[gnso-rds-pdp-wg] Use Case - Dissident Group Using the Internet to Communicate Information

[Ayden Férdeline]

Hello all,
I would like to introduce an additional use case. This is just a rough draft for
now, and I welcome your feedback on how this use case can be strengthened.
The scenario is: a dissident group launches a website to bring important news
and information to the public. They register their domain name in a foreign
nation and do not want law enforcement, or other parties, to be able to identify
the website’s administrators, management, and/or sources of information. If this
information was made known, their publishing could be silenced and their sources
and contributors could suffer harm. The registrant is not aware of the existence
of privacy proxy services at the time they register their domain name.
Misuse Case: The RDS could be used by State actors or other parties to identify members of
or contributors to the dissident group, and this could result in their voices
being silenced through legal, political, or physical means.
Main Misuse Case: An actor is unhappy that a website in a country is publishing material that
speaks unfavourably about a given topic. They wish to launch political and legal
attacks to silence the website’s publishers and to alter the narrative of the
historical record on this topic. They thus utilise the RDS to identify a contact
of someone involved in the administration of this website, with the view of
torturing or otherwise extracting from this contact the names and contact
details of contributors to the dissenting website. As the registrant does not
subscribe to a privacy proxy service (possibly because of limited financial
resources, or lack of awareness that such a service exists), their contact
details have been permanently published into the public record and their privacy
is thus permanently breached. As a result the RDS threatens the ability of
dissenting voices to exercise their inalienable rights in an online environment.
Primary Actor: Government or other entity wanting to censor a dissident group.
Other stakeholders: Domain name registrant.
Scope:
Level:
Data Elements: In order to prevent misuse by another actor, no personally identifiable
information should be stored in the RDS whatsoever. The only data elements that
the RDS requires to operate on a technical level are: the domain name itself,
the registrar, the domain name’s expiry date, and its status (registered / not
registered). For it to be of functional use, there are two optional fields: name
servers, and the auth-code.
Story: * A requestor accesses the RDS to obtain information about a registered domain
   name. The RDS immediately returns the registration data associated with the
   domain name, which may include a name and physical address of the registrant.
 * The requestor passes the extracted information on to a third party who visits
   the physical address of the contact. The registrant suffers physical harm as
   a result of the RDS and no longer feels comfortable using the Internet to
   convey to the public important information.

Privacy implications: Article 19 of the Universal Declaration of Human Rights states that everyone
has the right to freedom of opinion and expression; this right includes the
freedom to hold opinions without interference and to seek, receive, and impart
information and ideas through any media and regardless of frontiers. These
principles must be upheld in the RDS. An RDS that contains any
personally-identifiable information would threaten these very freedoms.
Accordingly, the RDS must only collect and store data for limited, lawful, and
appropriate purposes.

Who has control of and access to the data: Conditions under which the data are accessible: How data can be accessed: At this time, personally identifiable information can be accessed by any party
in the world, for any reason. This is not consistent with best practices in
privacy protection. Other? As you can see, I have left a few of the fields in Lisa's template for use
cases blank. I do not have all the answers, so I would very much welcome your
suggestions on how this use case could be strengthened. I'm still a little
uncertain as to whether we are designing use cases for what the WHOIS protocol
is like today (this is an assumption I have gone by in this first draft) or if
this is meant to be more like a use case in a dream system instead. I'll revise
this use case once I understand this exercise a bit better.
Thank you for your time, consideration, and feedback.
Best wishes,
Ayden Férdeline
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160725/f105f07f/attachment.html>