[gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Wed Jan 25 07:34:31 UTC 2017
i am sorry to have missed the call yesterday and have not had time to
listen yet, but if I may comment on a couple of items:
1. Part of the confusion about personal information is the difference
in definition. The US has recently (ok, for the last 20 years which is
recent in my terms) focused on the notion of "personally identifiable
information" which is usually taken to mean that the identification of
the individual has to be present in the data set, could be by an
identifier such as SSN but the identifier has to be there. Others
consider/have legislated that any information "about an individual"
(older definition) is personal. That includes information generated,
such as account history. This approach inherently recognizes the
difficulty in saying any data which originated in association with an
individual could be called anonymous or non-personal... even if the
data does not appear to be personal data (timestamps, health data
without name, etc) is still personal if it is generated in association
with an individual.
2. Information "generated" is generally considered as collected, unless
as Peter Kimpian has pointed out, you use the term "processed" as the EU
does, that gets around these details. (I used to dislike the concept of
"data processer" but I am beginning to appreciate its simplicity....)
3. As James points out below, subsequent uses of information should not
be used to justify collection in the first place. The primary question
asked of Data controllers, and ICANN is in my view very clearly the data
controller here, since it sets the rule, is what is the purpose of your
operation? what is the limited and specific data set required to
perform that set of operations? That defines the purpose of collection,
not the manifold opportunities other stakeholders may see in your data
set, or the many legitimate reasons to ask to see it once collected.
Part of our problem here in my view, inherently, is the multistakeholder
nature of the negotiations. If the government, for instance, (assuming
a govt that provides healthcare as most western nations do) were to
convene a meeting of all stakeholders, and said right, what are all the
use cases for the health data about individuals, there would be a
million use cases put forward by anyone with a product to sell or
protect, or a risk to mitigate, or an expense to manage. The point is
the purpose of gathering health data is to best manage the health care
of the individual, and failure to stick to that narrow, limited and
specific purpose opens up a Pandora's box. In consultations one might
hear from all the stakeholders, but designing a system without due
rigour for the primary policy goal is fraught with peril and basically
violates data protection law. ICANN has basically done this over the
years, by failing to be specific about the purpose of this collection,
although I would note that the decision to stick to the narrow,
technical purpose back in Task Force 2 was sensible. I have a feeling
if we don't agree to do that soon we will be going in circles. And I
apologize in advance, it will be my duty to keep raising objections
(thus forcing circling) because from a data protection perspective it is
just not acceptable to broaden the purpose of collection to the point
where any data element will be deemed desirable and acceptable to
collect for secondary purposes.
Stephanie
On 2017-01-24 19:57, Gomes, Chuck wrote:
>
> Regarding our focus on collection and also on uses versus purposes, I
> would like to share some thoughts that I shared privately with a WG
> member a few days ago.
>
> When I say ‘collection of data’, I mean collection for use in the RDS
> regardless of how it might be displayed or accessed. In our
> leadership call yesterday, Michele pointed out that thin data is
> generated, not collected. From the point of view of registries and
> registrars, I believe that is correct. But as others have pointed
> out, our task is not to decide what registries and registrars collect
> but rather what would be collected for the RDS. Of course, if we
> develop policies that require that a thin data element is needed in
> the RDS, it would need to be collected from registries and/or
> registrars, and it would then follow that registries and/or registrars
> would have to generate it.
>
> With that explanation of my use of the word ‘collect’, let me also
> make a few other points:
>
> ·We initially narrowed our focus on ‘collection only’ to keep our
> focus on a more manageable scope; right or wrong, we decided that
> focusing on collection and display and access all at once would make
> our task more difficult.
>
> ·One problem with focusing on ‘collection only’ is that it causes us
> to reach conclusions that may later be changed and I am suspecting
> that that is part of the problem. For example, when we conclude that
> we have reached rough consensus that research is a legitimate purpose
> for collecting thin data, that conclusion could later change when we
> talk about display of certain thin data elements or access to some
> thin data elements. It might be better if we called our conclusions
> ‘interim conclusions’ because they may change after deeper deliberation.
>
> To take this one step further, in our further deliberations on data
> elements beyond collection we could find that there are no legitimate
> uses for particular data elements. In such cases I think that we
> would then delete any interim purposes for which we reached rough
> consensus for collection of them. In other words, if there is no
> legitimate use for the data, whether public or gated access, it seems
> to me that there would be no need to collect it.
>
> Does any of this make sense?
