[gnso-rds-pdp-wg] The States are Getting into the Act

Sam Lanfranco sam at lanfranco.net
Wed Jun 22 14:36:50 UTC 2016 

I have a brief comment to follow up on Volker’s comments, the spirit of 
which I completely support. I recognize that my comments may be 
unpopular. I have kept a low profile in these discussions and I fear 
that despite heroic work and dedication on the part of all, there is a 
serious risk of this turning into a train wreck in practice.

Registries and registrars operate under the existing laws of the 
countries in which they reside. Increasingly they cannot conduct 
business in countries unless they have a business presence in that 
country. This gives countries power over registries and registrars, 
including the power to override elements of contracts with ICANN. How 
can this reality be reconciled with extending the most extensive privacy 
protection level to customers in ways that are workable for all 
providers and their customers?

ICANN can identify the absolute minimum data set required by ICANN. 
ICANN does not have the country by country experience or exposure of 
registrars and registries. It could participate in DNS industry led 
efforts to deal with registries and registrar data requirements, but 
those efforts are probably best held outside ICANN and (horror of 
horrors) will likely involve multilateral efforts to reconcile 
inter-country differences where ICANN could/should engage both as a 
stakeholder and as an advocate for the common good in Internet governance.

In short, ICANN should (but probably won’t) focus on ICANN’s minimum 
needs, and then work elsewhere in partnership, as a stakeholder and 
offer wise counsel, within the larger multilateral and country by 
country struggle for customer privacy and security in ways workable for 
all providers and their customers. Does this sound like a new ICANN? 
Yes. Is there a choice? I think not. Might I be wrong? Maybe. A train 
wreck? Hope not.

Sam L.


On 6/22/2016 7:06 AM, Volker Greimann wrote:
>
> Frankly, as a provider that is handing over private details of my 
> customer I do not care about anything less than the maximum required 
> protection in any jurisdiction that may be applicable. So what if the 
> states have lower privacy protection requirements than Europe and 
> India has none? The only acceptable result in my eyes is an 
> accomodation of the most extensive privacy protection level that may 
> be required.
>
> If we start looking at the countries which do not care about the 
> privacy of their citizens, then we will get nowhere. Only be adhering 
> to a maximum standard can we ensure that the result is workable for 
> all providers and their customers.
>
> Volker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160622/c72313fd/attachment.html>

More information about the gnso-rds-pdp-wg mailing list