[NCSG-PC] Fwd: [NCSG-Discuss] Comments on the Whois compliance models

Dr. Tatiana Tropina t.tropina at mpicc.de
Mon Jan 29 18:52:16 EET 2018


All,

I support Rafik's approach.

1) we can submit the comment supporting the model 3.

2) we can tweak 2b and look more thoroughly at eco meanwhile and clarify
some things that are not clear there for me yet - like LEA access and
some other.

3) as we have to be rational, we can bargain further with a mix of 3 and
2b, if needed.

Cheers,

Tanya


On 28/01/18 08:55, Rafik Dammak wrote:
> Hi,
>
> while I checked the 3 models, I am not familiar with the eco model or
> comment and so making any judgment hard. is it similar to one of the
> models or something totally different proposal?
> maybe as context, we should recall that those models are supposed to
> be interim solutions. One risk with model 2b or a similar (eco?) is
> what French calls "le temporaire qui dure", a lasting temporary. It
> means having a workaround that will become de facto the solution with
> all its drawbacks and we won't have a real say in the process such
> accreditation or certification (we can learn from the current
> discussion on implementing of PPSAI and how staff views differ from
> the policy).
>
> let's think in practical fashion here:
> - we got a deadline and need to submit a comment
> - the discussion is still continuing e.g. webinar this week and beyond
> - there are calls for extension by BC and IPC because they want to
> propose more models beyond the 3 tabled.
>
> I guess one approach is to have the comment saying that the model 3 to
> meet the current deadline because its restrictions is a more
> safe solution till we move for a restrictive layered option (2b or eco
> model) after a real community involvement and discussion. Having a
> model 3 used is a real ncentive for everyone to work on a long time
> solution acknowledging all concerns from the different parties instead
> of tricking us to accept an ill-designed option. the document made by
> Stephanie is a starting point for us to work on the details in coming
> months.
>
> Best,
>
> Rafik
>
> 2018-01-29 1:14 GMT+09:00 Stephanie Perrin
> <stephanie.perrin at mail.utoronto.ca
> <mailto:stephanie.perrin at mail.utoronto.ca>>:
>
>     I am sorry I let you down.  To be frank, the discussion on the
>     main list was all over the map, my desire to throw my comment out
>     there to be trashed by folks not following these matters was
>     pretty minimal.  However, I have had a complete meltdown with my
>     computer and my ISP, which slowed me down enormously, and there
>     was no room for error.
>
>     Here are a few compromise positions:
>
>     1.  I can summarize at the end of the analysis of the different
>     positions, the various views (I acknowledged EFF's position but
>     did not go into it.
>
>     2.  I can add a more thorough discussion of the law enforcement
>     ask, the IP lawyer ask, etc. and why option 3 deals with those
>     issues successfully.
>
>     3.  I can discuss the data commissioner's expressed views on these
>     matters.  There will be no support from them for a wholesale
>     cutting off of access for cyber investigators.  IF you have any
>     ideas on how to square that circle, I am all ears.  It is a big
>     problem....while I can be accused of caving in to a moderate
>     position because I have been both a govt policy/legislative wonk
>     and an exec in a privacy commissioner's office, I think you have
>     to acknowledge I have decades of experience fighting off law
>     enforcement in back rooms.  If we want to be taken seriously, we
>     have to acknowledge there is a problem. (it is of course their
>     fault there is a problem, but that is another narrative....)
>
>     I am also very happy saying there is a wide range of views in
>     NCSG.  But if you want a narrow answer to the question of whether
>     it is 2b or 3, please pay attention to what Goran said in the IPC
>     webinar the other day...do not feel tied to 1,2, or 3, we simply
>     pulled them into models. COmments on all aspects raised,
>     suggestions of other models etc are welcome.
>
>     SO I think we can say of your models we like 2b for this, 3 for
>     that, and our favorite proposal so far is the ECO one. 
>     Strategically, and bearing in mind we still have years of pdps
>     ahead of us and this is an interim measure, supporting the
>     registrars seems to me a good idea, particularly when they have
>     gone to the work and expense they have to produce an excellent
>     proposal.
>
>     Have to go drop  the dog at camp, perhaps we can talk this evening
>     in LA or tomorrow morning at breakfast?
>
>     cheers Steph
>
>     On 2018-01-28 10:36, farzaneh badii wrote:
>>     I tell you what is sticking in my throat Stephanie: You are way
>>     too late and we relied on you and you delivered late. I don't
>>     want Law Enforcement be viewed as legitimate force globally and
>>     you know where I am from. Does Eco model address my worry?
>>
>>     Farzaneh
>>
>>     On Sun, Jan 28, 2018 at 10:29 AM, Stephanie Perrin
>>     <stephanie.perrin at mail.utoronto.ca
>>     <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>>
>>         Well I am sorry that I did not get the comment in as well. 
>>         There is a lot to read and I have read it (unlike many).  WE
>>         need to know where the opposition is coming from.
>>
>>         The ECO comments have been out there a while, and they deal
>>         with the models.  There is absolutely nothing wrong with