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *James Galvin
> *Sent:* Tuesday, January 24, 2017 4:20 PM
> *To:* Greg Aaron <gca at icginc.com>
> *Cc:* RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Now open: 18 January Poll
> on Purpose
>
> I’m still struggling to understand your answer to my question, “How
> are the rights of legitimate users infringed by requiring them to
> authenticate in order to get access to data?”
>
> Scott has reframed my question by observing that one consideration for
> this group is that there may be data that is available anonymously and
> data that requires authentication of the requestor. Either that
> consideration implicitly infers that rights are not infringed or we
> still have a question to answer.
>
> Taking a step back, it’s probably too soon to focus too much on this
> issue. We’re really talking about data collection at this time so the
> parameters of display or access are relevant but don’t need to be
> solved just yet.
>
> I agree there are a number of interesting if not important use cases.
> The question I am pressing is why these use cases justify collection
> of the data? If we can’t clearly answer this question then I will
> continue to object to collecting the data for the purpose being discussed.
>
> I’m wondering if you’re asserting that legacy uses establish
> legitimate usage and since that has been anonymous to date it is an
> infringement of a “right” to take that away.
>
> Jim
>
>
>
>
> On 24 Jan 2017, at 14:05, Greg Aaron wrote:
>
> I made a typo below. It should read: “For example law enforcement
> investigators do not want to reveal what they are looking into,
> for obvious reasons. I also assume that they do not want to
> violate terms of service or lie about who they are or what they
> are doing.”
>
> --Greg
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>[mailto:gnso-rds-pdp-wg-bounces at icann.org]
> *On Behalf Of *Greg Aaron
> *Sent:* Tuesday, January 24, 2017 1:53 PM
> *To:* James Galvin <jgalvin at afilias.info
> <mailto:jgalvin at afilias.info>>; RDS PDP WG
> <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
> *Subject:* Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
>
> Dear Jim:
>
> If legitimate users must identify themselves before looking up a
> domain name, and are required to state their purpose for making
> that query, that is a significant collection of data with huge
> privacy and security implications. It means that registrars and
> registry operators would collect information about what specific
> people are searching for, and why. Users who have perfectly
> legitimate uses are not currently required to give up their
> identities and use cases – can such a change be justified?
>
> As a practical matter, a change would makes people jump through
> hoops unnecessarily. If we’re talking about thin data, that data
> is not sensitive or personally identifiable. Thus there’s no
> reason for people who want to access it to declare their
> identities and use cases.
>
> Currently our RDS system (WHOIS) is a public query/response
> system. You’re pointing to turning RDS into a credential-driven
> system. That poses enormous consequences for privacy, security,
> and cost. A lot of people commented about those things in
> response to the EWG. See SAC061 or example.
>
> There are use cases that argue in favor of anonymous access. For
> example law enforcement investigators do not want to reveal what
> they are looking into, for obvious reasons. I also assume that
> they do they want to violate terms of service or lie about who
> they are or what they are doing.
>
> The setup we currently have -- a query/response system that does
> not require credentials or permissions -- avoids the above
> problems, among others.
>
> All best,
>
> --Greg
>
> *From:*James Galvin [mailto:jgalvin at afilias.info]
> *Sent:* Tuesday, January 24, 2017 12:55 PM
> *To:* RDS PDP WG <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>>
> *Cc:* Greg Aaron <gca at icginc.com <mailto:gca at icginc.com>>
> *Subject:* Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
>
> I have a comment and a question about Greg’s suggestion/conclusion.
>
> First, while I appreciate the documented history and recollection
> of precedent, we are frequently reminded that we are starting with
> a clean slate. Thus the fact that “all use is allowed except when
> a use is specifically prohibited” currently exists in contracts is
> not binding for us.
>
> Second, could you say more about how the rights of legitimate
> users are infringed by having to identify themselves before
> getting access to data? In my experience it is ordinary process to
> identify yourself for access (and sometimes authenticate yourself)
> unless the circumstances are known to be anonymous or public. This
> group has to decide if the circumstances justify anonymous or
> public access, and what that means.
>
> Thanks,
>
> Jim
>
>
>
> On 23 Jan 2017, at 12:45, Greg Aaron wrote:
>
> The question is not “Is ICANN a law enforcement body?’’
> (Clearly it is not.) The question is whether ICANN can
> require that data be collected and published in order to
> facilitate various legitimate goals. The answer to that
> question is clearly “yes.”
