<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif"><div>Christopher,</div><div><br></div><div>A great deal of the work in both the EWG and the RDS PDP consisted of identifying these parties and use cases. I invite you to peruse both for answers. It's not hard to find -- no begging needed.</div><div><br></div><div>Best regards,</div><div><br></div><div>Greg</div></div><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_quote"><div dir="ltr"><br>On Wed, Aug 8, 2018 at 6:30 AM wilkinson christopher <<a href="mailto:cw@christopherwilkinson.eu" target="_blank">cw@christopherwilkinson.eu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> 3. WHOIS/RDS exists in order to be accessed by third parties (i.e., folks other than the registrant and the registrar). There are many, many legitimate use cases for access.<br>
<br>
This argument begs the questions as to who are the 'third parties', what are the 'use cases' and what happens to the data after it has been used.<br>
<br>
Regards<br>
<br>
CW<br>
<br>
<br>
> El 7 de agosto de 2018 a las 22:17 Greg Shatan <<a href="mailto:greg@isoc-ny.org" target="_blank">greg@isoc-ny.org</a>> escribió:<br>
> <br>
> <br>
> I’ve been watching this conversation unfold for awhile. A few observations:<br>
> <br>
> 1. Nobody suggested that ALAC support an outcome that would violate GDPR.<br>
> Compliance with GDPR is a given. Thankfully, that misunderstanding seems to<br>
> have been cleared up.<br>
> <br>
> 2. No one is arguing in favor of putting the “private info of registrants”<br>
> into “the hands of bad actors.” Indeed, GDPR is not primarily aimed at<br>
> preventing access by bad actors. Rather it is aimed at regulating the use<br>
> of personal data by any actor. I haven’t really thought about it, but GDPR<br>
> is probably not going to be a major deterrent against real bad actors.<br>
> <br>
> 3. WHOIS/RDS exists in order to be accessed by third parties (i.e., folks<br>
> other than the registrant and the registrar). There are many, many<br>
> legitimate use cases for access. Of course, there are “mis-use cases”<br>
> involving bad actors, and one of the obvious challenges for the EPDP is<br>
> dealing with those. From the point of view of the end-user, that needs to<br>
> be dealt with in a way that does not hinder timely, straight-forward<br>
> legitimate access to Whois data.<br>
> <br>
> 4. I have seen no evidence that the European Data Protection people have<br>
> thought about how WHOIS/RDS can function under GDPR. More broadly, GDPR is<br>
> a law about access, in very large part. GDPR provides a road map for data<br>
> controllers and processors to get and “process” (use, store, provide access<br>
> to, transfer, delete, etc.) data. Much of GDPR is concerned with how data<br>
> is used (I’d rather use that term than “processed” for these discussions),<br>
> the purposes for which it is used, how it is stored, how it is transferred,<br>
> who is responsible for any use, the circumstances when a data subject does<br>
> (and does not) have control over how their data is used. GDPR assumes that<br>
> data will be “processed” and creates a set of rules of the road for that<br>
> processing.<br>
> <br>
> 5. It is true that end-users and registrants benefit from both privacy and<br>
> security. End-users benefit directly and indirectly from access to<br>
> WHOIS/RDS data, for non-security related reasons as well as<br>
> security-related reasons. Registrants also benefit from access to<br>
> WHOIS/RDS, both by themselves and by third parties in a variety of ways.<br>
> Registrants benefit from data privacy, at least with regard to their own<br>
> data (though they may lose some of the benefits that come from third party<br>
> access to their data, such as receiving offers to purchase domain names).<br>
> However, I struggling to see how end-users (as end-users) benefit from<br>
> barriers to accessing registrant WHOIS/RDS data.<br>
> <br>
> 6. How Cambridge Analytica got Facebook data is not particularly relevant.<br>
> But if it is going to be used as a “cautionary tale”, we need to be<br>
> accurate, so that the right lessons can be learned. Cambridge Analytica did<br>
> NOT get the data by making a request to Facebook “to have access to these<br>
> data for research.” In fact, they didn’t get the data directly from<br>
> Facebook at all. The data was gathered through a personality quiz app,<br>
> which was (as Facebook was configured at that time and with the consent of<br>
> the participants) able to harvest data about friends and friends-of-friends<br>