>>         endorsing another group's position.  Their legal analysis is
>>         excellent, in my view.
>>
>>         Ignoring the reality that there is a cybercrime problem out
>>         there is, in my view, not a thoughtful position to take.  I
>>         can attempt to reword it if you point me to precisely what is
>>         sticking in your throats.  We want layered access....a
>>         failure to support layered access at this point in time will
>>         set us back years, we finally have ICANN agreeing to it.
>>
>>         I am happy to send my comments in myself if you don't support
>>         them.  I think they are well informed and realistic.  I think
>>         Option 3 was thrown out there as a poison pill and I am not
>>         taking it.
>>
>>         let me know.....
>>
>>         cheers Steph
>>
>>         On 2018-01-28 09:50, farzaneh badii wrote:
>>>         Hello Stephanie 
>>>
>>>         Is eco model in the models that offered by Icann? Is it
>>>         model 2b which you supported in the doc you sent us? If not
>>>         then we cannot support it now. I suggest going for the
>>>         highest protection now until we work out something better.
>>>         You can always go down from highest protection to layered
>>>         access etc but for now and since we don't have much time to
>>>         reach consensus I think we can stick to model 3.  I wish you
>>>         had sent us your document sooner so that we could work on
>>>         it. Also your argument for not supporting model 3 in the
>>>         document is not really based on substance it's based on the
>>>         fact that it won't get support in the community. There is a
>>>         May deadline. Community can come up with consensus after the
>>>         deadline on another leas protective model.  but ICANN org
>>>         can't wait! 
>>>
>>>         I suggest pc members weigh in on this deadline is tomorrow
>>>         and we would like to know our positoon before the
>>>         intersessional.
>>>
>>>         On Sun, Jan 28, 2018 at 9:17 AM Stephanie Perrin
>>>         <stephanie.perrin at mail.utoronto.ca
>>>         <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>>>
>>>             I will try to get the revised comments on the models
>>>             that have been submitted in before I run for  the plane
>>>             at 2 EDT...but that may not happen.  The legal analysis
>>>             will come next week, it is a lot harder and more
>>>             complex....but I want to get my questions on the table. 
>>>             It will be a long time before this is over....
>>>
>>>             We need to endorse the ECO model very strongly, in my
>>>             view.  While option 3 looks good, it is rather unworkable.
>>>
>>>             cheers SP
>>>
>>>             On 2018-01-27 14:09, Ayden Férdeline wrote:
>>>>             Thanks Rafik
>>>>
>>>>             I’m going to hold off on endorsing this for
>>>>             24 hours until I read the comments currently being
>>>>             drafted by Stephanie.  
>>>>
>>>>             To be clear, this is not to say that I do not endorse
>>>>             this statement. It sounds logical to me and consistent
>>>>             with our principles. But if Stephanie has a 15-page
>>>>             document coming I’d like to make sure we’re being
>>>>             consistent in our messaging. 
>>>>
>>>>             Of course, being so close to the final day for
>>>>             submissions, I’ll write again on-list tomorrow in the
>>>>             absence of any other statements being on the table, as
>>>>             we cannot miss this submission deadline. 
>>>>
>>>>             Sincere thanks to Milton for drafting this. 
>>>>
>>>>             Best wishes, Ayden
>>>>
>>>>             Sent from ProtonMail Mobile
>>>>
>>>>
>>>>             On Sat, Jan 27, 2018 at 10:50, Rafik Dammak
>>>>             <rafik.dammak at gmail.com
>>>>             <mailto:rafik.dammak at gmail.com>> wrote:
>>>>>             Hi all,
>>>>>
>>>>>             We got a comment for the GDPR compliance model. The
>>>>>             deadline for submission ins the 29th Jan, which is the
>>>>>             coming monday. We need act quickly within this weekend .
>>>>>
>>>>>             Best,
>>>>>
>>>>>             Rafik 
>>>>>
>>>>>             ---------- Forwarded message ----------
>>>>>             From: "Mueller, Milton L" <milton at gatech.edu
>>>>>             <mailto:milton at gatech.edu>>
>>>>>             Date: Jan 26, 2018 6:05 PM
>>>>>             Subject: [NCSG-Discuss] Comments on the Whois
>>>>>             compliance models
>>>>>             To: <NCSG-DISCUSS at listserv.syr.edu
>>>>>             <mailto:NCSG-DISCUSS at listserv.syr.edu>>
>>>>>             Cc:
>>>>>
>>>>>                 I offer the following as a first draft of the NCSG
>>>>>                 position on the 12 January 2018 call for comments
>>>>>                 released by ICANN org.
>>>>>
>>>>>                  
>>>>>
>>>>>                 Principles
>>>>>
>>>>>                 Our evaluation of the models offered by ICANN are
>>>>>                 based on three fundamental principles. No model
>>>>>                 that fails to conform to all three is acceptable
>>>>>                 to the NCSG.
>>>>>
>>>>>                  
>>>>>
>>>>>                 1. The purpose of whois must be strictly tied to
>>>>>                 ICANN's mission. That is, the data that is
>>>>>                 collected and the data that are published must
>>>>>                 directly and demonstrably contribute to ICANN's
