[NCSG-PC] Fwd: [NCSG-Discuss] Comments on the Whois compliance models

Kathy Kleiman kathy at kathykleiman.com
Mon Jan 29 21:27:00 EET 2018 

Apologies All for so many comments. This is the last one and then I am 
off to enjoy NamesCon. Hope you enjoying LA.

Farzi,

In an earlier email, you insightfully asked: "I don't want Law 
Enforcement be viewed as legitimate force globally and you know where I 
am from. Does Eco model address my worry?" We have to dig deeper, but 
this is where the ECO Model seems to shine.

What I fear is the ICANN Models, if adopted, asking the GAC and ICANN 
Community to very rapidly come up with the law enforcement disclosure 
models. Knowing their work, I fear they will focus on the laws that 
protect us from disclosure to foreign law enforcement -- the GDPR laws 
that would protect European citizens and residents from disclosure to 
foreign governments who they are criticizing legally and fully from 
their current locations. Ditto for the pro-democracy groups in the US -- 
disclosure of their names and addresses to Chinese or other 
anti-democracy countries whether their writings (either neutral or 
anti-China) may be viewed as a violation of law. They may still have 
families in these countries! (This is not a hypothetical, but real world 
situations I have work with). ICANN does not have a history of 
differentiating between countries and law enforcement - all are likely 
to wind up equal in our interim (and final solution) and that concerns 
me more deeply than I can tell you.

For the Interim Solution that we need so quickly, as you point out, the 
ECO Model will ground it under EU laws and EU treaties that are grounded 
in human rights, individual rights, protection for an array of 
noncommercial issues, including political, moral, social, sexual, 
religious, etc. That means that international law enforcement will *not* 
have unlimited access to the data, but disclosure will be more selective 
and more discerning.

For an interim model, it is one with law and precedent and protections.

Best regards, Kathy

On 1/28/2018 1:48 PM, farzaneh badii wrote:
> So i just paste this from the ECO model here:
>
> [The legal basis for disclosure to law enforcement agencies is limited 
> to authorities acting on the grounds of EU law or national laws of EU 
> member states.]
>
> What does this mean? So only EU laws and Eu national laws can be used 
> by law enforcement globally to have access to data?
>
> Then we have this:
> [It is further proposed that certification and handling of requests 
> can be centralized in a Trusted Data Clearinghouse to avoid duplicate 
> efforts, to take off the burden of organizational, proceduaral and 
> financial efforts off the controllers and requesters, to ensure 
> consistency of decision-making and to make the system “customer 
> friendly”.]
>
>
> A trusted data clearing house. Don't know how to feel about  that. 
> They are also in favor of thick whois data and think it should 
> continue. I don't think thick whois is justified. I don't think we 
> thought that when it was approved either.
>
>
> with regards to international data transfer to non eu law enforcement 
>  please look at page 67
>
> https://www.icann.org/en/system/files/files/gdpr-cm3-eco-domain-industry-playbook-11jan18-en.pdf
>
> [International Transfer of Whois Data to Non-EU Law Enforcement Agencies
> According to Directive (EU) 2016/680, European Member States should 
> ensure that a transfer by European law enforcement agencies to a third 
> country or to an international organisation takes place only if 
> necessary for the prevention, investigation, detection or prosecution 
> of criminal offences or the execution of criminal penalties, including 
> the safeguarding against and the prevention of threats to public 
> security, and that the controller in the third country or 
> international organisation is a competent authority as well. Similar 
> to the requirements for international data transfer according to the 
> G....]
>
>
> They also say they have not consulted with data protection 
> authorities. If I am not mistaken.
>
> ECO model could be great. I can't analyze it now I dont agree with 
> some things they say I don't understand other things.
>
> On Sun, Jan 28, 2018 at 3:35 PM avri doria <avri at apc.org 
> <mailto:avri at apc.org>> wrote:
>
>     (observer)
>
>
>     On 28-Jan-18 11:55, Rafik Dammak wrote:
>     > I am not familiar with the eco model
>
>     https://www.icann.org/en/system/files/files/gdpr-cm3-eco-proposal-details-11jan18-en.pdf
>
>     _______________________________________________
>     NCSG-PC mailing list
>     NCSG-PC at lists.ncsg.is <mailto:NCSG-PC at lists.ncsg.is>
>     https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>
> -- 
> Farzaneh
>
>
> _______________________________________________
> NCSG-PC mailing list
> NCSG-PC at lists.ncsg.is
> https://lists.ncsg.is/mailman/listinfo/ncsg-pc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180129/c40a98af/attachment.htm>

More information about the NCSG-PC mailing list