> of the participants, as well as the participants. It may have been used for<br>
> legitimate research purposes. However, the data was then sold to Cambridge<br>
> Analytica, without Facebook’s knowledge and in violation of their terms of<br>
> service.<br>
> <br>
> 7. The California Consumer Privacy Act is already here, though it won’t be<br>
> enforced until 2020. While it bears a resemblance to GDPR, it has many<br>
> differences as well, and some of its goals are quite different. Like GDPR<br>
> it is not primarily aimed at keeping data out of the hands of bad actors. I<br>
> have not yet considered the impact of the CCPA on WHOIS/RDS, and how it is<br>
> similar or different to the impact of GDPR. Its primary goals seem to be to<br>
> control data monetization, and to give consumers greater access to their<br>
> data, with data subject rights similar to those in GDPR.<br>
> <br>
> 8. Overall, I agree with those who believe that appropriate and timely<br>
> access to WHOIS/RDS data benefits end-users. Whether GDPR is good or bad<br>
> for end-users is moot. GDPR exists, and how it is dealt with will show how<br>
> good or bad it is for end-users. Our goal should be to have GDPR<br>
> implemented in the WHOIS/RDS context in a way that maximizes the benefit<br>
> and minimizes the harm to end-users.<br>
> <br>
> Best regards,<br>
> <br>
> Greg Shatan<br>
> <br>
> On Tue, Aug 7, 2018 at 1:58 PM Evan Leibovitch <<a href="mailto:evanleibovitch@gmail.com" target="_blank">evanleibovitch@gmail.com</a>><br>
> wrote:<br>
> <br>
> > I don't know about the Europeans or the California government. I do have<br>
> > more than a decade's experience in ICANN, however, and have observed that<br>
> > its track record in both decent privacy and decent accessibility is<br>
> > abysmal.<br>
> ><br>
> > ___________________<br>
> > Evan Leibovitch, Toronto<br>
> > @evanleibovitch/@el56<br>
> ><br>
> > On Tue, Aug 7, 2018, 1:30 PM Marita Moll, <<a href="mailto:mmoll@ca.inter.net" target="_blank">mmoll@ca.inter.net</a>> wrote:<br>
> ><br>
> > > With respect Evan, saying I am missing the point is not really<br>
> > > respectful. No one is arguing for privacy without protections. I don't<br>
> > > have all the information I need to support this, but I have a feeling<br>
> > > the European Data Protection people might have thought about this. They<br>
> > > don't want to protect bad actors either. And I have heard that a<br>
> > > similiar law to GDPR is under consideration in California. So I don't<br>
> > > see any need to think we are only ones concerned with keeping bad actors<br>
> > > out of the ring.<br>
> > ><br>
> > > Marita<br>
> > ><br>
> > ><br>
> > > On 8/7/2018 7:08 PM, Evan Leibovitch wrote:<br>
> > > > Hi Marita,<br>
> > > ><br>
> > > > I think you may be missing the point when you state that "keeping the<br>
> > > > private info of registrants out of the hands of bad actors protects<br>
> > > > both parties". The examples that exist in abundance come from<br>
> > > > registrants who /ARE themselves/ the bad actors, that hide behind<br>
> > > > either privacy regulations or inaccurate contact information to avoid<br>
> > > > being held to account for their harm.<br>
> > > ><br>
> > > > Just as the right to freedom of speech is not absolute -- even in<br>
> > > > America -- neither is the right to privacy a way to hide<br>
> > > > accountability for causing demonstrable harm. Augmenting privacy with<br>
> > > > tiered access is fine so long as it is accessible to victims and<br>
> > > > effective in execution; that is exactly the balance of which I speak.<br>
> > > > This won't be easy -- being physically threatened demands a different<br>
> > > > response to merely being insulted -- but it is vital. Without such<br>
> > > > checks and balances, absolute privacy is a sure source of far more<br>
> > > > harm than good. For every whistleblower protected, a dozen others will<br>
> > > > be scammed out of their life savings, and thousands more will live in<br>
> > > > fear for their lives because of death threats from those with<br>
> > > > unchecked anonymity. This is not theory, it is happening.<br>
> > > ><br>
> > > > In summary, it is both naive and against the global public interest to<br>
> > > > advocate for privacy without advocating just as strenuously for<br>
> > > > appropriate protections against bad actors who seek to exploit that<br>
> > > > privacy to cause harm. At-Large seeks both.<br>
> > > ><br>
> > > > - Evan<br>
> > > ><br>
> > > ><br>
> > > > PS: I absolutely reject the assertion that it is fear-mongering to<br>
