[NCSG-PC] Fwd: [NCSG-Discuss] Comments on the Whois compliance models

Farell Folly farellfolly at gmail.com
Mon Jan 29 23:15:07 EET 2018


Dear all,

I am really hesitating between 2b and 3 depending on how ICANN will process
during implementation. At first sight, I liked the model 2B and how it
distinguished between natural and legal and the circumstances, but I scared
about the neutrality and effectiveness of the third party and the fact that
this interim model becomes a long-term solution which will/may fail against
law in many jurisdictions. The model 3 is very safe and if we have to
choose something temporary, it appears to be the best option.

My concern is that if someone can afford model 2b, (s)he can also afford
model 3b since it is more restrictive on how one can access whois data
(better privacy) and it also gives more flexibility for national law
enforcement bodies on how they regulate user/data privacy while preventing
ICANN to deal about all use cases;

@Stephanie, I have not finished reading all your comments, I am sorry. I
will continue doing so and check whether I miss some insights about the
analysis.

Le lun. 29 janv. 2018 à 21:52, Poncelet Ileleji <pileleji at ymca.gm> a écrit :

> Supported +1
>
> On 29 January 2018 at 17:52, Dr. Tatiana Tropina <t.tropina at mpicc.de>
> wrote:
>
>> All,
>>
>> I support Rafik's approach.
>>
>> 1) we can submit the comment supporting the model 3.
>>
>> 2) we can tweak 2b and look more thoroughly at eco meanwhile and clarify
>> some things that are not clear there for me yet - like LEA access and some
>> other.
>>
>> 3) as we have to be rational, we can bargain further with a mix of 3 and
>> 2b, if needed.
>>
>> Cheers,
>>
>> Tanya
>>
>> On 28/01/18 08:55, Rafik Dammak wrote:
>>
>> Hi,
>>
>> while I checked the 3 models, I am not familiar with the eco model or
>> comment and so making any judgment hard. is it similar to one of the models
>> or something totally different proposal?
>> maybe as context, we should recall that those models are supposed to be
>> interim solutions. One risk with model 2b or a similar (eco?) is what
>> French calls "le temporaire qui dure", a lasting temporary. It means having
>> a workaround that will become de facto the solution with all its drawbacks
>> and we won't have a real say in the process such accreditation or
>> certification (we can learn from the current discussion on implementing of
>> PPSAI and how staff views differ from the policy).
>>
>> let's think in practical fashion here:
>> - we got a deadline and need to submit a comment
>> - the discussion is still continuing e.g. webinar this week and beyond
>> - there are calls for extension by BC and IPC because they want to
>> propose more models beyond the 3 tabled.
>>
>> I guess one approach is to have the comment saying that the model 3 to
>> meet the current deadline because its restrictions is a more safe solution
>> till we move for a restrictive layered option (2b or eco model) after a
>> real community involvement and discussion. Having a model 3 used is a real
>> ncentive for everyone to work on a long time solution acknowledging all
>> concerns from the different parties instead of tricking us to accept an
>> ill-designed option. the document made by Stephanie is a starting point for
>> us to work on the details in coming months.
>>
>> Best,
>>
>> Rafik
>>
>> 2018-01-29 1:14 GMT+09:00 Stephanie Perrin <
>> stephanie.perrin at mail.utoronto.ca>:
>>
>>> I am sorry I let you down.  To be frank, the discussion on the main list
>>> was all over the map, my desire to throw my comment out there to be trashed
>>> by folks not following these matters was pretty minimal.  However, I have
>>> had a complete meltdown with my computer and my ISP, which slowed me down
>>> enormously, and there was no room for error.
>>>
>>> Here are a few compromise positions:
>>>
>>> 1.  I can summarize at the end of the analysis of the different
>>> positions, the various views (I acknowledged EFF's position but did not go
>>> into it.
>>>
>>> 2.  I can add a more thorough discussion of the law enforcement ask, the
>>> IP lawyer ask, etc. and why option 3 deals with those issues successfully.
>>>
>>> 3.  I can discuss the data commissioner's expressed views on these
>>> matters.  There will be no support from them for a wholesale cutting off of
>>> access for cyber investigators.  IF you have any ideas on how to square
>>> that circle, I am all ears.  It is a big problem....while I can be accused
>>> of caving in to a moderate position because I have been both a govt
>>> policy/legislative wonk and an exec in a privacy commissioner's office, I
>>> think you have to acknowledge I have decades of experience fighting off law
>>> enforcement in back rooms.  If we want to be taken seriously, we have to
>>> acknowledge there is a problem. (it is of course their fault there is a
>>> problem, but that is another narrative....)
>>>
>>> I am also very happy saying there is a wide range of views in NCSG.  But
>>> if you want a narrow answer to the question of whether it is 2b or 3,
>>> please pay attention to what Goran said in the IPC webinar the other
>>> day...do not feel tied to 1,2, or 3, we simply pulled them into models.
>>> COmments on all aspects raised, suggestions of other models etc are welcome.
>>>
>>> SO I think we can say of your models we like 2b for this, 3 for that,
>>> and our favorite proposal so far is the ECO one.  Strategically, and
>>> bearing in mind we still have years of pdps ahead of us and this is an
>>> interim measure, supporting the registrars seems to me a good idea,
>>> particularly when they have gone to the work and expense they have to
>>> produce an excellent proposal.
>>>
>>> Have to go drop  the dog at camp, perhaps we can talk this evening in LA
>>> or tomorrow morning at breakfast?
>>>
>>> cheers Steph
>>> On 2018-01-28 10:36, farzaneh badii wrote:
>>>
>>> I tell you what is sticking in my throat Stephanie: You are way too late
>>> and we relied on you and you delivered late. I don't want Law Enforcement
>>> be viewed as legitimate force globally and you know where I am from. Does
>>> Eco model address my worry?
>>>
>>> Farzaneh
>>>
>>> On Sun, Jan 28, 2018 at 10:29 AM, Stephanie Perrin <
>>> stephanie.perrin at mail.utoronto.ca> wrote:
>>>
>>>> Well I am sorry that I did not get the comment in as well.  There is a
>>>> lot to read and I have read it (unlike many).  WE need to know where the
>>>> opposition is coming from.
>>>>
>>>> The ECO comments have been out there a while, and they deal with the
>>>> models.  There is absolutely nothing wrong with endorsing another group's
>>>> position.  Their legal analysis is excellent, in my view.
>>>>
>>>> Ignoring the reality that there is a cybercrime problem out there is,
>>>> in my view, not a thoughtful position to take.  I can attempt to reword it
>>>> if you point me to precisely what is sticking in your throats.  We want
>>>> layered access....a failure to support layered access at this point in time
>>>> will set us back years, we finally have ICANN agreeing to it.
>>>>
>>>> I am happy to send my comments in myself if you don't support them.  I
>>>> think they are well informed and realistic.  I think Option 3 was thrown
>>>> out there as a poison pill and I am not taking it.
>>>>
>>>> let me know.....
>>>>
>>>> cheers Steph
>>>> On 2018-01-28 09:50, farzaneh badii wrote:
>>>>
>>>> Hello Stephanie
>>>>
>>>> Is eco model in the models that offered by Icann? Is it model 2b which
>>>> you supported in the doc you sent us? If not then we cannot support it now.
>>>> I suggest going for the highest protection now until we work out something
>>>> better. You can always go down from highest protection to layered access
>>>> etc but for now and since we don't have much time to reach consensus I
>>>> think we can stick to model 3.  I wish you had sent us your document sooner
>>>> so that we could work on it. Also your argument for not supporting model 3
