[gnso-rds-pdp-wg] Bigger Picture

Chuck consult at cgomes.com
Fri Dec 8 20:30:49 UTC 2017 

Thanks for the questions Allison.  As I think everyone knows, I cannot speak for ICANN.  But I have inserted my personal responses below.

 

Chuck

 

From: allison nixon [mailto:elsakoo at gmail.com] 
Sent: Friday, December 8, 2017 11:05 AM
To: Chuck <consult at cgomes.com>
Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Bigger Picture

 

Chuck, a few questions:

 

This letter was sent from the EU data protection authorities to ICANN just yesterday:

https://www.internetnews.me/2017/12/07/european-data-protection-authorities-send-clear-message-icann/

 

It's clear that ICANN's stance on the GDPR/WHOIS issue has so far been to ignore it, despite mounting criticism and concern from all involved parties.

 

I also want to highlight in particular that the EU data protection authorities' letter appears to be completely unaware of the legitimate needs served by non-law enforcement 3rd parties that are impacted by the use of the registered domain. For that matter, there is no language at all that directly addresses the rights of outsiders who are not part of the commercial transaction yet are impacted by a domain via spam, hacking, etc.

 

1. Why is ICANN continuing to be inactive on this issue?[Chuck Gomes]  They are no longer inactive.  One only has to look at the activities at ICANN60 to see that.  And for a large part of this year ICANN leadership and staff have been quite active.

2. Why has ICANN failed to highlight the legitimate purposes that unlimited publication of WHOIS data serves?[Chuck Gomes]  ICANN is built as a bottom-up multi-stakeholder model.  ICANN staff and its Board make final decisions about policies such as Whois but the decisions they make are supposed to be based on recommendations developed by the stakeholders in the overall ICANN community.  If you mean ICANN staff and/or Directors when you say ICANN, then I would respond by saying that staff members and the Board members are not authorized to unilaterally to make policy.  The ICANN Bylaws specify how policy must be developed; for gTLDs, the GNSO is the policy management body and specific procedures are in place regarding how that is supposed to happen.  Once policy recommendations are completed via a bottom up, working group approach such as our working group, the GNSO Council decides whether proper process has been followed and all stakeholder interests have been adequately considered; if they agree that that has happened, they then forward the recommendations to the Board for final approval.  In this context, it is our job as a WG “to highlight the legitimate purposes that unlimited publication of WHOIS data serves”.  In fact, the work we are now doing is defining legitimate purposes.

3. Why has ICANN failed to protest the fact that the EU authorities are on the verge of issuing a blanket ruling, backed by harsh penalties and fines, that will degrade the reliability, safety, and usability of the DNS? [Chuck Gomes]  Not being aware of ICANN leadership’s interactions with EU authorities, I don’t know whether they have protested or not, but it has become evident in recent months that other parties inside and outside the EU have communicated concerns, some of which have been discussed in the GAC.

4. Where are the actual large registrars in this debate? Most of the registrars in this working group are small outfits in terms of market share. What does Godaddy, eNom, Tucows, et all think about this or plan to do about it? Do they plan to make any statements?[Chuck Gomes]  Like with ICANN the organization, I cannot speak for registrars or for registries.  But I note that you read the information posted by Enom.  I can say though that registries and registrars have been very active in trying to get ICANN the organization to become active in this debate.  They are especially concerned because they will be vulnerable for what could be very significant fines.

 

 

[Chuck Gomes] As you probably know, I am a strong supporter of the bottom-up multi-stakeholder model for policy development, but it is very slow and very messy.  I still think it is much better than a top-down management approach.  The latter would be much faster but also much less likely to address all stakeholders’ needs.  There are many governments in the world who continue to advocate for a governmental approach to domain name policy because they also are frustrated by the slowness of the multi-stakeholder process.  If a governmental approach was used, which government(s) would be in charge?  

 

 

 

 

On Fri, Dec 8, 2017 at 11:40 AM, Chuck <consult at cgomes.com <mailto:consult at cgomes.com> > wrote:

With this message I am going to start a new thread.  To set the stage let me say that I have read every message on our WG list over the last 24 hours other than any that may have been sent while I am writing this. In doing that I have concluded that we need to step back and adjust our focus on the bigger picture.

First let me say that we are not dealing with a choice of Whois as we know it today versus no Whois at all, so let’s discard that dichotomous choice.  Second, we have sufficient evidence to say that there are regulations in some jurisdictions that forbid the public display of personal information belonging to natural persons the way it happens with currently implemented Whois policy and contractual requirements.  Third, all of us as law-abiding citizens, whether individuals or organizations, must obey applicable laws.  Fourth, there are many uses of RDS data that provide essential benefits to the Internet community so we as a WG need to figure out ways to obey laws and still achieve the benefits of RDS data access.

I think it is critical that we recognize that the laws that are mandating change to Whois policy and contractual requirements only impact a subset of any RDS system that is developed.  We are not talking about all RDS users in all geographical jurisdictions nor are we talking about all RDS data elements.  In the case of the GDPR we are talking about personal information about natural persons who reside in Europe.  I acknowledge that other jurisdictions have similar legal restrictions, but I think that the GDRP provides a good starting point.  That means that the problem we must solve primarily involves a subset of all RDS users and global jurisdictions.

Fortunately, we now have a protocol that allows us to customize any modification to the existing Whois system or development of a new RDS to accommodate the varying legal requirements by jurisdiction.  That will not be a trivial exercise, but it is doable.

With all that said, let’s remember that we have a large subset of RDS data and RDS users that are not impacted by the various data privacy and data protection regulations around the world.  That doesn’t make our job any easier in dealing with the data elements and users who are impacted by such regulations but let’s at least recognize that the problems we must solve do not involve the whole system.  I believe we still have the possibility of recommending fairly open access for large numbers of users and data elements; I am not saying whether we should do that or not, but I strongly believe that it will help us to realize that we are not confronting an all or nothing situation.

Finally, let me finish by saying that none of what I said makes our job easy.  It will be hard.  But I ask every WG member to commit to constructive collaboration with one other to achieve what no other Whois group has ever done.  Let’s disagree respectfully, avoid personal criticism, listen carefully to one another and explore creative ways to find solutions to the challenges in front of us.

Thanks for being a part of this WG.  Thanks for your patience and diligence in sticking with us.

Chuck 

 


_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org> 
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg





 

-- 

_________________________________
Note to self: Pillage BEFORE burning.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171208/b81fd044/attachment.html>

More information about the gnso-rds-pdp-wg mailing list