>>>>>                 mission as defined in Article 1 of its new bylaws.
>>>>>                 We reject any definition of Whois purpose that is
>>>>>                 based on the way people happen to make use of data
>>>>>                 that can be accessed indiscriminately in a public
>>>>>                 directory. The fact that certain people currently
>>>>>                 use Whois for any purpose does not mean that the
>>>>>                 purpose of Whois is to provide thick data about
>>>>>                 the domain and its registrant to anyone who wants
>>>>>                 it for any reason.
>>>>>
>>>>>                  
>>>>>
>>>>>                 2. Whois service, like the DNS itself, should be
>>>>>                 globally uniform and not vary by jurisdiction.
>>>>>                 ICANN was created to provide globalized governance
>>>>>                 of the DNS so that it would continue to be
>>>>>                 globally compatible and coordinated. Any solution
>>>>>                 that involves fragmenting the policies and
>>>>>                 practices of Whois along jurisdictional lines is
>>>>>                 not desirable.
>>>>>
>>>>>                  
>>>>>
>>>>>                 3. No tiered access solution that involves
>>>>>                 establishing new criteria for access can feasibly
>>>>>                 be created in the next 3 months. We would strongly
>>>>>                 resist throwing the community into a hopeless rush
>>>>>                 to come up with entirely new policies, standards
>>>>>                 and practices involving tiered access to data, and
>>>>>                 we do not want ICANN staff to invent a policy that
>>>>>                 is not subject to community review and approval. 
>>>>>
>>>>>                  
>>>>>
>>>>>                 Based on these three principles, we believe that
>>>>>                 Model 3 is the only viable option available. Model
>>>>>                 3 minimizes the data publicly displayed to that
>>>>>                 which is required for maintaining the stability,
>>>>>                 security and resiliency of the DNS. Model 3 could
>>>>>                 be applied across the board, and would be
>>>>>                 presumptively legal regardless of which
>>>>>                 jurisdiction the registrar, registry or registrant
>>>>>                 are in. And Model 3 relies on established legal
>>>>>                 due process for gaining access to additional
>>>>>                 information.
>>>>>
>>>>>                  
>>>>>
>>>>>                 There is room for discussion about how much data
>>>>>                 could be publicly displayed under Model 3
>>>>>                 consistent with ICANN's mission. E.g., it may be
>>>>>                 within ICANN's mission to include additional data
>>>>>                 in the public record, such as an email address for
>>>>>                 the technical contact and even possibly the name
>>>>>                 of the registrant.
>>>>>
>>>>>                  
>>>>>
>>>>>                 The process of gaining access to additional data
>>>>>                 in Model 1 is completely unacceptable.
>>>>>                 Self-certification by any third party requestor
>>>>>                 is, we believe, not compliant with GDPR nor does
>>>>>                 is such access justified by the purpose of Whois
>>>>>                 or ICANN's mission.
>>>>>
>>>>>                  
>>>>>
>>>>>                 Model 2 might possibly be acceptable if an
>>>>>                 suitable set of criteria and processes were
>>>>>                 devised, but it simply is not feasible for such a
>>>>>                 certification program to be developed in 3 months.
>>>>>                 A certification program thrown together in a rush
>>>>>                 poses huge risks for loopholes, poor procedures,
>>>>>                 and a legal challenge to ICANN, either from DPAs
>>>>>                 or from individuals affected.
>>>>>
>>>>>                  
>>>>>
>>>>>                 Dr. Milton L. Mueller
>>>>>
>>>>>                 Professor, School of Public Policy
>>>>>
>>>>>                 Georgia Institute of Technology
>>>>>
>>>>>                  
>>>>>
>>>>>                  
>>>>>
>>>>>
>>>>
>>>>             _______________________________________________
>>>>             NCSG-PC mailing list
>>>>             NCSG-PC at lists.ncsg.is <mailto:NCSG-PC at lists.ncsg.is>
>>>>             https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>>             <https://lists.ncsg.is/mailman/listinfo/ncsg-pc>
>>>             _______________________________________________
>>>             NCSG-PC mailing list
>>>             NCSG-PC at lists.ncsg.is <mailto:NCSG-PC at lists.ncsg.is>
>>>             https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>             <https://lists.ncsg.is/mailman/listinfo/ncsg-pc>
>>>
>>>         -- 
>>>         Farzaneh
>>
>>
>
>     _______________________________________________
>     NCSG-PC mailing list
>     NCSG-PC at lists.ncsg.is <mailto:NCSG-PC at lists.ncsg.is>
>     https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>     <https://lists.ncsg.is/mailman/listinfo/ncsg-pc>
>
>
>
>
> _______________________________________________
> NCSG-PC mailing list
> NCSG-PC at lists.ncsg.is
> https://lists.ncsg.is/mailman/listinfo/ncsg-pc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180129/1b371708/attachment.htm>


More information about the NCSG-PC mailing list