[gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose

Victoria Sheckler vsheckler at riaa.com
Wed Jan 25 19:45:28 UTC 2017 

Isn’t consent always been acceptable for use and disclosure purposes?  And doesn’t all of this have to be balanced with the public’s legitimate interest in transparency?

From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Stephanie Perrin
Sent: Wednesday, January 25, 2017 2:33 PM
To: nathalie coupet <nathaliecoupet at yahoo.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose


WHOIS at the moment is a phone book, and it is a phone book that arguably violates data protection law.  The purpose of this pdp is to determine what the policy behind the RDS ought to be....not just limp along with the vestigial WHOIS we inherited from Jon Postel.

The analogy with health data was to demonstrate that if the management of the DNS was in the hands of government, they would have public policy responsibilities, enforced in their parliaments or legislatures, to take ALL views with due consideration (read with a grain of salt) and act in compliance with law and with their respective Constitutions and Charters.  That was the point I was trying to make...we are in a multistakeholder environment where stakeholders can influence policy to a greater extent, with no recourse to a higher authority to question the inclusion of perspectives that may not be agreed by others (eg. a Parliament). and I am aware that the list of exceptions for third party access is long.  But they are for release or sharing of data....they are not purposes of collection.  In the cases of many of the government exceptions you list, those are releases or sharing agreements authorized by law, and subject to legal protection.  They are not, in most cases where there is a constitution in place that protects fundamental rights and due process, reasons for broader collection for those purposes.  There are rare exceptions to that general principle, but by and large they are rare.

Apologies if that example was not sufficiently clear.

cheers Stephanie

On 2017-01-25 07:53, nathalie coupet wrote:
Regarding the analogy with health data, the list of exceptions is long, when it comes to the application of data protection laws. For example, they do not apply in cases where public health and safety require it;
For government research and statistics needs;
In case of a law enforcement investigation;
When the security of the President or other high ranking officials is at stake;
When the data can be collected from other sources (such as the phone book);
When needed for legislative purposes;
In case of a court order or other legal mandate;
If the person giving the data does so willingly;
And data protection doesn't apply to second or all subsequent sharings.

The truth is data protection is very loosely applied and is not meant to prevent law enforcement, legal processes from going their course.
By gating all data, or reducing RDS to just a technician's tool, this would also break the economy of the Internet.
WHOIS/RDS is also a phone book and as such, it protects the end-user by affording her and additional and important level of security.
Nowhere is it said that RDS is purely technical.
This is reductive view.

Nathalie

Sent from my iPhone

On Jan 25, 2017, at 6:56 AM, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>> wrote:

Sorry, this discussion is important.  Your example proves my point.  What you show below is a disclosure.  It is a disclosure of a limited set of data.  we are not supposed to be talking about disclosure at this point in our proceedings.  I leave it to the experts on whether this is "thin" in the sense of the thick transition discussion, I really don't know because we are focused on gTLD policy here.  My point is this is a disclosure.  We do not "collect" thin data per se, we collect a whole mess of mandatory data elements, as per the RAA.  Then we generate a whole mess as part of activating and making real the domain's existence.  Then we share (release) a small subset.

So talking about collecting thin data is misleading in my view.  Purpose of disclosing it is what we are in fact talking about. Calling it a purpose for collection opens the barn door.

Stephanie

On 2017-01-25 06:46, Sam Lanfranco wrote:
Thank you Michele, ( ignoring the spell check driven typo of "think" for "thick" (-: ). We should be able to put this "thin" discussion behind us.
The "thin" discussion should have taken about 2 email exchanges. Here is CIRA's (thin) search for .ca domain names [disclosure: it is my domain name]

Domain name: artisanalpot.ca<http://artisanalpot.ca>
Domain status: registered
Creation date: 2016/12/14
Expiry date: 2017/12/14
Updated date: 2016/12/19
DNSSEC: Unsigned
Registrar:
Name: Web Hosting Canada (7081936 Canada Inc.)
Number: 5000080
Name servers:
ns1.whc.ca<http://ns1.whc.ca> 173.209.49.178
ns2.whc.ca<http://ns2.whc.ca> 198.245.53.176
ns3.whc.ca<http://ns3.whc.ca> 198.245.61.86
% WHOIS look-up made at 2017-01-25 11:32:24 (GMT)
% Use of CIRA's WHOIS service is governed by the Terms of Use in its Legal
% Notice, available at http://www.cira.ca/legal-notice/?lang=en
% (c) 2017 Canadian Internet Registration Authority, (http://www.cira.ca/)

Nothing private is disclosed and LEA would have to resort to legal means to get to what is in the "thick" data set.
There are no ICANN policy  issues here.

Sam L <artisanalpot.ca<http://artisanalpot.ca>> (-:


_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170125/2fd4be94/attachment.html>

More information about the gnso-rds-pdp-wg mailing list