>
>>> To be clear, this is not to say that I do not endorse this statement. It
>>> sounds logical to me and consistent with our principles. But if Stephanie
>>> has a 15-page document coming I’d like to make sure we’re being consistent
>>> in our messaging.
>>>
>>> Of course, being so close to the final day for submissions, I’ll write
>>> again on-list tomorrow in the absence of any other statements being on the
>>> table, as we cannot miss this submission deadline.
>>>
>>> Sincere thanks to Milton for drafting this.
>>>
>>> Best wishes, Ayden
>>>
>>> Sent from ProtonMail Mobile
>>>
>>>
>>> On Sat, Jan 27, 2018 at 10:50, Rafik Dammak <rafik.dammak at gmail.com>
>>> wrote:
>>>
>>> Hi all,
>>>
>>> We got a comment for the GDPR compliance model. The deadline for
>>> submission ins the 29th Jan, which is the coming monday. We need act
>>> quickly within this weekend .
>>>
>>> Best,
>>>
>>> Rafik
>>>
>>> ---------- Forwarded message ----------
>>> From: "Mueller, Milton L" <milton at gatech.edu>
>>> Date: Jan 26, 2018 6:05 PM
>>> Subject: [NCSG-Discuss] Comments on the Whois compliance models
>>> To: <NCSG-DISCUSS at listserv.syr.edu>
>>> Cc:
>>>
>>> I offer the following as a first draft of the NCSG position on the 12
>>> January 2018 call for comments released by ICANN org.
>>>
>>>
>>>
>>> Principles
>>>
>>> Our evaluation of the models offered by ICANN are based on three
>>> fundamental principles. No model that fails to conform to all three is
>>> acceptable to the NCSG.
>>>
>>>
>>>
>>> 1. The purpose of whois must be strictly tied to ICANN's mission. That
>>> is, the data that is collected and the data that are published must
>>> directly and demonstrably contribute to ICANN's mission as defined in
>>> Article 1 of its new bylaws. We reject any definition of Whois purpose that
>>> is based on the way people happen to make use of data that can be accessed
>>> indiscriminately in a public directory. The fact that certain people
>>> currently use Whois for any purpose does not mean that the purpose of Whois
>>> is to provide thick data about the domain and its registrant to anyone who
>>> wants it for any reason.
>>>
>>>
>>>
>>> 2. Whois service, like the DNS itself, should be globally uniform and
>>> not vary by jurisdiction. ICANN was created to provide globalized
>>> governance of the DNS so that it would continue to be globally compatible
>>> and coordinated. Any solution that involves fragmenting the policies and
>>> practices of Whois along jurisdictional lines is not desirable.
>>>
>>>
>>>
>>> 3. No tiered access solution that involves establishing new criteria for
>>> access can feasibly be created in the next 3 months. We would strongly
>>> resist throwing the community into a hopeless rush to come up with entirely
>>> new policies, standards and practices involving tiered access to data, and
>>> we do not want ICANN staff to invent a policy that is not subject to
>>> community review and approval.
>>>
>>>
>>>
>>> Based on these three principles, we believe that Model 3 is the only
>>> viable option available. Model 3 minimizes the data publicly displayed to
>>> that which is required for maintaining the stability, security and
>>> resiliency of the DNS. Model 3 could be applied across the board, and would
>>> be presumptively legal regardless of which jurisdiction the registrar,
>>> registry or registrant are in. And Model 3 relies on established legal due
>>> process for gaining access to additional information.
>>>
>>>
>>>
>>> There is room for discussion about how much data could be publicly
>>> displayed under Model 3 consistent with ICANN's mission. E.g., it may be
>>> within ICANN's mission to include additional data in the public record,
>>> such as an email address for the technical contact and even possibly the
>>> name of the registrant.
>>>
>>>
>>>
>>> The process of gaining access to additional data in Model 1 is
>>> completely unacceptable. Self-certification by any third party requestor
>>> is, we believe, not compliant with GDPR nor does is such access justified
>>> by the purpose of Whois or ICANN's mission.
>>>
>>>
>>>
>>> Model 2 might possibly be acceptable if an suitable set of criteria and
>>> processes were devised, but it simply is not feasible for such a
>>> certification program to be developed in 3 months. A certification program
>>> thrown together in a rush poses huge risks for loopholes, poor procedures,
>>> and a legal challenge to ICANN, either from DPAs or from individuals
>>> affected.
>>>
>>>
>>>
>>> Dr. Milton L. Mueller
>>>
>>> Professor, School of Public Policy
>>>
>>> Georgia Institute of Technology
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> NCSG-PC mailing listNCSG-PC at lists.ncsg.ishttps://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>
>>> _______________________________________________
>>> NCSG-PC mailing list
>>> NCSG-PC at lists.ncsg.is
>>> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>
>> --
>> Farzaneh
>>
>>
> --
Farzaneh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180128/13623725/attachment.htm>
More information about the NCSG-PC
mailing list