[gnso-rds-pdp-wg] Use Case - Dissident Group Using the Internet to Communicate Information

Kathy Kleiman kathy at kathykleiman.com
Mon Aug 1 01:44:00 UTC 2016 

Hi Nick,

This case is very, very real. It is exactly what I have seen many times 
in my experience.

Kathy

Kathy Kleiman, Esq.
Co-Founder, Noncommercial Users Constituency

On 7/26/2016 5:27 AM, Nick Shorey wrote:
> Are we keeping these source cases based on fact, or are hypothetical 
> use cases permitted?
>
> *Nick Shorey BA(Hons) MSc.*
> Senior Policy Advisor | Global Internet Governance
> Department for Culture, Media & Sport
> HM Government | United Kingdom
>
> Email: nick.shorey at culture.gov.uk <mailto:nick.shorey at culture.gov.uk>
> Tel: +44 (0)7741 256 320
> Skype: nick.shorey
> Twitter: @nickshorey
> LinkedIn: www.linkedin.com/in/nicklinkedin 
> <http://www.linkedin.com/in/nicklinkedin>
>
> On 25 July 2016 at 23:41, Ayden Férdeline <icann at ferdeline.com 
> <mailto:icann at ferdeline.com>> wrote:
>
>     Hello all,
>
>     I would like to introduce an additional use case. This is just a
>     rough draft for now, and I welcome your feedback on how this use
>     case can be strengthened.
>
>     The scenario is: a dissident group launches a website to bring
>     important news and information to the public. They register their
>     domain name in a foreign nation and do not want law enforcement,
>     or other parties, to be able to identify the website’s
>     administrators, management, and/or sources of information. If this
>     information was made known, their publishing could be silenced and
>     their sources and contributors could suffer harm. The registrant
>     is not aware of the existence of privacy proxy services at the
>     time they register their domain name.
>
>     *Misuse Case:* The RDS could be used by State actors or other
>     parties to identify members of or contributors to the dissident
>     group, and this could result in their voices being silenced
>     through legal, political, or physical means.
>
>     *Main Misuse Case: *An actor is unhappy that a website in a
>     country is publishing material that speaks unfavourably about a
>     given topic. They wish to launch political and legal attacks to
>     silence the website’s publishers and to alter the narrative of the
>     historical record on this topic. They thus utilise the RDS to
>     identify a contact of someone involved in the administration of
>     this website, with the view of torturing or otherwise extracting
>     from this contact the names and contact details of contributors to
>     the dissenting website. As the registrant does not subscribe to a
>     privacy proxy service (possibly because of limited financial
>     resources, or lack of awareness that such a service exists), their
>     contact details have been permanently published into the public
>     record and their privacy is thus permanently breached. As a result
>     the RDS threatens the ability of dissenting voices to exercise
>     their inalienable rights in an online environment.
>
>     *Primary Actor: *Government or other entity wanting to censor a
>     dissident group.
>
>     *Other stakeholders:* Domain name registrant.
>
>     *Scope:*
>     *
>     *
>     *Level:*
>
>     *Data Elements:* In order to prevent misuse by another actor, no
>     personally identifiable information should be stored in the RDS
>     whatsoever. The only data elements that the RDS requires to
>     operate on a technical level are: the domain name itself, the
>     registrar, the domain name’s expiry date, and its status
>     (registered / not registered). For it to be of functional use,
>     there are two optional fields: name servers, and the auth-code.
>
>     *Story: *
>
>       * A requestor accesses the RDS to obtain information about a
>         registered domain name. The RDS immediately returns the
>         registration data associated with the domain name, which may
>         include a name and physical address of the registrant.
>       * The requestor passes the extracted information on to a third
>         party who visits the physical address of the contact. The
>         registrant suffers physical harm as a result of the RDS and no
>         longer feels comfortable using the Internet to convey to the
>         public important information.
>
>     *Privacy implications: *Article 19 of the Universal Declaration of
>     Human Rights states that everyone has the right to freedom of
>     opinion and expression; this right includes the freedom to hold
>     opinions without interference and to seek, receive, and impart
>     information and ideas through any media and regardless of
>     frontiers. These principles must be upheld in the RDS. An RDS that
>     contains any personally-identifiable information would threaten
>     these very freedoms. Accordingly, the RDS must only collect and
>     store data for limited, lawful, and appropriate purposes.
>     *
>     *
>     *Who has control of and access to the data: *
>     **
>     *Conditions under which the data are accessible: *
>     *How data can be accessed: *At this time, personally identifiable
>     information can be accessed by any party in the world, for any
>     reason. This is not consistent with best practices in privacy
>     protection.
>     *Other?*
>     As you can see, I have left a few of the fields in Lisa's template
>     for use cases blank. I do not have all the answers, so I would
>     very much welcome your suggestions on how this use case could be
>     strengthened. I'm still a little uncertain as to whether we are
>     designing use cases for what the WHOIS protocol is like today
>     (this is an assumption I have gone by in this first draft) or if
>     this is meant to be more like a use case in a dream system
>     instead. I'll revise this use case once I understand this exercise
>     a bit better.
>
>     Thank you for your time, consideration, and feedback.
>
>     Best wishes,
>
>     Ayden Férdeline
>
>
>     _______________________________________________
>     gnso-rds-pdp-wg mailing list
>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160731/fcdb39b9/attachment.html>

More information about the gnso-rds-pdp-wg mailing list