[gnso-rds-pdp-wg] Use Case - Dissident Group Using the Internet to Communicate Information
Kathy Kleiman
kathy at kathykleiman.com
Mon Aug 1 01:44:00 UTC 2016
Hi Nick,
This case is very, very real. It is exactly what I have seen many times
in my experience.
Kathy
Kathy Kleiman, Esq.
Co-Founder, Noncommercial Users Constituency
On 7/26/2016 5:27 AM, Nick Shorey wrote:
> Are we keeping these source cases based on fact, or are hypothetical
> use cases permitted?
>
> *Nick Shorey BA(Hons) MSc.*
> Senior Policy Advisor | Global Internet Governance
> Department for Culture, Media & Sport
> HM Government | United Kingdom
>
> Email: nick.shorey at culture.gov.uk <mailto:nick.shorey at culture.gov.uk>
> Tel: +44 (0)7741 256 320
> Skype: nick.shorey
> Twitter: @nickshorey
> LinkedIn: www.linkedin.com/in/nicklinkedin
> <http://www.linkedin.com/in/nicklinkedin>
>
> On 25 July 2016 at 23:41, Ayden Férdeline <icann at ferdeline.com
> <mailto:icann at ferdeline.com>> wrote:
>
> Hello all,
>
> I would like to introduce an additional use case. This is just a
> rough draft for now, and I welcome your feedback on how this use
> case can be strengthened.
>
> The scenario is: a dissident group launches a website to bring
> important news and information to the public. They register their
> domain name in a foreign nation and do not want law enforcement,
> or other parties, to be able to identify the website’s
> administrators, management, and/or sources of information. If this
> information was made known, their publishing could be silenced and
> their sources and contributors could suffer harm. The registrant
> is not aware of the existence of privacy proxy services at the
> time they register their domain name.
>
> *Misuse Case:* The RDS could be used by State actors or other
> parties to identify members of or contributors to the dissident
> group, and this could result in their voices being silenced
> through legal, political, or physical means.
>
> *Main Misuse Case: *An actor is unhappy that a website in a
> country is publishing material that speaks unfavourably about a
> given topic. They wish to launch political and legal attacks to
> silence the website’s publishers and to alter the narrative of the
> historical record on this topic. They thus utilise the RDS to
> identify a contact of someone involved in the administration of
> this website, with the view of torturing or otherwise extracting
> from this contact the names and contact details of contributors to
> the dissenting website. As the registrant does not subscribe to a
> privacy proxy service (possibly because of limited financial
> resources, or lack of awareness that such a service exists), their
> contact details have been permanently published into the public
> record and their privacy is thus permanently breached. As a result
> the RDS threatens the ability of dissenting voices to exercise
> their inalienable rights in an online environment.
>
> *Primary Actor: *Government or other entity wanting to censor a
> dissident group.
>
> *Other stakeholders:* Domain name registrant.
>
> *Scope:*
> *
> *
> *Level:*
>
> *Data Elements:* In order to prevent misuse by another actor, no
> personally identifiable information should be stored in the RDS
> whatsoever. The only data elements that the RDS requires to
> operate on a technical level are: the domain name itself, the
> registrar, the domain name’s expiry date, and its status
> (registered / not registered). For it to be of functional use,
> there are two optional fields: name servers, and the auth-code.
>
> *Story: *
>
> * A requestor accesses the RDS to obtain information about a
> registered domain name. The RDS immediately returns the
> registration data associated with the domain name, which may
> include a name and physical address of the registrant.
> * The requestor passes the extracted information on to a third
> party who visits the physical address of the contact. The
> registrant suffers physical harm as a result of the RDS and no
> longer feels comfortable using the Internet to convey to the
> public important information.
>
> *Privacy implications: *Article 19 of the Universal Declaration of
> Human Rights states that everyone has the right to freedom of
> opinion and expression; this right includes the freedom to hold
> opinions without interference and to seek, receive, and impart
> information and ideas through any media and regardless of
> frontiers. These principles must be upheld in the RDS. An RDS that
> contains any personally-identifiable information would threaten
> these very freedoms. Accordingly, the RDS must only collect and
> store data for limited, lawful, and appropriate purposes.
> *
> *
> *Who has control of and access to the data: *
> **
> *Conditions under which the data are accessible: *
> *How data can be accessed: *At this time, personally identifiable
> information can be accessed by any party in the world, for any
> reason. This is not consistent with best practices in privacy
> protection.
> *Other?*
> As you can see, I have left a few of the fields in Lisa's template
> for use cases blank. I do not have all the answers, so I would
> very much welcome your suggestions on how this use case could be
> strengthened. I'm still a little uncertain as to whether we are
> designing use cases for what the WHOIS protocol is like today
> (this is an assumption I have gone by in this first draft) or if
> this is meant to be more like a use case in a dream system
> instead. I'll revise this use case once I understand this exercise
> a bit better.
>
> Thank you for your time, consideration, and feedback.
>
> Best wishes,
>
> Ayden Férdeline
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160731/fcdb39b9/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list