>>>> in the document is not really based on substance it's based on the fact
>>>> that it won't get support in the community. There is a May deadline.
>>>> Community can come up with consensus after the deadline on another leas
>>>> protective model.  but ICANN org can't wait!
>>>>
>>>> I suggest pc members weigh in on this deadline is tomorrow and we would
>>>> like to know our positoon before the intersessional.
>>>>
>>>> On Sun, Jan 28, 2018 at 9:17 AM Stephanie Perrin <
>>>> stephanie.perrin at mail.utoronto.ca> wrote:
>>>>
>>>>> I will try to get the revised comments on the models that have been
>>>>> submitted in before I run for  the plane at 2 EDT...but that may not
>>>>> happen.  The legal analysis will come next week, it is a lot harder and
>>>>> more complex....but I want to get my questions on the table.  It will be a
>>>>> long time before this is over....
>>>>>
>>>>> We need to endorse the ECO model very strongly, in my view.  While
>>>>> option 3 looks good, it is rather unworkable.
>>>>>
>>>>> cheers SP
>>>>> On 2018-01-27 14:09, Ayden Férdeline wrote:
>>>>>
>>>>> Thanks Rafik
>>>>>
>>>>> I’m going to hold off on endorsing this for 24 hours until I read the
>>>>> comments currently being drafted by Stephanie.
>>>>>
>>>>> To be clear, this is not to say that I do not endorse this statement.
>>>>> It sounds logical to me and consistent with our principles. But if
>>>>> Stephanie has a 15-page document coming I’d like to make sure we’re being
>>>>> consistent in our messaging.
>>>>>
>>>>> Of course, being so close to the final day for submissions, I’ll write
>>>>> again on-list tomorrow in the absence of any other statements being on the
>>>>> table, as we cannot miss this submission deadline.
>>>>>
>>>>> Sincere thanks to Milton for drafting this.
>>>>>
>>>>> Best wishes, Ayden
>>>>>
>>>>> Sent from ProtonMail Mobile
>>>>>
>>>>>
>>>>> On Sat, Jan 27, 2018 at 10:50, Rafik Dammak <rafik.dammak at gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> We got a comment for the GDPR compliance model. The deadline for
>>>>> submission ins the 29th Jan, which is the coming monday. We need act
>>>>> quickly within this weekend .
>>>>>
>>>>> Best,
>>>>>
>>>>> Rafik
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: "Mueller, Milton L" <milton at gatech.edu>
>>>>> Date: Jan 26, 2018 6:05 PM
>>>>> Subject: [NCSG-Discuss] Comments on the Whois compliance models
>>>>> To: <NCSG-DISCUSS at listserv.syr.edu>
>>>>> Cc:
>>>>>
>>>>> I offer the following as a first draft of the NCSG position on the 12
>>>>> January 2018 call for comments released by ICANN org.
>>>>>
>>>>>
>>>>>
>>>>> Principles
>>>>>
>>>>> Our evaluation of the models offered by ICANN are based on three
>>>>> fundamental principles. No model that fails to conform to all three is
>>>>> acceptable to the NCSG.
>>>>>
>>>>>
>>>>>
>>>>> 1. The purpose of whois must be strictly tied to ICANN's mission. That
>>>>> is, the data that is collected and the data that are published must
>>>>> directly and demonstrably contribute to ICANN's mission as defined in
>>>>> Article 1 of its new bylaws. We reject any definition of Whois purpose that
>>>>> is based on the way people happen to make use of data that can be accessed
>>>>> indiscriminately in a public directory. The fact that certain people
>>>>> currently use Whois for any purpose does not mean that the purpose of Whois
>>>>> is to provide thick data about the domain and its registrant to anyone who
>>>>> wants it for any reason.
>>>>>
>>>>>
>>>>>
>>>>> 2. Whois service, like the DNS itself, should be globally uniform and
>>>>> not vary by jurisdiction. ICANN was created to provide globalized
>>>>> governance of the DNS so that it would continue to be globally compatible
>>>>> and coordinated. Any solution that involves fragmenting the policies and
>>>>> practices of Whois along jurisdictional lines is not desirable.
>>>>>
>>>>>
>>>>>
>>>>> 3. No tiered access solution that involves establishing new criteria
>>>>> for access can feasibly be created in the next 3 months. We would strongly
