From amr.elsadr at icann.org Thu Mar 23 15:36:47 2017 From: amr.elsadr at icann.org (Amr Elsadr) Date: Thu, 23 Mar 2017 15:36:47 +0000 Subject: [gnso-rds-pdp-purpose] [gnso-rds-pdp-wg] a suggestion for "purpose in detail" In-Reply-To: <1210714982.1841011.1490281689396@mail.yahoo.com> References: <20170320232145.GH27276@mx4.yitter.info> <6DCFB66DEEF3CF4D98FA55BCC43F152E57C8F0D2@BRN1WNEXMBX02.vcorp.ad.vrsn.com> <3E18A8FC-FFE8-44A0-8094-72F6547652C0@bambenekconsulting.com> <20170321185552.GU27276@mx4.yitter.info> <5D86F303-352B-4524-BCAD-983D3938EAB3@bambenekconsulting.com> <20170322014517.GA666@mx4.yitter.info> <2114336702.1105239.1490148446398@mail.yahoo.com> <03BABBEC-9D35-4EDB-A7D8-EEDA699F3992@bambenekconsulting.com> <7eabbcfb-f977-d15c-4cb7-1be1253b2e0f@bambenekconsulting.com> <4A4EA585-D9AA-4084-B44E-41CE4EE04A2A@bambenekconsulting.com> <5ff6e83b-69b4-a228-1d48-91c17034c79f@key-systems.net> <1210714982.1841011.1490281689396@mail.yahoo.com> Message-ID: <61C09734-63A4-4BDB-B530-40933EB28E2B@icann.org> Hi Nathalie, You can find information on ICANN?s Procedure for Handling WHOIS Conflicts with Privacy Law here: https://www.icann.org/resources/pages/whois-privacy-conflicts-procedure-2008-01-17-en. You will also find a section on the ?Additional Key Inputs? page on this PDP WG?s wiki page (https://community.icann.org/display/gTLDRDS/Additional+Key+Inputs) linking to several pages and documents along the lifecycle of this procedure. Also of possible interest is the GNSO Council resolution from last month that confirmed the Council?s non-objection to the final report of an Implementation Advisory Group (IAG) that reviewed the implementation details of the WHOIS conflict with privacy policy: https://gnso.icann.org/en/council/resolutions#201702. We will make sure that the IAG?s final report is added to the relevant section on the ?Additional Key Inputs? page of the WG wiki. I hope this helps. Thanks. Amr From: on behalf of nathalie coupet via gnso-rds-pdp-wg Reply-To: nathalie coupet Date: Thursday, March 23, 2017 at 5:08 PM To: Lisa Phifer via Gnso-rds-pdp-purpose Cc: "gnso-rds-pdp-wg at icann.org" Subject: Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail" Hi Lisa, Could you refer me to the documents providing for the Exception to the application of a law due to conflict, that was referred to at some point (by teh WG on transition from thin to thick Whois)? Thank you, Nathalie On Thursday, March 23, 2017 11:00 AM, John Bambenek via gnso-rds-pdp-wg wrote: Sent from my iPhone On Mar 23, 2017, at 09:44, Volker Greimann > wrote: Whois is the rope with which bad actors hang themselves. Maybe dumb bad actors. Savvy bad actors just populate whois with data of unknowing third parties, thereby rendering any verification and validation instruments useless and inconveniencing the affected data subjects as well. I think maybe its best you let the people who do this work speak for the value of the information. We're using it in criminal investigations and prosecutions. You're just simply taking their money. Believe it or not, bad actors cost us money. We'd love to be able to "not to take their money" as it is a poisoned pill. And we see the whois data used by criminals all the time, when we look at the reports we are sent. Usually it is fake data ripped from some online database or the phone book. So its a baseless allegation that investigators might have expertise in how they use this data? Only domain registrars who have a financial relationship with the criminals know how to use this data? I referred to your last sentence which directly implied that registrars in general and the registrar I am employed with in particular profit from criminals using their service. This is a baseless allegation that could not be farther from the truth, as I have previously explained. That's a rather dramatic misreading. We investigate crimes so I would appreciate due deference to what data is valuable or not. Your role here is providing a service. You don't work with law enforcement to investigate crimes, do you? I have used the law to craft a possible solution but no DP authority has taken your position. Ultimately, that may be the road we have to take if no better solution to provide registrar services legally presents itself, but as I pointed out, that will ultimately serve no one. Registrars will have to raise their fees to incorporate the service, crime fighters and LEAs will have a much more difficult time getting ANY data across borders. Your "solution" would just make your own work a lot harder. I think perhaps deference to my opinion as to what would make MY work harder might be warranted. If you agree, I offer the same deference to you in matters in which your expertise is germane. Deal? You are simply taking the position that if your profits aren't maximized and your costs aren't minimized it is illegal. This position is untenable. Again, I resent you putting words into my mouth. Please do not make statements on my behalf or try to turn your assumptions into a claim of what I am saying. I am saying that anything we come up with will have to be in full compliance with legal requirements. And if there is a cost attached to that solution, that cost will be passed on somewhere, one way or another, not because I want it to but because I know that is the way it works. To which I agree. Let's craft a legal solution the represents the best of what we can offer for all ours (you, me, and everyone else's) interests. I think we can do balance. Will you join me in trying? > You have a contract with ICANN, that contract establishes requirements. Those requirements make it legal. If you believe that, you probably still believe in Trump and other things as well. The above statement is so supendiously wrong, it boggles the mind. You are basically saying that a contract to break the law somehow makes it ok to do so? So if we signed a contract tomorrow to rob the local bank, that absolves us from any guilt? No one care about your inane political opinions. So I was right? Also good attempt at dodging the argument, but the point I made still stands. No, I just don't think constantly injecting your political opinions is helpful. I won't inject comments about Merkel because they are irrelevant. Let's get out of our trenches and have more constructive dialogue. Will you join me? For clarity: The contract with ICANN can say that pigs may fly, but that does not change the laws of physics. If anything in the contract or ICANN policies violates applicable law, that part of the contract is null and void, does not apply, can be ignored, has no relevance, etc, etc. BTW: it even says so in the RAA. Maybe you can find the relevant passage yourself... If you have the law on your side, pound the law. If you have the facts on your side, pound the facts. Since you have neither, you pound the table. Just because you appear not to like the facts or the laws, they do not become less applicable. No one has all the facts here and no one is a master of the laws of every nation on this subject. Let's build bridges to build common understanding. Can I count on you? But we can find criminals faster with it! - No legal relevance. But we want to contact infringers! - No legal relevance. etc... ICANN sets the rules, you get to follow them. If ICANN sets illegal rules, we get to ignore them. So why set illegal rules in the first place? To trap the unwitting and careless registrars? You get a voice, we get a voice. Your voice can demand anything it likes, but if it is not in compliance with the law, it will be ignored. And rightly so. That's how contracts work. Nope! Contracts do not allow a contracted party to break the law. There is a reason assassination contracts are illegal. No one is suggesting you break the law. Calm down. Chuck, this is why we're in trench warfare. And it isn't going to change. Appears so. If one side continues to demand the illegal and the impossible for their own benefit, we will get nowhere. So why not educate yourself on the requirements of current and upcoming privacy regulations and afterwards, we can talk again... No one is demanding anything illegal. So fully standardizing this will probably force some registrars to collect and share far more data than they currently do, and it's unlikely to reduce the data collected by the ones who collect more. Nope, the opposite is true. Best, Volker On Tue, Mar 21, 2017 at 10:17 PM, John Bambenek via gnso-rds-pdp-wg > wrote: Excellent suggestion. Perhaps a future action item could be a survey of who various classes of stakeholders use RDS/whois. Sent from my iPhone On Mar 21, 2017, at 21:07, nathalie coupet via gnso-rds-pdp-wg > wrote: I have a hard time understanding what very stakeholder wants. If every group of stakeholder could write down how they see the new RDS functioning, just by doing a Venn diagram, we could better understand what we have in common and what we need to foncus on to reduce differences of opinion. But that would require more work from already busy people. I think though, it could give us a more tangible view of what we are up against. My .02 cents Nathalie On Tuesday, March 21, 2017 9:45 PM, Andrew Sullivan > wrote: On Tue, Mar 21, 2017 at 03:01:50PM -0500, John Bambenek via gnso-rds-pdp-wg wrote: > Except that is not the only approach to the problem nor the ones exclusively used by DP authorities (i.e. Twitter). That is why I asked the question I did and why I will be lobbying them directly for whois privacy for free. > But I thought the point of what we were doing was to make some proposals for what to mask and how -- basically, that's what differential access does. And I also thought we were at the beginning of that effort (much as it frustrates me the rate at which we move). > The question of whether fields are optional or can be "masked" is inherently part of this discussion. > That's just conflating two different things. The first thing is to ask whether something should be collected _at all_. Then one can ask, if something is collected, who may obtain it and under what circumstances. This latter is the "masking" of which you speak. And it's all implemented as it currently is because whois is brain-dead. So let us not be restricted to the functionality we can get from a primitive protocol that had already been extended well beyond its design constraints more than 20 years ago. > To enable third-parties to communicate directly to resolve and troubleshoot problems. I suggest that's already there. > To enable third-parties to report abuse or security incidents so they may be resolved. This too. > To enable users and entities to have information to adjudicate an entity is who they say they are (for instance phishing, scams, fake news). > I find it impossible to imagine using the whois for this purpose, so I'd like a use description for this. Since it's not authenticated or authenticatable information anyway, as there are no signatures and so on, it seems a pretty poor way to do it. This is partly included in the purposes however when we discuss X.509 certificates. > ICANN isn't just a business to confer domain names. Its a quasi-regulatory body over a "commons" and a natural monopoly. The purposes must be viewed beyond the prism of the mere registrar-consumer relationship as many interests are relevant and just as important. > While I strongly agree that the purposes need to be rather wider than the domain name industry, I'm uncomfortable with both of the claims of quasi-regulatory authority, the notion of the Internet as a commons. The root zone is indeed a natural monopoly, though. Best regards, A -- Andrew Sullivan ajs at anvilwalrusden.com ______________________________ _________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg ______________________________ _________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg ______________________________ _________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg -- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verf?gung. Mit freundlichen Gr??en, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Gesch?ftsf?hrer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur f?r den angegebenen Empf?nger bestimmt. Jede Form der Kenntnisgabe, Ver?ffentlichung oder Weitergabe an Dritte durch den Empf?nger ist unzul?ssig. Sollte diese Nachricht nicht f?r Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verf?gung. Mit freundlichen Gr??en, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Gesch?ftsf?hrer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur f?r den angegebenen Empf?nger bestimmt. Jede Form der Kenntnisgabe, Ver?ffentlichung oder Weitergabe an Dritte durch den Empf?nger ist unzul?ssig. Sollte diese Nachricht nicht f?r Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verf?gung. Mit freundlichen Gr??en, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Gesch?ftsf?hrer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur f?r den angegebenen Empf?nger bestimmt. Jede Form der Kenntnisgabe, Ver?ffentlichung oder Weitergabe an Dritte durch den Empf?nger ist unzul?ssig. Sollte diese Nachricht nicht f?r Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg -------------- next part -------------- An HTML attachment was scrubbed... URL: