[gnso-rds-pdp-wg] RDS 5 Charter questions
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Fri Jun 17 03:31:58 UTC 2016
Excellent question, and it is a hard one. In my view step one is to
isolate every step in the data chain that involves a cost (to the
registrant, to the registrar, registry, beneficial user of the data,
access control entity, escrow entity, even ICANN etc.). I include time
as money here. Systems and backup systems I am sure everyone has decent
numbers for, I am less sure about the rest because if ICANN demands
certain data practices as a condition of accreditation it is hardly
worth costing it out. However, adding data elements, tiered access,
authentication, decent security, escrow, adds cost elements. One of the
questions that is factored in to that root question, what is the purpose
of WHOIS?, is related to affordability and access to the DNS for every
individual and company, as far as I am concerned (and I think I speak
for most of us in NCSG when I say that). So if you tell me you can
estimate this now, I will relax. It is a bit like knowing what your
budget is when you reach for the grocery cart....and who gave you the
money in your purse. If registrars have to deal with every law
enforcement/IP holder demand for data with a human being, the cost may
well be prohibitive. this is a nut that has to be cracked early, in my
view, I do not want to be lulled into a false sense of security that
tiered access with solve privacy problems if a couple of years from now
we are told sorry, the registrant will have to be taxed an extra 250% to
cover the cost of that. Since the EWG tried in vain to find a party who
was keen to authenticate law enforcement, I suspect that piece will be
extremely costly as well.
SP
On 2016-06-16 22:20, Gomes, Chuck wrote:
>
> Stephanie,
>
> You have brought up costs multiple times before but I am still puzzled
> how we can estimate costs until we have a better understanding of what
> the requirements will be along with the resulting policies. And
> solving the problem of who pays is pretty hard to do until we have a
> reasonable estimate of the amount of costs. How would you propose we
> deal with costs at this stage?
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Stephanie Perrin
> *Sent:* Thursday, June 16, 2016 10:09 AM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>
> I will repeat what I have said before. Discussing "requirements"
> before purpose sets up business requirements before we have defined
> the business. DIscussing accuracy and access before we have
> determined requirements merely throws the cement hardener into the
> mix. Why on earth discuss accuracy requirements for data elements
> that are on someone's wish list unless the costing (and who will pay)
> is also defined? Part of discussing original purpose of the
> collection, use and disclosure of registration data is to determine,
> in 2016 and for the foreseeable future, why we collect information,
> what is legally permissible to collect, and who will pay for that
> collection (in one form or another).
>
> as I have said before, I fully understand that tackling this problem
> is difficult, and I understand the rationale for going with all the
> "requirements" first. I do think getting further refinement will sway
> all of us in certain directions....towards accepting the assumptions
> that all this data collection is necessary and desirable. It will
> also tire out those of us who have another life, but perhaps that is a
> desired outcome of the majority.
>
> Apologies for missing the call yesterday, I was travelling and unable
> to accept the callout. Comments will be coming shortly.
>
> SP
>
> On 2016-06-16 5:59, Victoria Sheckler wrote:
>
> +1
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Vayra,
> Fabricio (Perkins Coie)
> *Sent:* Wednesday, June 15, 2016 10:50 AM
> *To:* Gomes, Chuck <cgomes at verisign.com>
> <mailto:cgomes at verisign.com>; Ayden Férdeline
> <icann at ferdeline.com> <mailto:icann at ferdeline.com>; Susan
> Kawaguchi <susank at fb.com> <mailto:susank at fb.com>
> *Cc:* gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>
> I agree with Susan. There’s a reason the charter was written as
> is and to change it unwinds the charter without the benefit of the
> thoughtful work and deliberations that went into it. Moreover,
> leaving access and accuracy out of the discussion until the end
> has us making decisions in a vacuum. And, finally, I’m not sure
> how you divorce Users/Purposes, Privacy, and Data elements from
> Access and Accuracy, as the latter two are a constant and vital
> reference within all documents I’ve reviewed on the former three …
> so to separate these two topics out until later just sets us up
> for unnecessary grid-lock when we have to revisit the first three
> topics through the interrelated latter two topics of Access and
> Accuracy.
>
> Thanks,
>
> *Fabricio Vayra*
>
> *PARTNER*
>
> 700 Thirteenth Street, N.W. Suite 600
>
> Washington, DC 20005-3960
>
> D. +1.202.654.6255
>
> F. +1.202.654.9678
>
> E. FVayra at perkinscoie.com <mailto:FVayra at perkinscoie.com>
>
> cid:image001.jpg at 01D054C5.01001EE0
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Gomes, Chuck
> *Sent:* Wednesday, June 15, 2016 9:21 AM
> *To:* Ayden Férdeline; Susan Kawaguchi
> *Cc:* gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
> *Importance:* High
>
> Thanks for continuing the discussion on the approach to reaching
> consensus. I strongly encourage others to express your opinion on
> that along with your rationale: 1) Should we leave our work plan
> as is or 2) should we change it from two issue reports to three
> issue reports with the first one following deliberation on the
> user/purpose, privacy/data protection and data element questions?
>
> I appreciate the time you took to explain your position but note
> that much of what you said gets into what we will discuss in our
> future deliberations so I ask everyone to not go there yet but
> instead focus on commenting on the approach to reaching
> consensus. Our goal is to finalize that approach in our meeting
> next week.
>
> Chuck
>
> *From:*Ayden Férdeline [mailto:icann at ferdeline.com]
> *Sent:* Wednesday, June 15, 2016 6:54 AM
> *To:* Susan Kawaguchi
> *Cc:* gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>; Gomes, Chuck
> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>
> Hi Susan,
>
> Thanks for sharing these reflections. I understand the desire not
> to complicate this task. As someone who is new to the ICANN
> community and its approach to policy-making – and, also, someone
> who is an advocate of privacy – it would seem to me that all the
> costs and burdens associated with rallying against an open-access
> Registration Directory Service have been put on some stakeholders,
> while proponents of the status quo profit from the lack of
> consensus or inertia on a different path forward. I say this not
> to demonise any views, but to clarify that I do indeed share your
> perspective that we don’t want to be permanently gridlocked here.
>
> This is actually why my preference would be to go down the path
> that was suggested on our call yesterday – from what I recall, it
> would mean three opportunities for public comment, and a mandate
> to focus our energies on understanding Users/Purposes, Privacy,
> and Data Elements before we consider whether or not gated access
> is necessary or whether or not records should be accurate. It
> seems a little premature to me to consider the latter points when
> we have not yet established if there is a basis for collecting
> registration data in the first place. I share your point, though,
> that we should be distinguishing between individuals and
> commercial entities – which is not to presuppose that there
> ultimately will be a need for variations in treatment if the RDS
> is warranted.
>
> We can make our work easier, however. If we decide upon a standard
> by which to assess whether or not the RDS complies with, say, data
> privacy laws, we might have a more straightforward exercise ahead.
> And on that point I would like to note that just because the
> Internet originated in the US and its governance framework has
> been historically dominated by US-based actors does not mean we
> should by default turn to US law for contextual protections or
> principles. I would like to respectfully suggest that European
> instruments such as the European Convention on Human Rights,
> standards set by the European Union Data Protection Directive, and
> Convention 108 of the Council of Europe might be helpful starting
> points. These are not obscure laws or conventions which apply to
> no one: the EU population is over 500 million people, far greater
> than that of the US.
>
> I am not a lawyer and I do not come at this topic with the same
> institutional knowledge that others do have. I do not know all the
> details or decisions that have led us to this point where, it
> would seem, the (political) cost to move away from the current
> default is so very high. I say this to be clear, from the onset,
> that I might well be misinformed or wrong about how we move
> forward in this working group. However, it is my view that just
> because the Internet is by nature cross-border does not mean that
> it should be treated as a self-governing realm beyond the reach of
> national laws. WHOIS today, to me, seems to subvert and/or
> undermine domestic norms and institutions in many territories
> worldwide. I don’t want to get into the question of sovereignty
> online, but it would be helpful to at least establish whether or
> not we believe ICANN should mandate through its contracts with
> registrars that they comply with local legal regulations, or
> whether we instead believe that market forces should be driving
> fundamental decisions about the nature of the Internet.
>
> You can probably guess my position here, but I’d like to think we
> can reach some common ground. What are we more concerned about –
> the rights of the data subject and controller, or the rights of
> those who wish to monetise it? To come up with, like we have, a
> list of something like 780 possible requirements for the RDS
> strikes me as a recipe for disaster. It seems inevitable that we
> will accidentally impose huge costs on some stakeholder groups –
> the unintended consequence of trying to achieve some short-term
> policy goal not to do with any functional imperative of the
> Internet itself, but to meet someone’s obscure interest. That’s
> why I want to hammer down on what data is being collected, why it
> is being used, and what are the implications for privacy before we
> proceed any further.
>
> Just my $0.02.
>
> - Ayden
>
> On Tue, Jun 14, 2016 10:51 PM, Susan Kawaguchi susank at fb.com
> <mailto:susank at fb.com> wrote:
>
> Hello All,
>
> I have been thinking about the RDS discussion from this morning’s
> meeting and wanted to clarify my personal position (not as a vice
> chair of the WG) I think we will complicate our task if we
> initially limit the discussion to three of the charter questions
> relating to users/purposes, privacy and data elements. Much
> thought went into drafting the charter and brainstorming how a WG
> should approach deliberations.
>
> Users/Purposes
>
> Privacy
>
> Data elements
>
> Access
>
> Accuracy
>
> All of the above are very interrelated and I can’t imagine that we
> can sufficiently discuss one or two without the others.
>
> One other issue that comes to mind is that we must keep in mind
> PII data but we also have to be wary of creating requirements that
> convey data protection rights of individuals to commercial
> entities. For each of the topics above we need to address how it
> would affect an individual or a commercial entity.
>
> I think we should move forward with the original plan according to
> the Charter and discuss all 5 issues in the first pass.
>
> Susan Kawaguchi
>
> Domain Name Manager
>
> Facebook Legal Dept.
>
> Ayden Férdeline
>
> Statement of Interest
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gnsosoi_Ayden-26-2343-3BF-25C3-25A9rdeline-26-2343-3BSOI&d=CwMGaQ&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=fLy_j2dJidfz8cbOpf5vyO1JREPzgsOw2KKOvpqP3eI&s=kkHizDWFLQRbNkD1e9Kt9tnqA6BmHLWlIte1Qy8Q500&e=>
>
> ------------------------------------------------------------------------
>
>
> NOTICE: This communication may contain privileged or other
> confidential information. If you have received it in error, please
> advise the sender by reply email and immediately delete the
> message and any attachments without copying or disclosing the
> contents. Thank you.
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160616/258e0d75/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4701 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160616/258e0d75/attachment.jpe>
More information about the gnso-rds-pdp-wg
mailing list