>>>>> resist throwing the community into a hopeless rush to come up with entirely
>>>>> new policies, standards and practices involving tiered access to data, and
>>>>> we do not want ICANN staff to invent a policy that is not subject to
>>>>> community review and approval.
>>>>>
>>>>>
>>>>>
>>>>> Based on these three principles, we believe that Model 3 is the only
>>>>> viable option available. Model 3 minimizes the data publicly displayed to
>>>>> that which is required for maintaining the stability, security and
>>>>> resiliency of the DNS. Model 3 could be applied across the board, and would
>>>>> be presumptively legal regardless of which jurisdiction the registrar,
>>>>> registry or registrant are in. And Model 3 relies on established legal due
>>>>> process for gaining access to additional information.
>>>>>
>>>>>
>>>>>
>>>>> There is room for discussion about how much data could be publicly
>>>>> displayed under Model 3 consistent with ICANN's mission. E.g., it may be
>>>>> within ICANN's mission to include additional data in the public record,
>>>>> such as an email address for the technical contact and even possibly the
>>>>> name of the registrant.
>>>>>
>>>>>
>>>>>
>>>>> The process of gaining access to additional data in Model 1 is
>>>>> completely unacceptable. Self-certification by any third party requestor
>>>>> is, we believe, not compliant with GDPR nor does is such access justified
>>>>> by the purpose of Whois or ICANN's mission.
>>>>>
>>>>>
>>>>>
>>>>> Model 2 might possibly be acceptable if an suitable set of criteria
>>>>> and processes were devised, but it simply is not feasible for such a
>>>>> certification program to be developed in 3 months. A certification program
>>>>> thrown together in a rush poses huge risks for loopholes, poor procedures,
>>>>> and a legal challenge to ICANN, either from DPAs or from individuals
>>>>> affected.
>>>>>
>>>>>
>>>>>
>>>>> Dr. Milton L. Mueller
>>>>>
>>>>> Professor, School of Public Policy
>>>>>
>>>>> Georgia Institute of Technology
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> NCSG-PC mailing listNCSG-PC at lists.ncsg.ishttps://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>>>
>>>>> _______________________________________________
>>>>> NCSG-PC mailing list
>>>>> NCSG-PC at lists.ncsg.is
>>>>> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>>>
>>>> --
>>>> Farzaneh
>>>>
>>>>
>>>
>>> _______________________________________________
>>> NCSG-PC mailing list
>>> NCSG-PC at lists.ncsg.is
>>> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>>
>>>
>>
>>
>> _______________________________________________
>> NCSG-PC mailing listNCSG-PC at lists.ncsg.ishttps://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>
>>
>>
>> _______________________________________________
>> NCSG-PC mailing list
>> NCSG-PC at lists.ncsg.is
>> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>>
>>
>
>
> --
> Poncelet O. Ileleji MBCS
> Coordinator
> The Gambia YMCAs Computer Training Centre & Digital Studio
> MDI Road Kanifing South
> P. O. Box 421 Banjul
> The Gambia, West Africa
> Tel: (220) 4370240 <(220)%20437-0240>
> Fax:(220) 4390793 <(220)%20439-0793>
> Cell:(220) 9912508 <(220)%20991-2508>
> Skype: pons_utd
>
>
>
>
>
>
>
> *www.ymca.gm <http://www.ymca.gm>http://signaraglobalsolutions.com/
> <http://signaraglobalsolutions.com/>http://jokkolabs.net/en/
> <http://jokkolabs.net/en/>www.waigf.org
> <http://www.waigf.org>www,insistglobal.com <http://www.itag.gm>www.npoc.org
> <http://www.npoc.org>http://www.wsa-mobile.org/node/753
> <http://www.wsa-mobile.org/node/753>*www.diplointernetgovernance.org
>
>
>
>
> _______________________________________________
> NCSG-PC mailing list
> NCSG-PC at lists.ncsg.is
> https://lists.ncsg.is/mailman/listinfo/ncsg-pc
>
-- 
Regards
@__f_f__
https://www.linkedin.com/in/farellf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180129/0b08e5d9/attachment.htm>


More information about the NCSG-PC mailing list