[gnso-rds-pdp-wg] The States are Getting into the Act

[Gomes, Chuck]

Let me point out that for the sake of this discussion, ICANN is not some third party; we are ICANN.  ICANN is all of the SOs and ACs and SGs and Cs; it is not just staff or the Board.  It is our task as a WG to try to develop answers to the questions that have been asked and develop policy if possible for an RDS system.  The  GNSO Council will then decide whether we have followed proper procedures and process and, if so, forward our policy recommendations to the Board.  Nothing can become policy unless the Board approves it and they have a responsibility to respect the multistakeholder process that we are all a part of in ICANN.
Chuck

From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Sam Lanfranco
Sent: Wednesday, June 22, 2016 10:37 AM
To: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] The States are Getting into the Act

I have a brief comment to follow up on Volker’s comments, the spirit of which I completely support. I recognize that my comments may be unpopular. I have kept a low profile in these discussions and I fear that despite heroic work and dedication on the part of all, there is a serious risk of this turning into a train wreck in practice.

Registries and registrars operate under the existing laws of the countries in which they reside. Increasingly they cannot conduct business in countries unless they have a business presence in that country. This gives countries power over registries and registrars, including the power to override elements of contracts with ICANN. How can this reality be reconciled with extending the most extensive privacy protection level to customers in ways that are workable for all providers and their customers?

ICANN can identify the absolute minimum data set required by ICANN. ICANN does not have the country by country experience or exposure of registrars and registries. It could participate in DNS industry led efforts to deal with registries and registrar data requirements, but those efforts are probably best held outside ICANN and (horror of horrors) will likely involve multilateral efforts to reconcile inter-country differences where ICANN could/should engage both as a stakeholder and as an advocate for the common good in Internet governance.

In short, ICANN should (but probably won’t) focus on ICANN’s minimum needs, and then work elsewhere in partnership, as a stakeholder and offer wise counsel, within the larger multilateral and country by country struggle for customer privacy and security in ways workable for all providers and their customers. Does this sound like a new ICANN? Yes. Is there a choice? I think not. Might I be wrong? Maybe. A train wreck? Hope not.

Sam L.

On 6/22/2016 7:06 AM, Volker Greimann wrote:

Frankly, as a provider that is handing over private details of my customer I do not care about anything less than the maximum required protection in any jurisdiction that may be applicable. So what if the states have lower privacy protection requirements than Europe and India has none? The only acceptable result in my eyes is an accomodation of the most extensive privacy protection level that may be required.

If we start looking at the countries which do not care about the privacy of their citizens, then we will get nowhere. Only be adhering to a maximum standard can we ensure that the result is workable for all providers and their customers.

Volker


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160622/7f69c1fe/attachment.html>