[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical
Volker Greimann
vgreimann at key-systems.net
Tue Aug 23 09:10:41 UTC 2016
Am 23.08.2016 um 06:39 schrieb Andrew Sullivan:
> On Mon, Aug 22, 2016 at 06:57:48PM +0200, Volker Greimann wrote:
>> a) NO data is collected;
>>
>> b) NO ONE has access to any of the collected data;
>>
>> c) collected data may not be requested/used for any purpose.
> A while ago I attempted to offer some drawings about how the RDS
> works, in an effort to allow us to talk meaningfully about options
> before us. The above simply ignores a basic point in all of those
> diagrams: the RDS is a query-only interface to registration data.
As we are still designing what the RDS is supposed to do, going a ahead
and designing how it is going to work may be premature. If you only have
a hammer, everything will start looking like a nail.
I would very much hope that the design of the RDS will follow from the discussions here, not the other way round. If the RDS you describe does not fit our needs, we will need a different solution.
If for example we find that RDAP is not the part of the solution that many claim it is (I do not know enough about it yet to have a position) we should be prepared to throw it in the bin and look at better solutions.
>
> Therefore, none of the options a-c above are even logically possibly
> true. _Some_ data will be collected, however minimal, to support the
> function of registering names in the DNS.
As I said, that is why we need the use case to determine what data
should be collected and why. We start with the basic premise and start
adding to it.
> Someone will have access to
> that data. And national authorities can always demand such data of
> people under their own legal jurisdictions.
Which is why I assume (way ahead of the time) that there cannot be one
central depository, and no storage of foreign data subject data in
countries that allow such access, like the United States. If the data
stored in country is not secure from what would be illegal access for
foreign data subjects (even if legal in the jurisdiction where the
access occurs) that country is eliminated from the running for the
location of the depository.
> If we are actually going to debate this point, then I think this WG is
> a waste of time. It is just not possible to start from the above
> premises even in theory, and if people want to debate the states of
> affairs in the logically possible universe in which the RDS is a mud
> puddle I will go find something useful to do.
I am not suggesting we go that far. I do realize we need to keep this
realistic. Yet for any set of data and any level of access we
contemplate granting, we should make a reasonable effort of thinking
about how this could be abused, and if there is anything we can do to
prevent such abuse. If we do not even consider these questions, we have
failed in our task. We would be producing a shiny new system that is
unworkable in the real world.
> If, however, we want to start from the plain facts that (1) the
> existing system exposes everything because it is a broken protocol and
> (2) at least most of the data currently collected has utility directly
> relevant to registration of domain names as part of the global DNS,
> then we can instead talk meaningfully about what that data is, whether
> it ought to be collected at all, and whether that utility means it
> needs to be disclosed to anyone.
I agree on 1, not fully on 2 as most of the data collected does not
necessarily have revelvance to the registration process of the domain
name. As a registrar, all we really need to preform a domain name
registration is the email address to send the ICANN mandated reminders
and notifications to. We technically do not need the address, name or
telephone number of the registrant to perform the task. It is helpful
data to identify the registrant in certain circumstances, but not
strictly necessary. I am btw not advocation that this be the only data
collected, I am merely illustrating the technical need.
>
>> From that basic level (which admittely is so extreme it cannot be our final
>> result)
> That's not the reason I object, please note.
>
>> To your examples: To drive and/or fly, you need a license and it is
>> regulated how to get one and who may apply for one.
> The analogy breaks down immediately, of course, because such
> regulations are at least bound to nation-states if not subdivisions
> within them, and sometimes by treaties. Since the Internet does not
> provide the facilities for such governmental regulation without
> breaking the basic assumptions of internetworking, there may be a
> difference that makes a difference here.
Any government is free to (and many regularly do) regulate various
aspects of the use and even the registration process of domain names
within their own borders. It is for example easier for a German citizen
to register a gTLD domain name than it is for a Chinese national. So
saying there is no or could be no governmental regulation would be a
fallacy.
Best,
Volker
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
More information about the gnso-rds-pdp-wg
mailing list