[Gnso-impl-thickwhois-rt] Additional triggers and privacy law

Chris Pelling chris at netearth.net
Sun Jan 22 20:07:14 UTC 2017 

Good evening all, 

I tend to stand with Theo here - forcing (which this is) a registrar to break potential laws is unacceptable and will lead to prosecution of registrar, or worse, ICANN suspension and termination of the registrar - namely throwing the registrar under a bus. 

The "you have to complete migration by X date", has so many "what if's" between now and that "X" date because law keeps changing. I do not see how we as an IRT can jeopardise a registrants rights. 

I think Theo had a very good idea, Verisign running a Thin and Thick whois. Its not hard for them to achieve as simply if contacts exist show them at the whois.verisign-grs.com layer, if not, like now, they simply push it onto the registrars (in our case) whois.netearthone.com. 

Yes Theo is completely correct in that the registrar has operating costs here, which they already have, and should/when RDAP comes into play potentially more costs, but these costs are easier to swallow than the cost of a lawsuit and fine from a local DPA which could run in $100,000's or millions of dollars. 

ICANN also needs to consider their side of the table, should a registrar be terminated through this policy for not providing data to Verisign, will ICANN indemnify the gaining registrar of the data against any legal action from a DPA because of the migration of data to THICK - or - should ICANN simply indemnify the registrar now as it is forcing registrars through policy to break their local laws ? 

Kind regards, 

Chris 


From: "theo geurts" <gtheo at xs4all.nl> 
To: gnso-impl-thickwhois-rt at icann.org 
Sent: Saturday, 21 January, 2017 19:30:06 
Subject: [Gnso-impl-thickwhois-rt] Additional triggers and privacy law 

Hello all, 

I am not in favor in creating a "trigger" based on the data retention 
waiver. First of all, that process was horrible and costly, and I can 
only conclude that there still Registrars out there that started in 
2013, still not have obtained a waiver in 2017. 

We as an IRT concluded that it is up to the Registrars own due diligence 
to determine if there is an issue with privacy laws. 
The rationale behind that is/was simple: 
2011, 76 countries having data privacy laws. 
2016, 109 countries having privacy laws. 
2017, 35 more countries are currently drafting privacy laws. 

As mentioned before this is a moving target and not up to us to address. 

That being said, the current solution when it comes to the migration and 
issues with privacy law is not a solution. I appreciate the fact that 
Verisign noted it during the comment period, but as several Registrars 
has mentioned in the past, it is not a good solution. 

After the latest GNSO meeting I hoped to see some progress on the WHOIS 
IAG matter, but frankly, with the current speed, I am afraid that the 
WHOIS IAG will be overtaken by stationary objects. 

That either means there is a problem or there is not, and I would like 
to get some input from the IRT on it. 

If there is no problem, please provide me with some info on why it is 
not an issue. 

If it is an issue then how do we address it? We can't tell Registrars 
you must migrate WHOIS data before X date and if there is a problem then 
just break the law. 
We also cannot create a situation that if a Registrar can not migrate 
the data, run into compliance issues that might end up in 
de-accreditation of that Registrar, I think we all agree that is just 
plain silly and the wrong message. 

My solution here would be, and it is not great, to be honest, that until 
the matter can be resolved the Registry operator supports both thin and 
thick whois registrations and shall carry the burden for both systems. 
The Registrar might also carry a burden here. As they might come into a 
situation, they are forced to implement RDAP at some point as the rest 
of the world moves to RDAP. I already see ccTLDs Registries announce 
RDAP, go figure ;) 

Would the above solve the issue? And yes I am aware that the above 
language cannot be added to the draft in its current state, but I am 
sure staff can come up with something workable here. 

If the whole idea is plain silly, feel free to kick me under the table 
here. 

Theo 




_______________________________________________ 
Gnso-impl-thickwhois-rt mailing list 
Gnso-impl-thickwhois-rt at icann.org 
https://mm.icann.org/mailman/listinfo/gnso-impl-thickwhois-rt 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-impl-thickwhois-rt/attachments/20170122/b1945f01/attachment.html>

More information about the Gnso-impl-thickwhois-rt mailing list