[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical

Tue Aug 23 09:10:41 UTC 2016

Am 23.08.2016 um 06:39 schrieb Andrew Sullivan:
> On Mon, Aug 22, 2016 at 06:57:48PM +0200, Volker Greimann wrote:
>> a) NO data is collected;
>>
>> b) NO ONE has access to any of the collected data;
>>
>> c) collected data may not be requested/used for any purpose.
> A while ago I attempted to offer some drawings about how the RDS
> works, in an effort to allow us to talk meaningfully about options
> before us.  The above simply ignores a basic point in all of those
> diagrams: the RDS is a query-only interface to registration data.
As we are still designing what the RDS is supposed to do, going a ahead 
and designing how it is going to work may be premature. If you only have 
a hammer, everything will start looking like a nail.

I would very much hope that the design of the RDS will follow from the discussions here, not the other way round. If the RDS you describe does not fit our needs, we will need a different solution.

If for example we find that RDAP is not the part of the solution that many claim it is (I do not know enough about it yet to have a position) we should be prepared to throw it in the bin and look at better solutions.

>
> Therefore, none of the options a-c above are even logically possibly
> true.  _Some_ data will be collected, however minimal, to support the
> function of registering names in the DNS.
As I said, that is why we need the use case to determine what data 
should be collected and why. We start with the basic premise and start 
adding to it.
> Someone will have access to
> that data.  And national authorities can always demand such data of
> people under their own legal jurisdictions.
Which is why I assume (way ahead of the time) that there cannot be one 
central depository, and no storage of foreign data subject data in 
countries that allow such access, like the United States. If the data 
stored in country is not secure from what would be illegal access for 
foreign data subjects (even if legal in the jurisdiction where the 
access occurs) that country is eliminated from the running for the 
location of the depository.
> If we are actually going to debate this point, then I think this WG is
> a waste of time.  It is just not possible to start from the above
> premises even in theory, and if people want to debate the states of
> affairs in the logically possible universe in which the RDS is a mud
> puddle I will go find something useful to do.
I am not suggesting we go that far. I do realize we need to keep this 
realistic. Yet for any set of data and any level of access we 
contemplate granting, we should make a reasonable effort of thinking 
about how this could be abused, and if there is anything we can do to 
prevent such abuse. If we do not even consider these questions, we have 
failed in our task. We would be producing a shiny new system that is 
unworkable in the real world.
> If, however, we want to start from the plain facts that (1) the
> existing system exposes everything because it is a broken protocol and
> (2) at least most of the data currently collected has utility directly
> relevant to registration of domain names as part of the global DNS,
> then we can instead talk meaningfully about what that data is, whether
> it ought to be collected at all, and whether that utility means it
> needs to be disclosed to anyone.
I agree on 1, not fully on 2 as most of the data collected does not 
necessarily have revelvance to the registration process of the domain 
name. As a registrar, all we really need to preform a domain name 
registration is the email address to send the ICANN mandated reminders 
and notifications to. We technically do not need the address, name or 
telephone number of the registrant to perform the task. It is helpful 
data to identify the registrant in certain circumstances, but not 
strictly necessary. I am btw not advocation that this be the only data 
collected, I am merely illustrating the technical need.
>   
>>  From that basic level (which admittely is so extreme it cannot be our final
>> result)
> That's not the reason I object, please note.
>
>> To your examples: To drive and/or fly, you need a license and it is
>> regulated how to get one and who may apply for one.
> The analogy breaks down immediately, of course, because such
> regulations are at least bound to nation-states if not subdivisions
> within them, and sometimes by treaties.  Since the Internet does not
> provide the facilities for such governmental regulation without
> breaking the basic assumptions of internetworking, there may be a
> difference that makes a difference here.
Any government is free to (and many regularly do) regulate various 
aspects of the use and even the registration process of domain names 
within their own borders. It is for example easier for a German citizen 
to register a gTLD domain name than it is for a Chinese national. So 
saying there is no or could be no governmental regulation would be a 
fallacy.

Best,
Volker

-- 
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.