[NCSG-PC] Fwd: [NCSG-Discuss] Comments on the Whois compliance models
Kathy Kleiman
kathy at kathykleiman.com
Mon Jan 29 19:52:49 EET 2018
Hi All,
I would like to support Stephanie's comments and I am sorry her computer
broke down at such a critical moment. But I do want to share that her
comments are brilliant and well-reasoned -- and walk us through the
complexities of a very difficult area. As befits the co-author of the
Canadian data protection law, her analysis of the requirements of GDPR
and the short-comings of the models is important and badly needed. It's
a "real-world" analysis for a situation we have in front of us - ICANN
and real companies in the registration industry trying to comply with
the GDPR and data protection laws around the world. I fully endorsing
adopting as much as possible from her comments.
Also safe travels to LA!
Best regards, Kathy
On 1/28/2018 8:14 AM, Stephanie Perrin wrote:
>
> I am sorry I let you down. To be frank, the discussion on the main
> list was all over the map, my desire to throw my comment out there to
> be trashed by folks not following these matters was pretty minimal.
> However, I have had a complete meltdown with my computer and my ISP,
> which slowed me down enormously, and there was no room for error.
>
> Here are a few compromise positions:
>
> 1. I can summarize at the end of the analysis of the different
> positions, the various views (I acknowledged EFF's position but did
> not go into it.
>
> 2. I can add a more thorough discussion of the law enforcement ask,
> the IP lawyer ask, etc. and why option 3 deals with those issues
> successfully.
>
> 3. I can discuss the data commissioner's expressed views on these
> matters. There will be no support from them for a wholesale cutting
> off of access for cyber investigators. IF you have any ideas on how
> to square that circle, I am all ears. It is a big problem....while I
> can be accused of caving in to a moderate position because I have been
> both a govt policy/legislative wonk and an exec in a privacy
> commissioner's office, I think you have to acknowledge I have decades
> of experience fighting off law enforcement in back rooms. If we want
> to be taken seriously, we have to acknowledge there is a problem. (it
> is of course their fault there is a problem, but that is another
> narrative....)
>
> I am also very happy saying there is a wide range of views in NCSG.
> But if you want a narrow answer to the question of whether it is 2b or
> 3, please pay attention to what Goran said in the IPC webinar the
> other day...do not feel tied to 1,2, or 3, we simply pulled them into
> models. COmments on all aspects raised, suggestions of other models
> etc are welcome.
>
> SO I think we can say of your models we like 2b for this, 3 for that,
> and our favorite proposal so far is the ECO one. Strategically, and
> bearing in mind we still have years of pdps ahead of us and this is an
> interim measure, supporting the registrars seems to me a good idea,
> particularly when they have gone to the work and expense they have to
> produce an excellent proposal.
>
> Have to go drop the dog at camp, perhaps we can talk this evening in
> LA or tomorrow morning at breakfast?
>
> cheers Steph
>
> On 2018-01-28 10:36, farzaneh badii wrote:
>> I tell you what is sticking in my throat Stephanie: You are way too
>> late and we relied on you and you delivered late. I don't want Law
>> Enforcement be viewed as legitimate force globally and you know where
>> I am from. Does Eco model address my worry?
>>
>> Farzaneh
>>
>> On Sun, Jan 28, 2018 at 10:29 AM, Stephanie Perrin
>> <stephanie.perrin at mail.utoronto.ca
>> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>>
>> Well I am sorry that I did not get the comment in as well. There
>> is a lot to read and I have read it (unlike many). WE need to
>> know where the opposition is coming from.
>>
>> The ECO comments have been out there a while, and they deal with
>> the models. There is absolutely nothing wrong with endorsing
>> another group's position. Their legal analysis is excellent, in
>> my view.
>>
>> Ignoring the reality that there is a cybercrime problem out there
>> is, in my view, not a thoughtful position to take. I can attempt
>> to reword it if you point me to precisely what is sticking in
>> your throats. We want layered access....a failure to support
>> layered access at this point in time will set us back years, we
>> finally have ICANN agreeing to it.