> > > > simply want to prevent abuse of privacy by some registrants that is<br>
> > > > both clearly evidenced and ongoing.<br>
> > > ><br>
> > > ><br>
> > > > On Aug 7, 2018, at 11:55, Marita Moll <<a href="mailto:mmoll@ca.inter.net" target="_blank">mmoll@ca.inter.net</a><br>
> > > > <mailto:<a href="mailto:mmoll@ca.inter.net" target="_blank">mmoll@ca.inter.net</a>>> wrote:<br>
> > > ><br>
> > > > Hello Evan and Allan. I agree with a number of those here how have<br>
> > > > suggested that the interests of registrants and end-users are not<br>
> > > that<br>
> > > > different. Keeping the private info of registrants out of the hands<br>
> > > of<br>
> > > > bad actors protects both parties. If crimes are committed, having<br>
> > > tiered<br>
> > > > access to the info would release that info to validated<br>
> > authorities.<br>
> > > As<br>
> > > > a registrant, I don't want my private information out there if it<br>
> > > isn't<br>
> > > > necessary. And I don't see how shielding my private info on WhoIS<br>
> > > will<br>
> > > > endanger my neighbour once tiered access is agreed upon. This is no<br>
> > > > different from the way the law usually works -- we don't all have<br>
> > to<br>
> > > > live in glass houses in order to be safe. We need well thought out<br>
> > > > procedures that protect all of us.<br>
> > > ><br>
> > > > It's just my opinion. I know others have good arguments. But I<br>
> > don't<br>
> > > buy<br>
> > > > the scary scenarios being presented by some groups hoping to<br>
> > scuttle<br>
> > > > this whole thing. If the Europeans don't think the world will come<br>
> > > to an<br>
> > > > end once GDPR is enforced, why is the boogey man being unleashed in<br>
> > > > North America?<br>
> > > ><br>
> > > > <a href="http://www.insidesources.com/fake-news-fake-pharmacies-whats-next/" rel="noreferrer" target="_blank">http://www.insidesources.com/fake-news-fake-pharmacies-whats-next/</a><br>
> > > ><br>
> > > > Marita<br>
> > > ><br>
> > > ><br>
> > > > On 8/7/2018 5:09 AM, Alan Greenberg wrote:<br>
> > > ><br>
> > > > Marita, you cannot take one phrase out of context. If you go<br>
> > > > back in the thread (which was not fully copied here) I believe<br>
> > > > that a major concern of Holly and Bastiaan was that my<br>
> > > > statement sounded like it was trying to get around GDPR, but<br>
> > > > in fact compliance with GDPR is (to use a Startrek expression)<br>
> > > > "the prime directive". It is not a simple matter of security<br>
> > > > vs privacy. If, for instance, we were talking about USER<br>
> > > > security vs USER privacy, we would have a real challenge in<br>
> > > > deciding which was more important and I am pretty sure we<br>
> > > > would not even try in the general case. But that is not what<br>
> > > > we are taking about here. We are talking about gTLD REGISTRANT<br>
> > > > privacy vs USER security. And the ALAC's position has<br>
> > > > previously been that although we care about registrants (and<br>
> > > > their privacy and their domains etc) and have put very<br>
> > > > significant resources into supporting gTLD registrants, the<br>
> > > > shear number of users makes their security and ability to use<br>
> > > > the Internet with relative safety and trust takes precedence<br>
> > > > over the privacy of the relative handful of gTLD registrants.<br>
> > > > That is why ICANN has (and continues to) support the existing<br>
> > > > WHOIS system to the extent possible. That is the entire gist<br>
> > > > of the Temporary Spec. - /"Consistent with ICANN’s stated<br>
> > > > objective to comply with the GDPR, while maintaining the<br>
> > > > existing WHOIS system to the greatest extent possible, the<br>
> > > > Temporary Specification maintains....." /And I note with some<br>
> > > > amusement that some filter along the way has flagged this<br>
> > > > entire thread as SPAM. Alan At 06/08/2018 12:08 PM, Marita<br>
> > > > Moll wrote:<br>
> > > ><br>
> > > > I am in agreement with Tijani, Holly, Bastian and Michele.<br>
> > > > Perhaps it is unintentional, but the language does send<br>
> > > > the message that we are looking more carefully at security<br>
> > > > than privacy. I am also not convinced that end-users would<br>
> > > > want us to do that. Marita On 8/3/2018 10:30 AM, Tijani<br>
> > > > BEN JEMAA wrote:<br>
> > > ><br>
> > > > Very interesting discussion. This issue has been<br>
> > > > discussed several times and the positions didn’t<br>
> > > > change. What bothers me is the presentation of the<br>
> > > > registrants interest as opposite to the remaining<br>
