[gnso-rds-pdp-wg] Sign-Up Sheet - Task 8
gca at icginc.com
Thu May 26 14:48:09 UTC 2016
I have several questions about your summaries; I suggest that they need further examination, and revision, before they are added to the list.
I am not sure how you derived some of your requirements from the source UN document. These are non-exhaustive examples:
· The UN doc said: "Contemporary research over the past five years has highlighted ever-increasing concern of citizens with the ease with which their good name and reputation may be attacked and destroyed on the Internet as well as the sense of helplessness that is felt by many netizens when seeking safeguards and remedies in cases of defamation and/or breach of privacy." That is not a policy statement or requirement from the UN, and the document does not say that online systems must be designed to protect people’s reputations. So I am not sure how you got from there to here: “The RDS must not be used to allow the good name and/or reputation of a citizen to be attacked and/or destroyed. There must be concrete safeguards protecting privacy, and real remedies for violations to privacy, dignity and reputation online which are or were enabled by the RDS.”
· Another of your summaries is: “If there is gated access, the RDS must feature strong encryption.” I do not see where this UN document makes any recommendations about the use of encryption. It notes that there is concern about back-doors to circumvent encryption, and does not go so far as to say that back-doors are against UN policy.
· The UN document does not say that RDS systems “must foster cyberpeace.” It says “The SRP is firmly of the opinion that Cyberspace risks being ruined by Cyberwar and Cyber-surveillance and that Governments and other stakeholders should work towards Cyberpeace. In this sense at least, privacy protection is also part of the Cyberpeace movement." In context of the document, that's a statement about cyberwar and mass state-sponsored cybersurveillance (cf Snowden). Those things are not about anything like access to domain registration records.
Also, heaven help us if ICANN is responsible for fostering world peace.
I also have an observation about attribution and precision. The document you summarized makes general statements about privacy and related subjects. It never refers specifically to WHOIS or domain registration systems, or to any specific data collection systems. So when you summaries say “The RDS must” do one thing or another, it makes it sound like the UN Special Rapporteur was writing specifically about RDS systems. I am sure this was unintentional. There are other documents that specifically talk about RDS systems and domain data, and I just suggest that the WG must be clear about what authority said what about what. Direct quotes from sources are preferable. That may not always be possible, but I think your summaries went beyond paraphrasing.
With best wishes,
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Ayden Férdeline
Sent: Thursday, May 26, 2016 9:24 AM
To: Gomes, Chuck <cgomes at verisign.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Sign-Up Sheet - Task 8
I would like to add the following six possible requirements to the list please. These have been inspired by the report from the UN Special Rapporteur on the Right to Privacy, though I have adjusted the wording where necessary for the purposes of this exercise.
Foundational Questions (FQ)
* The RDS must foster cyberpeace. Cyberspace will be destroyed by cyberwar and cybersurveillance if privacy is not respected online. Cyberspace will not be a peaceful sphere if the RDS enables, in any form, threats posed by terrorists, the activities of some States, organised crime, and/or corporations acting illegitimately.
* Any collection of personal data must be both conscious and consenting. Where individuals are aware that they are making data available for public view, it must be made clear the extent of the risk to them and their reputation were this data to be used or misused.
* The RDS must not be used to allow the good name and/or reputation of a citizen to be attacked and/or destroyed. There must be concrete safeguards protecting privacy, and real remedies for violations to privacy, dignity and reputation online which are or were enabled by the RDS.
* In the event that the decision is made for the RDS to contain personal data, the RDS must actively and regularly raise awareness amongst those individuals whose personal data is stored to help them understand what privacy is, what their privacy rights are, and how their privacy may be infringed upon. Information must also be actively provided on how privacy risks can be mitigated or minimised, and on what remedies are available if necessary. It is not sufficient for this information to be communicated solely via electronic means.
Gated Access (GA)
* If there is gated access, the RDS must feature strong encryption.