>>
>> I am happy to send my comments in myself if you don't support
>> them. I think they are well informed and realistic. I think
>> Option 3 was thrown out there as a poison pill and I am not
>> taking it.
>>
>> let me know.....
>>
>> cheers Steph
>>
>> On 2018-01-28 09:50, farzaneh badii wrote:
>>> Hello Stephanie
>>>
>>> Is eco model in the models that offered by Icann? Is it model 2b
>>> which you supported in the doc you sent us? If not then we
>>> cannot support it now. I suggest going for the highest
>>> protection now until we work out something better. You can
>>> always go down from highest protection to layered access etc but
>>> for now and since we don't have much time to reach consensus I
>>> think we can stick to model 3. I wish you had sent us your
>>> document sooner so that we could work on it. Also your argument
>>> for not supporting model 3 in the document is not really based
>>> on substance it's based on the fact that it won't get support in
>>> the community. There is a May deadline. Community can come up
>>> with consensus after the deadline on another leas protective
>>> model. but ICANN org can't wait!
>>>
>>> I suggest pc members weigh in on this deadline is tomorrow and
>>> we would like to know our positoon before the intersessional.
>>>
>>> On Sun, Jan 28, 2018 at 9:17 AM Stephanie Perrin
>>> <stephanie.perrin at mail.utoronto.ca
>>> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>>>
>>> I will try to get the revised comments on the models that
>>> have been submitted in before I run for the plane at 2
>>> EDT...but that may not happen. The legal analysis will come
>>> next week, it is a lot harder and more complex....but I want
>>> to get my questions on the table. It will be a long time
>>> before this is over....
>>>
>>> We need to endorse the ECO model very strongly, in my view.
>>> While option 3 looks good, it is rather unworkable.
>>>
>>> cheers SP
>>>
>>> On 2018-01-27 14:09, Ayden Férdeline wrote:
>>>> Thanks Rafik
>>>>
>>>> I’m going to hold off on endorsing this for 24 hours until
>>>> I read the comments currently being drafted by Stephanie.
>>>>
>>>> To be clear, this is not to say that I do not endorse this
>>>> statement. It sounds logical to me and consistent with our
>>>> principles. But if Stephanie has a 15-page document coming
>>>> I’d like to make sure we’re being consistent in our messaging.
>>>>
>>>> Of course, being so close to the final day for
>>>> submissions, I’ll write again on-list tomorrow in the
>>>> absence of any other statements being on the table, as we
>>>> cannot miss this submission deadline.
>>>>
>>>> Sincere thanks to Milton for drafting this.
>>>>
>>>> Best wishes, Ayden
>>>>
>>>> Sent from ProtonMail Mobile
>>>>
>>>>
>>>> On Sat, Jan 27, 2018 at 10:50, Rafik Dammak
>>>> <rafik.dammak at gmail.com <mailto:rafik.dammak at gmail.com>> wrote:
>>>>> Hi all,
>>>>>
>>>>> We got a comment for the GDPR compliance model. The
>>>>> deadline for submission ins the 29th Jan, which is the
>>>>> coming monday. We need act quickly within this weekend .
>>>>>
>>>>> Best,
>>>>>
>>>>> Rafik
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: "Mueller, Milton L" <milton at gatech.edu
>>>>> <mailto:milton at gatech.edu>>
>>>>> Date: Jan 26, 2018 6:05 PM
>>>>> Subject: [NCSG-Discuss] Comments on the Whois compliance
>>>>> models
>>>>> To: <NCSG-DISCUSS at listserv.syr.edu
>>>>> <mailto:NCSG-DISCUSS at listserv.syr.edu>>
>>>>> Cc:
>>>>>
>>>>> I offer the following as a first draft of the NCSG
>>>>> position on the 12 January 2018 call for comments
>>>>> released by ICANN org.
>>>>>
>>>>> Principles
>>>>>
>>>>> Our evaluation of the models offered by ICANN are
>>>>> based on three fundamental principles. No model that
>>>>> fails to conform to all three is acceptable to the NCSG.
>>>>>
>>>>> 1. The purpose of whois must be strictly tied to
>>>>> ICANN's mission. That is, the data that is collected
>>>>> and the data that are published must directly and
>>>>> demonstrably contribute to ICANN's mission as defined
>>>>> in Article 1 of its new bylaws. We reject any
>>>>> definition of Whois purpose that is based on the way
>>>>> people happen to make use of data that can be accessed
>>>>> indiscriminately in a public directory. The fact that
>>>>> certain people currently use Whois for any purpose
>>>>> does not mean that the purpose of Whois is to provide
>>>>> thick data about the domain and its registrant to
>>>>> anyone who wants it for any reason.
>>>>>
>>>>> 2. Whois service, like the DNS itself, should be
>>>>> globally uniform and not vary by jurisdiction. ICANN
>>>>> was created to provide globalized governance of the
>>>>> DNS so that it would continue to be globally
>>>>> compatible and coordinated. Any solution that involves
>>>>> fragmenting the policies and practices of Whois along
>>>>> jurisdictional lines is not desirable.
>>>>>
>>>>> 3. No tiered access solution that involves
>>>>> establishing new criteria for access can feasibly be
>>>>> created in the next 3 months. We would strongly resist
>>>>> throwing the community into a hopeless rush to come up
>>>>> with entirely new policies, standards and practices
>>>>> involving tiered access to data, and we do not want
>>>>> ICANN staff to invent a policy that is not subject to
>>>>> community review and approval.
>>>>>
>>>>> Based on these three principles, we believe that Model
>>>>> 3 is the only viable option available. Model 3
>>>>> minimizes the data publicly displayed to that which is
>>>>> required for maintaining the stability, security and
>>>>> resiliency of the DNS. Model 3 could be applied across
>>>>> the board, and would be presumptively legal regardless
>>>>> of which jurisdiction the registrar, registry or
>>>>> registrant are in. And Model 3 relies on established
>>>>> legal due process for gaining access to additional
>>>>> information.
>>>>>
>>>>> There is room for discussion about how much data could
>>>>> be publicly displayed under Model 3 consistent with
>>>>> ICANN's mission. E.g., it may be within ICANN's
>>>>> mission to include additional data in the public
>>>>> record, such as an email address for the technical
>>>>> contact and even possibly the name of the registrant.
>>>>>
>>>>> The process of gaining access to additional data in
>>>>> Model 1 is completely unacceptable. Self-certification
>>>>> by any third party requestor is, we believe, not
>>>>> compliant with GDPR nor does is such access justified
>>>>> by the purpose of Whois or ICANN's mission.
>>>>>
>>>>> Model 2 might possibly be acceptable if an suitable
>>>>> set of criteria and processes were devised, but it
>>>>> simply is not feasible for such a certification
>>>>> program to be developed in 3 months. A certification
>>>>> program thrown together in a rush poses huge risks for
>>>>> loopholes, poor procedures, and a legal challenge to
>>>>> ICANN, either from DPAs or from individuals affected.
>>>>>
>>>>> Dr. Milton L. Mueller
>>>>>
>>>>> Professor, School of Public Policy
>>>>>
>>>>> Georgia Institute of Technology
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> NCSG-PC mailing list
>>>> NCSG-PC at lists.ncsg.is <mailto:NCSG-PC at lists.ncsg.is>
>>>> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>> <https://lists.ncsg.is/mailman/listinfo/ncsg-pc>
>>> _______________________________________________ NCSG-PC
>>> mailing list NCSG-PC at lists.ncsg.is
>>> <mailto:NCSG-PC at lists.ncsg.is>
>>> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>> <https://lists.ncsg.is/mailman/listinfo/ncsg-pc>
>>>
>>> --
>>> Farzaneh
>>
> _______________________________________________
> NCSG-PC mailing list
> NCSG-PC at lists.ncsg.is
> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180129/df330393/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2Comments on GDPR Interim Compliance Models for WHOIS-1 - SPerrin 1-27.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 167034 bytes
Desc: not available
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180129/df330393/attachment.docx>
More information about the NCSG-PC
mailing list