[gnso-rds-pdp-wg] Bigger Picture
allison nixon
elsakoo at gmail.com
Fri Dec 8 20:33:29 UTC 2017
Thanks for this reply too. It's educational.
While I have no involvement with the ICANN community before this group, and
I know the WHOIS topic has always been this way, what you describe on the
community's lack of response does sound like a kind of paralysis brought on
due to lack of structure. Doesn't ICANN have a CEO and board who ultimately
set forth the structure? What are they spending their time doing while all
parties involved are fighting for their own survival?
Secondly, from all i have read about the data protection authorities, and
what they want, it certainly does look like clearly outlining the existing
legitimate use cases might help with the compliance issues. From all the
reading I've done, it almost looks like the data protection authorities
think registrars publish all this data for no reason at all. The GDPR laws
require legitimate purposes to publish data, and plenty of evidence of
these purposes have been put forth here, but have clearly not made it to
any of the discussions that actually matter.
The community can debate on whether or not (for example) 3rd party due
diligence is important, but it's not a matter of debate that 3rd party due
diligence exists and is conducted by law firms, security companies, etc.
It's simply a statement of fact. Why is none of this brought up in the
discussions that matter?
On Fri, Dec 8, 2017 at 3:16 PM, theo geurts <gtheo at xs4all.nl> wrote:
> Good questions Allison, let me answer them from my perspective in no
> logical order :)
>
> 4 I cannot comment on the Enom/Tucows solution, but the contracted parties
> are going above and beyond to get compliant here. And believe me, we are
> not doing this to tick people off, let alone do this for fun.
>
> We are trying to SURVIVE.
>
> I can comment on the fact that contracted parties have been very engaged
> to get to a solution here with ICANN at an early stage, but let me come
> back to that while I address 1 and 2.
>
> 1 & 2
> People are under the impression that ICANN has failed. But ICANN is US, US
> being the ICANN COMMUNITY. I doubt to have to explain that the community
> has been divided since forever over this. This RDS WG is the prime example
> here on how divided this community is.
> ICANN ORG cannot move on without community support. So if we want
> solutions here, we need to work together here or you get ugly solutions
> like privacy services being used to stay compliant.
>
> 3 This assumes ICANN had a mandate from the community to object, but the
> community decided to ignore while it should have engaged.
> As we can read from the WP29 letter, they reached out since 2003 and never
> gotten a response back from this community. I am amazed they still hold the
> door open for this community who treated the EU DPA's like DIRT. Well not
> all of the community of course... some people within this community been
> warning us for years.
>
> Thanks,
>
> Theo
>
> On 8-12-2017 20:33, allison nixon wrote:
>
> Thank you, this is very helpful
>
> On Fri, Dec 8, 2017 at 2:09 PM, John Horton <john.horton at legitscript.com>
> wrote:
>
>> While I obviously can't answer most of that, and while I obviously don't
>> speak for Tucows/eNom, this PDF
>> <https://www.enom.com/blog/wp-content/uploads/2017/11/whois_changes_overview_enom.pdf>
>> might help answer a bit on your fourth question. This blog
>> <https://www.enom.com/blog/will-gdpr-impact-whois/> covers that as well.
>>
>> John Horton
>> President and CEO, LegitScript
>>
>>
>> *Follow LegitScript*: LinkedIn
>> <http://www.linkedin.com/company/legitscript-com> | Facebook
>> <https://www.facebook.com/LegitScript> | Twitter
>> <https://twitter.com/legitscript> | *Blog
>> <http://blog.legitscript.com/>* | Newsletter
>> <http://go.legitscript.com/Subscription-Management.html>
>>
>>
>>
>>
>> On Fri, Dec 8, 2017 at 11:04 AM, allison nixon <elsakoo at gmail.com> wrote:
>>
>>> Chuck, a few questions:
>>>
>>> This letter was sent from the EU data protection authorities to ICANN
>>> just yesterday:
>>> https://www.internetnews.me/2017/12/07/european-data-protect
>>> ion-authorities-send-clear-message-icann/
>>>
>>> It's clear that ICANN's stance on the GDPR/WHOIS issue has so far been
>>> to ignore it, despite mounting criticism and concern from all involved
>>> parties.
