[gnso-rds-pdp-wg] possible requirements from GAC / law enforcement recommended documents

Catalyst-Vaibhav Aggarwal va at bladebrains.com
Thu Jul 14 19:56:45 UTC 2016


Its 2016 Rob :-)

Not getting into the Nitty & Gritty here - Just one thing what you have
written in the last line :

"The purpose of the gTLD Whois service is to provide information
sufficient to contact a responsible party for a particular gTLD domain
name who can resolve, or reliably pass on data to a party who can
resolve, issues related to the configuration of the records associated
with the domain name within a DNS name server.”

Here the DNS is verified by the WHOIS server and thus propagated
automatically. But the Domain Information - Anyone can register a Domain
name in My name and or Address - so the process should be robust enough -
treating the infringement on privacy / identity / et all, verifiable and
genuine !

For a case e.g. : In India, we are experimenting with the validation of our
Social Security ID for Hotel Checkins – The Guest goes to the reception,
fills in his name etc. and then fills in his ID no. (The ADHAAR CARD) and
the software, pre-authenticated by the Govt. of India, latches on to the
engine and pulls up verified data (via OCR) and displays to the hotel person
taking the checking. BUT this is Secured through network protocols and
layers and security protocols both for the system and for the people. Since
the access is limited to the device and the data cannot be exported, the
privacy is still secured and concealed, in a digital locker.

All corners of the world are not Finland where locks on doors are seldom - U
have ‘em, I have ‘em and Locks is a all time good growing business today !

Mit freundlichen Grüßen Mein gelehrter Freund,
मेरे दोस्त 
-VA



On 7/15/16, 1:01 AM, "Rob Golding" <gnso-rds-pdp-wg-bounces at icann.org on
behalf of rob.golding at astutium.com> wrote:

> On 2016-07-14 17:38, Terri Stumme wrote:
>>  Law enforcement never requested "personal details, home address etc of
>>  senior STAFF of a Registrar listed on a website."
> 
> My recollections from what is around 7 years ago now are:
> 
> * the original "ask" dating back to pre 2009 was for the names and
> contact information for all executives and senior staff to be published
> 
> Other Registrars may recall the Brussels meeting (and earlier ones)
> where I believe this was discussed on our Tuesday
> and or have access to RrSG mailings which may hold more data (as I only
> joined that mailling list at the start of 2010
> 
> There was a meeting I believe in Washington in 2010 between registrars
> and leas which I couldn't attend, which may also provide more details on
> their wants and whys
> 
> * this was then reduced down to just the names and I thought optional
> for other contact data
> 
> I certainly recall meeting with representatives from LEAs (including
> SOCA, FBI and Interpol) and discussing which jurisdictions
> provided/published publicly the company officer and ownership data
> whilst at the San Francisco meeting
> 
> "Registrar will display on the Registrar’s main website, and update as
> necessary, the name of the company’s executive management personnel,
> including its CEO and President as well as any other responsible
> officer(s) or executive(s)" with notes from 2011/2012
> is on 
> https://community.icann.org/display/RAA/Disclosure+of+Additional+Registrar+Inf
> ormation
> 
> And differences between one wishlist and another are summarised at
> http://www.statewatch.org/news/2013/dec/icann-raa-lea-recommendations-11-03-01
> .pdf
> 
> Which is after Registrars / GNSO rejected the request, but were mostly
> prepared to let ICANN have the data (and had already become part of the
> accreditation process for new registrars to inform icann of such)
> 
> * my understanding was that the RAA negotiations team / GNSO had reduced
> this officially reduced down to just "told to ICANN"
> and whilst I dont have a document showing that to hand, it is implied on
> https://community.icann.org/display/RAA/Point+of+Contact+on+Malicious+Conduct+
> Issues
> 
> * the final version of the RAA went back to having it on the website
> and there was some discussion post-publication of the final RAA as to
> why that had reappeared having been removed once.
> 
> I don't know if my browser is simply broken or the urls have simply
> moved, but
> http://gnso.icann.org/en/correspondence/rap/idt/to/gnso/council/15nov10/en.pdf
> cant be found which I thought might have more details
> 
> Perhaps someone from the Registrar RAA Negotiating Team can provide more
> details.
> 
> 
> 
> This is getting away from the salient point(s) which I would suggest are
> 
> 1. if documents are circulated (and there is likely to be a lot of them)
> - a summary in the email of what the doc is and why it's being
> circulated will help all of us
> 
> 2. remembering that many items are just someones "wish-list" and not
> always actual/current/real/practical/legally-permissable requirements
> 
> 3. we're all going to disagree with others on this subject as we all
> have our own separate opinions, history, agenda and expectations
> 
> I felt Volker got "jumped on" (and he has a significant amount of
> valuable history within ICANN & Regstrars to draw upon) who has attended
> more meetings with Compliance and LEAs than I (and I've been to a lot of
> them) which was unnecessary.
> 
> Particularly when his comments related to highlighting that part of the
> LEA wants detailled all sorts of data collection and retention
> requirements including "techy stuff" about the IP/User-Agnet/etc which
> doesn't tally with the actual way things are necessarily done, along
> with being specifically illegal/outlawed in certain areas
> 
> 
> I highly recommend reading
> https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atal
> lah-26sep12-en.pdf
> 
> QUOTE: 'The Working Party finds the proposed new requirement to annually
> re-verify both the telephone number and the e-mail address and publish
> these contact details in the publicly accessible WHOIS database
> excessive and therefore unlawful.'
> 
> Amongst other useful "gems"
> 
> Which leaves us as Registrars the dilema that Law Enforcement have
> worked to add Contractual Requirements which the Law makers say are
> Unlawful !
> 
>>>  On 2016-07-14 08:58, Catalyst-Vaibhav Aggarwal wrote:
>>>>  So now v agree to say that GAC / Law enforcement is over reaching
> 
> Yes, in some cases they are significantly over-reaching and/or trying to
> shift responsibility/work-load and/or trying to bypass "due-process" -
> everyone wants to make their life/job easier and cheaper :p
> 
>>>  On 2016-07-14 08:58, Catalyst-Vaibhav Aggarwal wrote:
>>>>  YET we come back to the table and talk of Privacy and other
>>>>  related factors. How can it be ?
> 
> http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-WHOIS_.html
> 
> 
> The purpose of the gTLD Whois service is to provide information
> sufficient to contact a responsible party for a particular gTLD domain
> name who can resolve, or reliably pass on data to a party who can
> resolve, issues related to the configuration of the records associated
> with the domain name within a DNS nameserver.
> 
> 
> 
> Rob
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160715/c06c6d3e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3246 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160715/c06c6d3e/smime.p7s>


More information about the gnso-rds-pdp-wg mailing list