> > > > users ones. they are not since the registrants are<br>
> > > > also subject to the domain abuse. You are speaking<br>
> > > > about 4 billion users; these include all: contracted<br>
> > > > parties, business, registrants, governments, etc. We<br>
> > > > are about defending the interest of all of them as<br>
> > > > individual end users, not as registry, registrar,<br>
> > > > businessman, minister, etc…. You included theÂ<br>
> > > > cybersecurity researchers; you know how Cambridge<br>
> > > > Analytica got the American data from Facebook? They<br>
> > > > requested to have access to these data for research,<br>
> > > > and the result was the American election result<br>
> > > > impacted. So, I agree with Bastiaan that we need to be<br>
> > > > careful and care about the protection of personal data<br>
> > > > as well as the prevention of any harmful use of the<br>
> > > > domain names, both together.<br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > *Tijani BEN JEMAA* Executive Director Mediterranean<br>
> > > > Federation of Internet Associations (*FMAI*) Phone:<br>
> > > > +216 98 330 114 +216 52 385 114<br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > ><br>
> > > > Le 3 août 2018 à 07:22, Bastiaan Goslings<br>
> > > > <<a href="mailto:bastiaan.goslings@ams-ix.net" target="_blank">bastiaan.goslings@ams-ix.net</a><br>
> > > > <mailto:<a href="mailto:bastiaan.goslings@ams-ix.net" target="_blank">bastiaan.goslings@ams-ix.net</a><br>
> > > > <mailto:<a href="mailto:bastiaan.goslings@ams-ix.net" target="_blank">bastiaan.goslings@ams-ix.net</a>>>> a écrit :<br>
> > > > Thanks for clarifying, Alan. As a matter of<br>
> > > > principle I agree with Holly - and Michele. While<br>
> > > > I think I understand the good intent of what you<br>
> > > > are saying, your earlier responses almost sound to<br>
> > > > me like a false ‘security versus privacy’<br>
> > > > dichotomy. Like, the number of people (users) that<br>
> > > > care about security as opposed to those<br>
> > > > (registrants) that want their privacy protected to<br>
> > > > the max is larger. Etc. Apologies if I am<br>
> > > > oversimplifying things here, I do not mean to. In<br>
> > > > this particular EPDP case though I am convinced<br>
> > > > that we can find a common ground on what the ALAC<br>
> > > > members and alternates should bring to the table.<br>
> > > > In terms of perceived registrants’ and general<br>
> > > > Internet end-users’ interests. As you rightly<br>
> > > > state, it is about being GDPR compliant. So we do<br>
> > > > not have to be philosophical about a rather broad<br>
> > > > term like ‘privacy’ and argue about whether it<br>
> > > > is in conflict with e.g. the interest of LEAs.<br>
> > > > Indeed, ‘Privacy is not absolute’. However,<br>
> > > > ‘due process’ is a(nother) no brainer, not<br>
> > > > just because it might be a legal requirement. From<br>
> > > > what I understand the work being done on defining<br>
> > > > Access and Accreditation criteria is keeping that<br>
> > > > principle in mind, and within in the MS context of<br>
> > > > the EPDP we can together see to it that it does<br>
> > > > end up properly enshrined in policy and contracts.<br>
> > > > -Bastiaan<br>
> > > ><br>
> > > > On 3 Aug 2018, at 01:10, Alan Greenberg<br>
> > > > <<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a><br>
> > > > <mailto:<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a><br>
> > > > <mailto:<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a>>>> wrote:<br>
> > > > Holly, the original statement ends with "All<br>
> > > > within the constraints of GDPR of course." I<br>
> > > > don't know how to make that clearer. We would<br>
> > > > be absolutely FOOLISH to argue for anything<br>
> > > > else, since it will not be implementable. That<br>
> > > > being said, if through the EPDP or otherwise<br>
> > > > we can help make the legal argument for why<br>
> > > > good access for the folks we list at the end<br>
> > > > is within GDPR, more power to us. GDPR (and<br>
> > > > eventually similar legislation/regulation<br>
> > > > elsewhere) is the overall constraint. It is<br>
> > > > equivalent to the laws of physics which for<br>
> > > > the moment we need to consider inviolate. So<br>
> > > > my statement that "other issues trump privacy"<br>
> > > > is within that context. But just as<br>
> > > > proportionality governs what GDPR will decree<br>
> > > > as private in any given case, so it will<br>
> > > > govern what is not private. It all depends on<br>
> > > > making the legal argument and ultimately in<br>
