[gnso-rds-pdp-wg] Use Case - Dissident Group Using the Internet to Communicate Information

Volker Greimann vgreimann at key-systems.net
Tue Jul 26 13:31:17 UTC 2016


Does that not apply to any activity on the internet? Why use domain 
names besides facebook.com at all then?



Am 26.07.2016 um 15:25 schrieb Metalitz, Steven:
>
> To supplement Greg’s point, it is also the case that there are many 
> other ways for a “dissident group [to use] the Internet to communicate 
> information,” other than by registering a domain name at the second 
> level in a gTLD – or at all.
>
> **
>
> Steve Metalitz
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org 
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Greg Aaron
> *Sent:* Tuesday, July 26, 2016 9:11 AM
> *To:* Ayden Férdeline; gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] Use Case - Dissident Group Using the 
> Internet to Communicate Information
>
> Here are three cases that are variations of the scenario that Ayden 
> presented.
>
> 1.Member of the dissident group registers a gTLD domain name using a 
> privacy service, located in a different country from the registrant.  
> The actual market price of such services is inexpensive (for example 
> GoDaddy’s is US$7.00 per year).  It may be reasonable to assume that 
> at-risk dissidents are aware that privacy services exist, and can 
> afford the minimal cost.  Government authorities in the dissident’s 
> country request the underlying registrant data from the privacy 
> service provider.  The privacy service provider must then decide 
> whether it will accept the government’s complaint.  The decision may 
> depend mainly on whether the service provider believes the registrant 
> has breached the service provider’s terms of service, as interpreted 
> under the laws of the service provider’s country (not the country of 
> the registrant and the complaining government).
>
> 2. Instead of a gTLD domain, member of the dissident group chooses to 
> register a ccTLD domain, in a ccTLD that does not provide registrant 
> contact data in its WHOIS.  The ccTLD registry and registrar are 
> outside the dissident’s country.   If the government authorities in 
> the dissident’s country wish to obtain contact data, the government 
> authorities must contact either the registrar or registry, which will 
> then consider the complaint according to their terms of service, as 
> interpreted under the laws of the registrar’s or registry’s country.
>
> 3.Member of the dissident group registers a gTLD domain name using a 
> proxy, such as a law firm located in another country.  If government 
> authorities in the dissident’s country request the identity of the 
> dissident, the proxy must decide whether to reveal its client’s name.  
> The proxy is not subject to the jurisdiction of the foreign government.
>
> These use cases assume that dissidents wish to take steps to keep 
> their identities from their government regime.  All three cases allow 
> the registrant to work within existing ICANN registration data 
> policies, including the recommendations that have come out of the 
> recent privacy/proxy PDP.
>
> All best,
>
> --Greg
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org 
> <mailto:gnso-rds-pdp-wg-bounces at icann.org> 
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Ayden Férdeline
> *Sent:* Monday, July 25, 2016 6:41 PM
> *To:* gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject:* [gnso-rds-pdp-wg] Use Case - Dissident Group Using the 
> Internet to Communicate Information
>
> Hello all,
>
> I would like to introduce an additional use case. This is just a rough 
> draft for now, and I welcome your feedback on how this use case can be 
> strengthened.
>
> The scenario is: a dissident group launches a website to bring 
> important news and information to the public. They register their 
> domain name in a foreign nation and do not want law enforcement, or 
> other parties, to be able to identify the website’s administrators, 
> management, and/or sources of information. If this information was 
> made known, their publishing could be silenced and their sources and 
> contributors could suffer harm. The registrant is not aware of the 
> existence of privacy proxy services at the time they register their 
> domain name.
>
> *Misuse Case:*The RDS could be used by State actors or other parties 
> to identify members of or contributors to the dissident group, and 
> this could result in their voices being silenced through legal, 
> political, or physical means.
>
> *Main Misuse Case: *An actor is unhappy that a website in a country is 
> publishing material that speaks unfavourably about a given topic. They 
> wish to launch political and legal attacks to silence the website’s 
> publishers and to alter the narrative of the historical record on this 
> topic. They thus utilise the RDS to identify a contact of someone 
> involved in the administration of this website, with the view of 
> torturing or otherwise extracting from this contact the names and 
> contact details of contributors to the dissenting website. As the 
> registrant does not subscribe to a privacy proxy service (possibly 
> because of limited financial resources, or lack of awareness that such 
> a service exists), their contact details have been permanently 
> published into the public record and their privacy is thus permanently 
> breached. As a result the RDS threatens the ability of dissenting 
> voices to exercise their inalienable rights in an online environment.
>
> *Primary Actor: *Government or other entity wanting to censor a 
> dissident group.
>
> *Other stakeholders:*Domain name registrant.
>
> *Scope:*
>
> *Level:*
>
> *Data Elements:* In order to prevent misuse by another actor, no 
> personally identifiable information should be stored in the RDS 
> whatsoever. The only data elements that the RDS requires to operate on 
> a technical level are: the domain name itself, the registrar, the 
> domain name’s expiry date, and its status (registered / not 
> registered). For it to be of functional use, there are two optional 
> fields: name servers, and the auth-code.
>
> *Story: *
>
>   * A requestor accesses the RDS to obtain information about a
>     registered domain name. The RDS immediately returns the
>     registration data associated with the domain name, which may
>     include a name and physical address of the registrant.
>   * The requestor passes the extracted information on to a third party
>     who visits the physical address of the contact. The registrant
>     suffers physical harm as a result of the RDS and no longer feels
>     comfortable using the Internet to convey to the public important
>     information.
>
> *Privacy implications: *Article 19 of the Universal Declaration of 
> Human Rights states that everyone has the right to freedom of opinion 
> and expression; this right includes the freedom to hold opinions 
> without interference and to seek, receive, and impart information and 
> ideas through any media and regardless of frontiers. These principles 
> must be upheld in the RDS. An RDS that contains any 
> personally-identifiable information would threaten these very 
> freedoms. Accordingly, the RDS must only collect and store data for 
> limited, lawful, and appropriate purposes.
>
> *Who has control of and access to the data: *
>
> **
>
> *Conditions under which the data are accessible: *
>
> *How data can be accessed: *At this time, personally identifiable 
> information can be accessed by any party in the world, for any reason. 
> This is not consistent with best practices in privacy protection.
>
> *Other?*
>
> As you can see, I have left a few of the fields in Lisa's template for 
> use cases blank. I do not have all the answers, so I would very much 
> welcome your suggestions on how this use case could be 
> strengthened. I'm still a little uncertain as to whether we are 
> designing use cases for what the WHOIS protocol is like today (this is 
> an assumption I have gone by in this first draft) or if this is meant 
> to be more like a use case in a dream system instead. I'll revise this 
> use case once I understand this exercise a bit better.
>
> Thank you for your time, consideration, and feedback.
>
> Best wishes,
>
> Ayden Férdeline
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- 
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160726/6d427f0c/attachment.html>


More information about the gnso-rds-pdp-wg mailing list