>
> ICANN’s Bylaws describe ICANN’s responsibilities and their
> scope – especially see Article 1, section 1, of ICANN’s
> Bylaws, entitled “Mission, Commitments and Core Values.”
> (https://www.icann.org/resources/pages/governance/bylaws-en/#article1)Among
> other things, “ICANN's scope is to coordinate the development
> and implementation of policies: For which uniform or
> coordinated resolution is reasonably necessary to facilitate
> the openness, interoperability, resilience, security and/or
> stability of the DNS including, with respect to gTLD
> registrars and registries… functional and performance
> specifications for the provision of registrar services;
> registrar policies reasonably necessary to implement Consensus
> Policies relating to a gTLD registry; resolution of disputes
> regarding the registration of domain names... Examples of the
> above include, without limitation: …maintenance of and access
> to accurate and up-to-date information concerning registered
> names and name servers”.
>
> Years back it was decided that the collection and publication
> of the data was important for accomplishing some legitimate
> goals, in keeping with the above principles. And since the
> old days there have been additional statements of note. For
> example in 2007 the GAC weighed in recognizing a number of
> specific legitimate uses, including “facilitating inquiries
> and subsequent steps to conduct trademark clearances and help
> counter intellectual property infringement” and “contributing
> to user confidence in the Internet”, in keeping with law.
> We’re reviewing all this now; just saying that there’s a lot
> of precedent, and proposals for chnage need to address precedent.
>
> Currently there is an approach that’s important to mention.
> The contracts say that registrars “shall permit /use /of data
> it provides in response to queries /for any lawful purposes/”.
> [Emphases added; and except for “mass unsolicited, commercial
> messages” i.e. spamming, and some high-volume queries.)
> /Access /is not prohibited or regulated. /All use is allowed/
> except when a use is specifically prohibited.
>
> The alternative is to enumerate all allowable uses and to
> regulate access based on each user’s intent to honor those
> allowed uses. And that takes the world to a place where a
> system must gatekeep all users, and parcel out data to them
> only after the assert or prove they have a legitimate use and
> that they will employ the data only for that purpose. IMHO
> that infringes upon the rights of legitimate users, and is
> also a completely unmanageable solution.
>
> All best,
>
> --Greg
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>[mailto:gnso-rds-pdp-wg-bounces at icann.org]
> *On Behalf Of *Kimpian Peter
> *Sent:* Monday, January 23, 2017 8:53 AM
> *To:* Stephanie Perrin <stephanie.perrin at mail.utoronto.ca
> <mailto:stephanie.perrin at mail.utoronto.ca>>;
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject:* Re: [gnso-rds-pdp-wg] FW: Now open: 18 January Poll
> on Purpose
>
> Dear All,
>
> Adding to the purpose debate: usually it is common sense and
> wiedly reckognised that we don't collect personal data just
> for the sake of it or in bulk saying it will be good for one
> purpose or another. Usually data controllers have the
> obligation to say openly in advance this is why I am going to
> process (ie collect, agregate, transfer, etc.) personal data.
> Being said that it can not be excluded that those data will be
> used/accessed for "higher" common good and for the benefit for
> all by another athorised data controller. For example a telco
> company can if all conditions met disclose (!) data it
> previously collected to law enforcement agencies but this does
> not mean that the Telco compony can collect, process etc data
> for law enforcement purpose...
>
> My simple question to start with would be and always was: Is
> ICANN a law enforcement body? Does ICANN have any
> power/competence in fighting against crime? And it goes for
> other purposes as well: Is ICANN an international trademark
> organisation? Etc...Is the answer given to those questions is
> shared by all the community of ICANN? In my sense we have to
> be sure that we answer first those questions before deciding
> on possible purposes (which does not mean that discloser of
> data on a case-by case base according to international legal
> requirements will not be possible after this, but those will
> be exceptions !!!)
>
> Best regards,
>
> Peter
>
> 2017.01.22. 19:20 keltezéssel, Stephanie Perrin írta:
>
> I love your analogy Shane, it is perfect. In data
> protection terms that would be a use. For a legitimate
> purpose... sledding. There might have to be repercussions
> if you cracked the lid....that might be a data breach:-)
>
> I hate being a nit picker and calling out this distinction
> between purpose of collection as opposed to purpose for
> use and disclosure, but it is extremely important in terms
> of data protection. Some laws are more clear than others
> on the distinction, and you are correct that if we are not
> careful DP laws will forbid the collection and disclosure
> of the data. It is certainly clear that for collection of
> thin data, there is ample justification for collecting the
> info based on ICANN's limited mandate. However adding law
> enforcement and other similar website related
> investigative activities to the list of legitimate
> purposes is in my view opening a barn door. After a year
> of discussion we may understand the nuance, that we are
> talking about thin data, etc etc but when the fruits of
> our labours are published, it looks like we have all
> agreed that law enforcement (eg) is a legitimate purpose
> for collecting registration data. In my view, it is not.