> > > > needed convincing the courts. They are the<br>
> > > > arbiters, not me or anyone else in ICANN. In<br>
> > > > the US, there is the constitutional right to<br>
> > > > freedom of speech, but it is not unconstrained<br>
> > > > and there are limits to what you are allowed<br>
> > > > and not allowed to say. And from time to time,<br>
> > > > the courts and legislatures weigh in and<br>
> > > > decide where the line is. Alan At 02/08/2018<br>
> > > > 06:42 PM, Holly Raiche wrote:<br>
> > > ><br>
> > > > Hi Alan I have concerns with your<br>
> > > > statement - and since your reply below,<br>
> > > > with our statement of principles for the<br>
> > > > EPDP. As I suggested in my email of 1<br>
> > > > August, we need to be VERY clear that we<br>
> > > > are NOT arguing against implementation a<br>
> > > > policy that is compliant with the GDPR. Â<br>
> > > > We are arguing for other issues that<br>
> > > > impact on users - WITHIN the umbrella of<br>
> > > > the GDPR. Â And if we do not make that<br>
> > > > very clear, then we look as if we are not<br>
> > > > prepared to operate within the bounds of<br>
> > > > the EPDP - which is all about developing a<br>
> > > > new policy to replace the RDS requirements<br>
> > > > that will allow registries/registrars to<br>
> > > > comply with their ICANN contracts and<br>
> > > > operate within the GDPR framework. So your<br>
> > > > statement below that ‘yes, other issues<br>
> > > > trump privacyÂ’ - misstates that. Â What<br>
> > > > we are (or should be) arguing for is a<br>
> > > > balance of rights of access that - to the<br>
> > > > greatest extend possible - recognises the<br>
> > > > value of RDS to some constituencies with<br>
> > > > legitimate purposes - WITHIN the GDPR<br>
> > > > framework. That implicitly accepts that<br>
> > > > people/organisations that once had free<br>
> > > > and unrestricted access to the data will<br>
> > > > no longer have that open access. And for<br>
> > > > ALAC generally, I will repeat what I said<br>
> > > > in my 1 August email - our statement of<br>
> > > > principles must be VERY clear that we are<br>
> > > > NOT arguing for a new RDS policy that goes<br>
> > > > outside of the GDPR. Holly On 3 Aug 2018,<br>
> > > > at 1:29 am, Alan Greenberg<br>
> > > > <<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a><br>
> > > > <mailto:<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a><br>
> > > > <mailto:<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a>>> ><br>
> > wrote:<br>
> > > ><br>
> > > > At 02/08/2018 10:37 AM, Michele Neylon<br>
> > > > - Blacknight wrote:<br>
> > > ><br>
> > > > Jonathan / Alan Thanks for the<br>
> > > > clarifications. 3 - I don't know<br>
> > > > how you can know what the<br>
> > > > interests of a user are. The<br>
> > > > assumption you seem to be making<br>
> > > > is that due process and privacy<br>
> > > > should take a backseat to access<br>
> > > > to data<br>
> > > ><br>
> > > > Privacy is not absolute but based on<br>
> > > > various other issues. So yes, we are<br>
> > > > saying that in some cases, the other<br>
> > > > issues trump privacy. Perhaps we<br>
> > > > differ on where the dividing line is.<br>
> > > ><br>
> > > > 4 - Same as 3. Plenty of ccTLDs<br>
> > > > never offered PII in their public<br>
> > > > whois and there weren't any issues<br>
> > > > with security or stability.<br>
> > > > Skipping due process for "ease of<br>
> > > > access" is a very slippery and<br>
> > > > dangerous slope.<br>
> > > ><br>
> > > > Both here and in reply to #3, the term<br>
> > > > "due process" tends to be used in<br>
> > > > reference to legal constraints<br>
> > > > associated with law enforcement<br>
> > > > actions as sanctioned by laws and<br>
> > > > courts. That is one path to unlocking<br>
> > > > otherwise private information. A major<br>
> > > > aspect of the GDPR implementation will<br>
> > > > be identifying other less cumbersome<br>
> > > > and restricted processes for accessing<br>
> > > > WHOIS data by a variety of partners.<br>
> > > > It will not be unconstrained nor will<br>
> > > > it be as cumbersome as going to court<br>
> > > > (hopefully). Alan<br>
> > > ><br>
> > > > Regards Michele -- Mr Michele<br>
> > > > Neylon Blacknight Solutions<br>
> > > > Hosting, Colocation & Domains<br>
> > > > <a href="https://www.blacknight.com/" rel="noreferrer" target="_blank">https://www.blacknight.com/</a><br>
> > > > <<a href="https://www.blacknight.com/" rel="noreferrer" target="_blank">https://www.blacknight.com/</a>><br>
> > > > <a href="https://blacknight.blog/" rel="noreferrer" target="_blank">https://blacknight.blog/</a><br>