* The RDS must not be engineered to contain any back-doors. By introducing a technical input into an encryption product that would enable any party, even authorities, access to data, would also make encrypted data vulnerable to criminals, terrorists and foreign intelligence services, among others. This would have an undesirable consequence for the security of data stored in the RDS.
On Thu, May 26, 2016 2:06 PM, Gomes, Chuck cgomes at verisign.com<mailto:cgomes at verisign.com> wrote:
I think it would be helpful if the instructions for using the wiki were distributed to the full WG again.
From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Lisa Phifer
Sent: Wednesday, May 25, 2016 9:50 PM
To: "Ayden FÃ©rdeline"
Cc: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Sign-Up Sheet - Task 8
Thanks for volunteering to cover this document. I have added your name to the sign-up sheet.
Thanks too for letting us know that you had trouble editing the sign-up sheet to add your name. You must log in to the wiki in order to edit a page, but no edit restrictions are defined for that wiki page. If you have logged in but do not see an "Edit" button at the upper right of the sign-up sheet, please let us know.
At 03:09 PM 5/25/2016, Ayden FÃ©rdeline wrote:
I would like to review the following document for requirements please:
Human Rights Council - Report by the UN Special Rapporteur on the right to privacy (2016)<https://links5.mixmaxusercontent.com/aMjjKHWxnLSD3SEwj/l/CHxJdUTNoYMNgePHQ?messageId=2tuqVnr2DYNdkaiua&rn=&re=i02bj5SbvNWZy92YAF2cpxmI>
I do not appear to have the ability to edit the wiki page - I wonder if global editing is enabled?Â
On Tue, May 24, 2016 7:46 PM, Lisa Phifer lisa at corecom.com<mailto:lisa at corecom.com> wrote:
Per RDS PDP WG Call 24 May, 2016<https://community.icann.org/x/KA6OAw>, Action item #3: Staff to create a sign-up list to facilitate volunteers coming forward to review documents and identify possible requirements. WG members to sign up to review documents for possible requirements within 48 hours of circulation of sign-up sheet (see attached document, also posted on the WGâ€™s wiki at https://community.icann.org/x/shOOAw).
Instructions: The wiki sign-up sheet<https://community.icann.org/x/shOOAw> is to be used by RDS PDP WG members to volunteer to extract possible requirements for gTLD registration data or directory services (see https://community.icann.org/x/8waOAw ). To volunteer, visit the wiki sign-up sheet at https://community.icann.org/x/shOOAw. Sign up for a key input document that is familiar to you by picking an unassigned document from the sign-up sheet and entering your name in the â€œVolunteerâ€ column. You may volunteer to review multiple documents, but please sign up for only one document at a time to give all a chance to contribute in parallel. If you are unable to access the wiki sign-up sheet, you may reply to this email asking staff to sign you up for a document.
How to submit possible requirements: Send all possible requirements via email to gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>. For each possible requirement:
••• • • • • • • Identify the associated charter question(s);
••• • • • • • • Succinctly quote or paraphrase a possible requirement, focusing on phase 1 policy requirements;
••• • • • • • • Cite the source document by title and hyperlink. Possible requirements may also be submitted from new sources not already listed below.
For example, Greg just submitted this possible User/Purpose requirement quoted from SAC055: â€œThere is a critical need for a policy asserting the purpose of collecting and maintaining registration data. This policy should address the operational concerns of the parties who collect, maintain or use this data as it relates to ICANNâ€™s remit.â€ Additional examples can be found in draft 1 of the possible requirements list, posted at https://community.icann.org/x/8waOAw.
Due date: WG members are encouraged to make progress on this task before the next WG call (31 May 2016), at which time the WG will assess progress and determine a reasonable extension to that initial due date.
Statement of Interest<https://community.icann.org/display/gnsosoi/Ayden+FÃ©rdeline+SOI>
Statement of Interest<https://community.icann.org/display/gnsosoi/Ayden+Férdeline+SOI>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the gnso-rds-pdp-wg