>
> cheers Stephanie
>
> On 2017-01-22 04:03, Shane Kerr wrote:
>
> Greg,
>
> If we can say that not all legitimate purposes have to
> be catered for,
>
> then I agree with you. :)
>
> If we say that tracking down the registrar of a domain
> as part of
>
> trademark research is a legitimate purpose, that does
> not mean that we
>
> have to design the system for this purpose, right?
>
> To try an analogy: We can recognize that using the
> plastic top of a
>
> garbage can as a sled is legitimate, but we don't
> insist on designing
>
> lids with sledding in mind.
>
> Full disclosure: My own take on the "legitimate
> purpose" discussion
>
> with regards to "thin data" is that we need *some*
> purpose for both
>
> gathering and publishing the information, because
> otherwise privacy
>
> laws may prohibit companies from gathering or
> publishing it. Luckily I
>
> think that there are so many such purposes that the
> need for the
>
> information is indisputable.
>
> Jumping ahead... as I said in a prior call (sorry for
> missing ones since
>
> then), I would prefer that the information is then
> allowed for any
>
> purpose, without restriction, because otherwise you
> have to have not
>
> only tiresome rules about what is allowed but also the
> Internet Police
>
> to enforce those rules, which seems like a step
> towards Armageddon.
>
> Given that we're still talking about "thin data",
> which is basically
>
> just a pointer to a registrar who has *actual* data,
> my own
>
> recommendation is not to stress too much. This stuff
> is only very, very
>
> vaguely personally identifiable.
>
> Cheers,
>
> --
>
> Shane
>
> At 2017-01-21 14:51:29 -0500
>
> Greg Shatan <gregshatanipc at gmail.com>
> <mailto:gregshatanipc at gmail.com>wrote:
>
> I have to disagree. These are legitimate purposes
> for collection, as well
>
> as for disclosure.
>
> Greg
>
> On Fri, Jan 20, 2017 at 7:02 PM, Stephanie Perrin <
>
> stephanie.perrin at mail.utoronto.ca
> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>
> I filled it out, but I am afraid for most of
> the purposes I could not
>
> agree. We do not *collect *data for many of
> those purposes. We disclose
>
> it to people for those purposes, but the
> purpose of collecting those data
>
> elements is not for tax collection, trademark
> enforcement actions, etc.
>
> This is the conflation issue I have raised
> repeatedly.
>
> Apologies if I did not make that point clear
> enough on the call.
>
> Stephanie Perrin
>
> On 2017-01-20 17:35, Gomes, Chuck wrote:
>
> Please note that our current poll ends in
> about 24 hours. So far only 16
>
> people have responded.
>
> Chuck
>
> *From:* gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>[mailto:gnso-rds-pdp-wg-
>
> bounces at icann.org
> <mailto:bounces at icann.org><gnso-rds-pdp-wg-bounces at icann.org>
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>]
> *On Behalf Of *Lisa
>
> Phifer
>
> *Sent:* Wednesday, January 18, 2017 1:50 PM
>
> *To:* RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> <mailto:gnso-rds-pdp-wg at icann.org><gnso-rds-pdp-wg at icann.org>
> <mailto:gnso-rds-pdp-wg at icann.org>
>
> *Subject:* [EXTERNAL] [gnso-rds-pdp-wg] Now
> open: 18 January Poll on
>
> Purpose
>
> Dear all,
>
> As directed in the 18 January WG call, this
> week's new Poll on Purpose is
>
> now open for WG member participation:
>
> https://www.surveymonkey.com/r/SZX9QJZ
>
> A PDF of this poll's questions and
> notes/recordings of the meeting are
>
> posted on the 18 January meeting page:
> https://community.icann.org/x/
>
> EbTDAw
>
> This poll will close at *COB Saturday 21
> January 2017*.
>
> All WG members are encouraged to participate
> in this poll to help advance
>
> deliberation and prepare for next week's meeting.
>
> Best regards,
>
> Lisa
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing
> listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <mailto:listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170125/d390dc75/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list