> > > > <<a href="https://blacknight.blog/" rel="noreferrer" target="_blank">https://blacknight.blog/</a>> Intl.<br>
> > > > +353 (0) 59 Â 9183072 Direct Dial:<br>
> > > > +353 (0)59 9183090 Personal blog:<br>
> > > > <a href="https://michele.blog/" rel="noreferrer" target="_blank">https://michele.blog/</a> Some<br>
> > > > thoughts: <a href="https://ceo.hosting/" rel="noreferrer" target="_blank">https://ceo.hosting/</a><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > Blacknight Internet Solutions Ltd,<br>
> > > > Unit 12A,Barrowside Business<br>
> > > > Park,Sleaty<br>
> > > > Road,Graiguecullen,Carlow,R93<br>
> > > > X265,Ireland  Company No.: 370845<br>
> > > > On 02/08/2018, 15:03,<br>
> > > > "Jonathan Zuck"<br>
> > > > <<a href="mailto:JZuck@innovatorsnetwork.org" target="_blank">JZuck@innovatorsnetwork.org</a>><br>
> > > > wrote: Â Â Thanks Michele! Â Â 3.<br>
> > > > Where there appears to be a<br>
> > > > conflict of interest between a<br>
> > > > registrant and non-registrant end<br>
> > > > user, we'll be endeavoring to<br>
> > > > represent the interests of the<br>
> > > > non-registrant end user. Â Â 4.<br>
> > > > Related to 3. This is simply an<br>
> > > > affirmation of the interests of<br>
> > > > end users in a stable and secure<br>
> > > > internet and it is those interests<br>
> > > > we'll be representing. We've<br>
> > > > included law enforcement because<br>
> > > > efficiencies regarding their<br>
> > > > access may come up. Just because<br>
> > > > there's always a way for them to<br>
> > > > get to data doesn't mean it's the<br>
> > > > best way. Â Â Make sense? Â Â<br>
> > > > Jonathan   -----Original<br>
> > > > Message----- Â Â From: GTLD-WG<br>
> > > > <<br>
> > > <a href="mailto:gtld-wg-bounces@atlarge-lists.icann.org" target="_blank">gtld-wg-bounces@atlarge-lists.icann.org</a>><br>
> > > > On Behalf Of Michele Neylon -<br>
> > > > Blacknight   Sent: Wednesday,<br>
> > > > August 1, 2018 12:34 PM Â Â To:<br>
> > > > Alan Greenberg<br>
> > > > <<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a>>; CPWG<br>
> > > > <<a href="mailto:cpwg@icann.org" target="_blank">cpwg@icann.org</a>> Â Â Subject: Re:<br>
> > > > [GTLD-WG] [CPWG]<br>
> > > > [registration-issues-wg] ALAC<br>
> > > > Statement regarding EPDP Â Â Alan<br>
> > > >   1 - good   2 - good   3 -<br>
> > > > I don't understand what that means<br>
> > > > Â Â 4 - Why are you combining law<br>
> > > > enforcement and private parties?<br>
> > > > Law enforcement can always get<br>
> > > > access to data when they follow<br>
> > > > due process.   Regards  Â<br>
> > > > Michele   --   Mr Michele<br>
> > > > Neylon   Blacknight Solutions Â<br>
> > > > Â Hosting, Colocation & Domains Â<br>
> > > > Â <a href="https://www.blacknight.com/" rel="noreferrer" target="_blank">https://www.blacknight.com/</a><br>
> > > > <<a href="https://www.blacknight.com/" rel="noreferrer" target="_blank">https://www.blacknight.com/</a>> Â Â<br>
> > > > <a href="https://blacknight.blog/" rel="noreferrer" target="_blank">https://blacknight.blog/</a><br>
> > > > <<a href="https://blacknight.blog/" rel="noreferrer" target="_blank">https://blacknight.blog/</a>> Â Â<br>
> > > > Intl. +353 (0) 59 Â 9183072 Â Â<br>
> > > > Direct Dial: +353 (0)59 9183090 Â<br>
> > > > Â Personal blog:<br>
> > > > <a href="https://michele.blog/" rel="noreferrer" target="_blank">https://michele.blog/</a> Â Â Some<br>
> > > > thoughts: <a href="https://ceo.hosting/" rel="noreferrer" target="_blank">https://ceo.hosting/</a> Â Â<br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > Â Â Blacknight Internet Solutions<br>
> > > > Ltd, Unit 12A,Barrowside Business<br>
> > > > Park,Sleaty  Â<br>
> > > > Road,Graiguecullen,Carlow,R93<br>
> > > > X265,Ireland  Company No.: 370845<br>
> > > > Â Â On 01/08/2018, 17:27,<br>
> > > > "registration-issues-wg on behalf<br>
> > > > of Alan Greenberg"<br>
> > > > <<br>
> > > <a href="mailto:registration-issues-wg-bounces@atlarge-lists.icann.org" target="_blank">registration-issues-wg-bounces@atlarge-lists.icann.org</a><br>
> > > > on behalf of<br>
> > > > <a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a>> wrote: Â<br>
> > > > Â Â Â Â Â Yesterday, the EPDP<br>
> > > > Members were asked to present a<br>
> > > > 1-3 minute       summary of<br>
> > > > their groups position in regard to<br>
> > > > the EPDP. The following     Â<br>
> > > > Â is the statement agreed to by<br>
> > > > me, Hadia, Holly and Seun. Â Â Â Â<br>
> > > > Â Â 1. Â Â The ALAC believes that<br>
> > > > the EPDP MUST succeed and will be<br>
