[gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Wed Jan 25 19:32:38 UTC 2017
WHOIS at the moment is a phone book, and it is a phone book that
arguably violates data protection law. The purpose of this pdp is to
determine what the policy behind the RDS ought to be....not just limp
along with the vestigial WHOIS we inherited from Jon Postel.
The analogy with health data was to demonstrate that if the management
of the DNS was in the hands of government, they would have public policy
responsibilities, enforced in their parliaments or legislatures, to take
ALL views with due consideration (read with a grain of salt) and act in
compliance with law and with their respective Constitutions and
Charters. That was the point I was trying to make...we are in a
multistakeholder environment where stakeholders can influence policy to
a greater extent, with no recourse to a higher authority to question the
inclusion of perspectives that may not be agreed by others (eg. a
Parliament). and I am aware that the list of exceptions for third party
access is long. But they are for release or sharing of data....they are
not purposes of collection. In the cases of many of the government
exceptions you list, those are releases or sharing agreements authorized
by law, and subject to legal protection. They are not, in most cases
where there is a constitution in place that protects fundamental rights
and due process, reasons for broader collection for those purposes.
There are rare exceptions to that general principle, but by and large
they are rare.
Apologies if that example was not sufficiently clear.
cheers Stephanie
On 2017-01-25 07:53, nathalie coupet wrote:
> Regarding the analogy with health data, the list of exceptions is
> long, when it comes to the application of data protection laws. For
> example, they do not apply in cases where public health and safety
> require it;
> For government research and statistics needs;
> In case of a law enforcement investigation;
> When the security of the President or other high ranking officials is
> at stake;
> When the data can be collected from other sources (such as the phone
> book);
> When needed for legislative purposes;
> In case of a court order or other legal mandate;
> If the person giving the data does so willingly;
> And data protection doesn't apply to second or all subsequent sharings.
>
> The truth is data protection is very loosely applied and is not meant
> to prevent law enforcement, legal processes from going their course.
> By gating all data, or reducing RDS to just a technician's tool, this
> would also break the economy of the Internet.
> WHOIS/RDS is also a phone book and as such, it protects the end-user
> by affording her and additional and important level of security.
> Nowhere is it said that RDS is purely technical.
> This is reductive view.
>
> Nathalie
>
> Sent from my iPhone
>
> On Jan 25, 2017, at 6:56 AM, Stephanie Perrin
> <stephanie.perrin at mail.utoronto.ca
> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>
>> Sorry, this discussion is important. Your example proves my point.
>> What you show below is a disclosure. It is a disclosure of a limited
>> set of data. we are not supposed to be talking about disclosure at
>> this point in our proceedings. I leave it to the experts on whether
>> this is "thin" in the sense of the thick transition discussion, I
>> really don't know because we are focused on gTLD policy here. My
>> point is this is a disclosure. We do not "collect" thin data per se,
>> we collect a whole mess of mandatory data elements, as per the RAA.
>> Then we generate a whole mess as part of activating and making real
>> the domain's existence. Then we share (release) a small subset.
>>
>> So talking about collecting thin data is misleading in my view.
>> Purpose of disclosing it is what we are in fact talking about.
>> Calling it a purpose for collection opens the barn door.
>>
>> Stephanie
>>
>>
>> On 2017-01-25 06:46, Sam Lanfranco wrote:
>>> Thank you Michele, ( ignoring the spell check driven typo of "think"
>>> for "thick" (-: ). We should be able to put this "thin" discussion
>>> behind us.
>>> The "thin" discussion should have taken about 2 email exchanges.
>>> Here is CIRA's (thin) search for .ca domain names [disclosure: it is
>>> my domain name]
>>>
>>> Domain name: artisanalpot.ca <http://artisanalpot.ca>
>>> Domain status: registered
>>> Creation date: 2016/12/14
>>> Expiry date: 2017/12/14
>>> Updated date: 2016/12/19
>>> DNSSEC: Unsigned
>>> Registrar:
>>> Name: Web Hosting Canada (7081936 Canada Inc.)
>>> Number: 5000080
>>> Name servers:
>>> ns1.whc.ca <http://ns1.whc.ca> 173.209.49.178
>>> ns2.whc.ca <http://ns2.whc.ca> 198.245.53.176
>>> ns3.whc.ca <http://ns3.whc.ca> 198.245.61.86
>>> % WHOIS look-up made at 2017-01-25 11:32:24 (GMT)
>>> % Use of CIRA's WHOIS service is governed by the Terms of Use in its
>>> Legal
>>> % Notice, available at http://www.cira.ca/legal-notice/?lang=en
>>> % (c) 2017 Canadian Internet Registration Authority,
>>> (http://www.cira.ca/)
>>>
>>> Nothing private is disclosed and LEA would have to resort to legal
>>> means to get to what is in the "thick" data set.
>>> There are no ICANN policy issues here.
>>>
>>> Sam L <artisanalpot.ca <http://artisanalpot.ca>> (-:
>>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170125/5df06dce/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list