>>>
>>> I also want to highlight in particular that the EU data protection
>>> authorities' letter appears to be completely unaware of the legitimate
>>> needs served by non-law enforcement 3rd parties that are impacted by the
>>> use of the registered domain. For that matter, there is no language at all
>>> that directly addresses the rights of outsiders who are not part of the
>>> commercial transaction yet are impacted by a domain via spam, hacking, etc.
>>>
>>> 1. Why is ICANN continuing to be inactive on this issue?
>>> 2. Why has ICANN failed to highlight the legitimate purposes that
>>> unlimited publication of WHOIS data serves?
>>> 3. Why has ICANN failed to protest the fact that the EU authorities are
>>> on the verge of issuing a blanket ruling, backed by harsh penalties and
>>> fines, that will degrade the reliability, safety, and usability of the DNS?
>>> 4. Where are the actual large registrars in this debate? Most of the
>>> registrars in this working group are small outfits in terms of market
>>> share. What does Godaddy, eNom, Tucows, et all think about this or plan to
>>> do about it? Do they plan to make any statements?
>>>
>>>
>>>
>>>
>>> On Fri, Dec 8, 2017 at 11:40 AM, Chuck <consult at cgomes.com> wrote:
>>>
>>>> With this message I am going to start a new thread. To set the stage
>>>> let me say that I have read every message on our WG list over the last 24
>>>> hours other than any that may have been sent while I am writing this. In
>>>> doing that I have concluded that we need to step back and adjust our focus
>>>> on the bigger picture.
>>>>
>>>> First let me say that we are not dealing with a choice of Whois as we
>>>> know it today versus no Whois at all, so let’s discard that dichotomous
>>>> choice. Second, we have sufficient evidence to say that there are
>>>> regulations in some jurisdictions that forbid the public display of
>>>> personal information belonging to natural persons the way it happens with
>>>> currently implemented Whois policy and contractual requirements. Third,
>>>> all of us as law-abiding citizens, whether individuals or organizations,
>>>> must obey applicable laws. Fourth, there are many uses of RDS data that
>>>> provide essential benefits to the Internet community so we as a WG need to
>>>> figure out ways to obey laws and still achieve the benefits of RDS data
>>>> access.
>>>>
>>>> I think it is critical that we recognize that the laws that are
>>>> mandating change to Whois policy and contractual requirements only impact a
>>>> subset of any RDS system that is developed. We are not talking about all
>>>> RDS users in all geographical jurisdictions nor are we talking about all
>>>> RDS data elements. In the case of the GDPR we are talking about personal
>>>> information about natural persons who reside in Europe. I acknowledge that
>>>> other jurisdictions have similar legal restrictions, but I think that the
>>>> GDRP provides a good starting point. That means that the problem we must
>>>> solve primarily involves a subset of all RDS users and global jurisdictions.
>>>>
>>>> Fortunately, we now have a protocol that allows us to customize any
>>>> modification to the existing Whois system or development of a new RDS to
>>>> accommodate the varying legal requirements by jurisdiction. That will not
>>>> be a trivial exercise, but it is doable.
>>>>
>>>> With all that said, let’s remember that we have a large subset of RDS
>>>> data and RDS users that are not impacted by the various data privacy and
>>>> data protection regulations around the world. That doesn’t make our job
>>>> any easier in dealing with the data elements and users who are impacted by
>>>> such regulations but let’s at least recognize that the problems we must
>>>> solve do not involve the whole system. I believe we still have the
>>>> possibility of recommending fairly open access for large numbers of users
>>>> and data elements; I am not saying whether we should do that or not, but I
>>>> strongly believe that it will help us to realize that we are not
>>>> confronting an all or nothing situation.
>>>>
>>>> Finally, let me finish by saying that none of what I said makes our job
>>>> easy. It will be hard. But I ask every WG member to commit to
>>>> constructive collaboration with one other to achieve what no other Whois
>>>> group has ever done. Let’s disagree respectfully, avoid personal
>>>> criticism, listen carefully to one another and explore creative ways to
>>>> find solutions to the challenges in front of us.
>>>>
>>>> Thanks for being a part of this WG. Thanks for your patience and
>>>> diligence in sticking with us.
>>>>
>>>> Chuck
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>
>>>
>>>
>>> --
>>> _________________________________
>>> Note to self: Pillage BEFORE burning.
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>
>>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
--
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171208/4d4c0552/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list