> > > > working       toward that<br>
> > > > end. Â Â Â Â Â Â 2. Â Â We have a<br>
> > > > support structure that we are<br>
> > > > organizing to ensure      Â<br>
> > > > that what we present here is<br>
> > > > understood by our community and<br>
> > > > has       their input and<br>
> > > > support. Â Â Â Â Â Â 3. Â Â The<br>
> > > > ALAC believes that individual<br>
> > > > registrants are users and we   Â<br>
> > > > Â Â Â have regularly worked on<br>
> > > > their behalf (as in the PDP that<br>
> > > > we       initiated to<br>
> > > > protect registrant rights when<br>
> > > > their domains expire), if    Â<br>
> > > > Â Â registrant needs differ from<br>
> > > > those of the 4 billion Internet<br>
> > > > users       who are not<br>
> > > > registrants, those latter needs<br>
> > > > take precedence. We      Â<br>
> > > > believe that GDPR and this EPDP<br>
> > > > are such a situation. Â Â Â Â Â Â<br>
> > > > 4. Â Â Although some Internet<br>
> > > > users consult WHOIS and will not<br>
> > > > be able       to do so in<br>
> > > > some cases going forward, our main<br>
> > > > concern is access for      Â<br>
> > > > those third parties who work to<br>
> > > > ensure that the Internet is a safe<br>
> > > > Â Â Â Â Â Â and secure place for<br>
> > > > users and that means that law<br>
> > > > enforcement, Â Â Â Â Â Â<br>
> > > > cybersecurity researchers, those<br>
> > > > combatting fraud in domain names,<br>
> > > > Â Â Â Â Â Â and others who help<br>
> > > > protect users from phishing,<br>
> > > > malware, spam, Â Â Â Â Â Â fraud,<br>
> > > > DDoS attacks and such can work<br>
> > > > with minimal reduction in    Â<br>
> > > > Â Â access to WHOIS data. All<br>
> > > > within the constraints of GDPR of<br>
> > > > course. Â Â Â Â Â Â<br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > >       CPWG mailing list  Â<br>
> > > > Â Â Â Â <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a> Â Â Â Â Â Â<br>
> > > ><br>
> > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > > <<br>
> > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>><br>
> > > > Â Â Â Â Â Â<br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > Â Â Â Â Â Â registration-issues-wg<br>
> > > > mailing list      Â<br>
> > > ><br>
> > > <a href="mailto:registration-issues-wg@atlarge-lists.icann.org" target="_blank">registration-issues-wg@atlarge-lists.icann.org</a><br>
> > > > Â Â Â Â Â Â<br>
> > > ><br>
> > > <a href="https://mm.icann.org/mailman/listinfo/registration-issues-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/registration-issues-wg</a><br>
> > > > Â Â<br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > >   CPWG mailing list  Â<br>
> > > > <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a> Â Â<br>
> > > ><br>
> > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > > <<br>
> > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>><br>
> > > > Â Â<br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > >   GTLD-WG mailing list  Â<br>
> > > > <a href="mailto:GTLD-WG@atlarge-lists.icann.org" target="_blank">GTLD-WG@atlarge-lists.icann.org</a> Â<br>
> > > > Â<br>
> > > ><br>
> > > <a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a><br>
> > > > Â Â Working Group direct URL:<br>
> > > ><br>
> > > <a href="https://community.icann.org/display/atlarge/New+GTLDs" rel="noreferrer" target="_blank">https://community.icann.org/display/atlarge/New+GTLDs</a><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > CPWG mailing list <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <mailto:<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <mailto:<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a>>><br>
> > > ><br>
> > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > > <<br>
> > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > registration-issues-wg mailing list<br>
> > > ><br>
> > > <a href="mailto:registration-issues-wg@atlarge-lists.icann.org" target="_blank">registration-issues-wg@atlarge-lists.icann.org</a><br>
> > > ><br>
> > > <a href="https://mm.icann.org/mailman/listinfo/registration-issues-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/registration-issues-wg</a><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > CPWG mailing list <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <mailto:<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <mailto:<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a>>><br>
> > > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > > <<a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > CPWG mailing list <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <mailto:<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a> <mailto:<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a>>><br>
> > > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > > <<a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > CPWG mailing list <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > > <<a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > CPWG mailing list <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > > <<a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a>><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > > GTLD-WG mailing list <a href="mailto:GTLD-WG@atlarge-lists.icann.org" target="_blank">GTLD-WG@atlarge-lists.icann.org</a><br>
> > > > <a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a><br>
> > > > <<a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a>><br>
> > > > Working Group direct URL:<br>
> > > > <a href="https://community.icann.org/display/atlarge/New+GTLDs" rel="noreferrer" target="_blank">https://community.icann.org/display/atlarge/New+GTLDs</a><br>
> > > > <<a href="https://community.icann.org/display/atlarge/New+GTLDs" rel="noreferrer" target="_blank">https://community.icann.org/display/atlarge/New+GTLDs</a>><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > ><br>
> > > > CPWG mailing list<br>
> > > > <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > ><br>
> > > ><br>
> > > ------------------------------------------------------------------------<br>
> > > ><br>
> > > > GTLD-WG mailing list<br>
> > > > <a href="mailto:GTLD-WG@atlarge-lists.icann.org" target="_blank">GTLD-WG@atlarge-lists.icann.org</a><br>
> > > > <a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a><br>
> > > ><br>
> > > > Working Group direct URL:<br>
> > > <a href="https://community.icann.org/display/atlarge/New+GTLDs" rel="noreferrer" target="_blank">https://community.icann.org/display/atlarge/New+GTLDs</a><br>
> > > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > CPWG mailing list<br>
> > > <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > > _______________________________________________<br>
> > > GTLD-WG mailing list<br>
> > > <a href="mailto:GTLD-WG@atlarge-lists.icann.org" target="_blank">GTLD-WG@atlarge-lists.icann.org</a><br>
> > > <a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a><br>
> > ><br>
> > > Working Group direct URL:<br>
> > > <a href="https://community.icann.org/display/atlarge/New+GTLDs" rel="noreferrer" target="_blank">https://community.icann.org/display/atlarge/New+GTLDs</a><br>
> > _______________________________________________<br>
> > CPWG mailing list<br>
> > <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> > <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> > _______________________________________________<br>
> > GTLD-WG mailing list<br>
> > <a href="mailto:GTLD-WG@atlarge-lists.icann.org" target="_blank">GTLD-WG@atlarge-lists.icann.org</a><br>
> > <a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a><br>
> ><br>
> > Working Group direct URL:<br>
> > <a href="https://community.icann.org/display/atlarge/New+GTLDs" rel="noreferrer" target="_blank">https://community.icann.org/display/atlarge/New+GTLDs</a><br>
> _______________________________________________<br>
> CPWG mailing list<br>
> <a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
> _______________________________________________<br>
> registration-issues-wg mailing list<br>
> <a href="mailto:registration-issues-wg@atlarge-lists.icann.org" target="_blank">registration-issues-wg@atlarge-lists.icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/registration-issues-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/registration-issues-wg</a><br>
_______________________________________________<br>
CPWG mailing list<br>
<a href="mailto:CPWG@icann.org" target="_blank">CPWG@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/cpwg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/cpwg</a><br>
_______________________________________________<br>
registration-issues-wg mailing list<br>
<a href="mailto:registration-issues-wg@atlarge-lists.icann.org" target="_blank">registration-issues-wg@atlarge-lists.icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/registration-issues-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/registration-issues-wg</a><br>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Greg Shatan<div><a href="mailto:greg@isoc-ny.org" target="_blank">greg@isoc-ny.org</a></div><div><br></div><div>"The Internet is for everyone"</div></div></div></div></div>