[gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
Volker Greimann
vgreimann at key-systems.net
Thu Jan 26 16:04:37 UTC 2017
I am not saying it is necessarily privileged data, I would assume it
probably is not. However that does not answer the question whether it
should be published for anyone to see, given that there is also
potential for abuse. The creation date and the renewal dates allow the
criminal mind to send fake renewal notices, do domain slamming, etc. If
that information were only handled by registry, registrar and
registrant, a lot of currently existing abuse would be much harder to
do, if not go away completely.
Am 26.01.2017 um 16:31 schrieb Greg Aaron:
>
> If thin data is considered private data, then ccTLD registries such as
> those in Europe and Canada would not publish it in WHOIS. But they
> do. They collect and publish it because it is important for
> legitimate and stated reasons, and doing so is consistent with the
> law. The implementations and details vary a bit from country to
> country, but that’s generally the situation.
>
> For example, in Germany, where the privacy laws seem some of the most
> protective, the .DE registry publishes not only the thin data but also
> some contact data. The reasons for collecting and publishing that
> include: addressing technical problems, addressing abuse, and
> intellectual property protection. See below for references.
>
> At these registries, thin data (and often at least some contact data)
> is available anonymously to anyone who queries it. No one has to get
> pre-authorized permission to query it, no one has to declare their
> intended use case before getting it.
>
> Some members of this WG are arguing that the collection of and
> publication of thin data, even creation dates, is a problem, or should
> be gated or permissioned. Such arguments are inconsistent with
> legally vetted practices in front of us.
>
> All best,
>
> --Greg
>
> DENIC (.DE):
>
> https://www.denic.de/fileadmin/public/documentation/DENIC-12p_EN.pdf
>
> “[If you make a WHOIS query] Besides the data of the domain holder,
> the output you will receive will include data on the administrative
> and the technical contact and on the zone administrator. On top of
> that, the technical data of the domain will be displayed.”
>
> https://www.denic.de/en/faqs/faqs-for-domain-holders/
>
> “Why are other people permitted to see my data, for example my
> address, in the whois query?
>
> This data has been rendered public in the whois query for some very
> good reasons.
>
> Firstly, it is important to be able to contact you if ever there are
> any technical difficulties caused by your domain or its use, which
> might lead to problems for others. Of course, it would normally be
> your provider who would sort out such technical problems for you, but
> that does not affect publication of your data. It may happen that your
> provider is partly to blame for the technical difficulties and,
> ultimately, you, the domain holder, will be held liable (and that
> includes liability for any legal consequences).
>
> Secondly, your data must be made public, so that, if your domain is
> the source of an infringement of somebody else's rights, it will be
> possible to establish against whom to proceed, if need be.
>
> Against this background, incidentally, the German data-protection
> authorities have expressly approved of the publication of personal
> data in the whois query. Further information on this subject is to be
> found, for example, in the thirteenth data-protection report by the
> government of the German federal state of Hesse (sections 9.2 and 9.3)
> and also in its fifteenth data-protection report (section 8.7).
>
> If you do not want to have your address made public, the only option
> you have is to get the domain registered by someone else whom you
> trust. This other person will then be the legal domain holder instead
> of you, and their address will, of course, be made public in the whois
> query.”
>
> **********************************
>
> Greg Aaron
>
> Vice-President, Product Management
>
> iThreat Cyber Group / Cybertoolbelt.com
>
> mobile: +1.215.858.2257
>
> **********************************
>
> The information contained in this message is privileged and
> confidential and protected from disclosure. If the reader of this
> message is not the intended recipient, or an employee or agent
> responsible for delivering this message to the intended recipient, you
> are hereby notified that any dissemination, distribution or copying of
> this communication is strictly prohibited. If you have received this
> communication in error, please notify us immediately by replying to
> the message and deleting it from your computer.
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Volker Greimann
> *Sent:* Thursday, January 26, 2017 7:16 AM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
>
> Does all data need to be available to everyone though? Is it not
> sufficient that there be authorized anyones that can get the data and
> facilitate the use for those that need it? I have no contest on domain
> name and name servers being public, but do other parts of the thin
> data expiration/registration dates have to be to keep the internet
> functional?
>
> I do not dispute that there are purposes for legitimately accessing
> the data if it is there, but does it all have to be there?
>
> Volker
>
> Am 26.01.2017 um 09:36 schrieb Michele Neylon - Blacknight:
>
> Stephanie
>
> Ok that’s simple.
>
> If you want a domain name to resolve on the internet you need
> certain data elements to be available to everyone.
>
> That’s a technical reality.
>
> Regards
>
>
> Michele
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> http://www.blacknight.host/
>
> http://blacknight.blog/
>
> http://ceo.hosting/
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
>
> Road,Graiguecullen,Carlow,Ireland Company No.: 370845
>
> *From: *Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>
> <mailto:stephanie.perrin at mail.utoronto.ca>
> *Date: *Thursday 26 January 2017 at 04:26
> *To: *John Bambenek <jcb at bambenekconsulting.com>
> <mailto:jcb at bambenekconsulting.com>, Michele Neylon
> <michele at blacknight.com> <mailto:michele at blacknight.com>
> *Cc: *Scott Hollenbeck <shollenbeck at verisign.com>
> <mailto:shollenbeck at verisign.com>, Sam Lanfranco
> <sam at lanfranco.net> <mailto:sam at lanfranco.net>,
> "dave at davecake.net" <mailto:dave at davecake.net><dave at davecake.net>
> <mailto:dave at davecake.net>, "gnso-rds-pdp-wg at icann.org"
> <mailto:gnso-rds-pdp-wg at icann.org><gnso-rds-pdp-wg at icann.org>
> <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject: *Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
>
> I am not sure how we get to this discussion. What I am saying, is
> that the purpose of collecting data has to be linked to ICANN's
> core mission. AS Peter said a while ago, is the core mission to
> enable law enforcement investigations? No. It is a legitimate
> purpose to use or disclose limited sets of data as required in
> accordance with law, but it is not the reason we collect or
> generate thin data. This distinction is important in data
> protection law. Nobody is saying we should not disclose the thin
> data, including name servers. What we are trying to say, and
> obviously with very little success, is that several of the
> purposes for collecting thin data which were in the last poll,
> were not related to ICANN's core mission. They might be
> legitimate disclosures of data, but they are not legitimate
> purposes to collect.
>
> Displaying data in WHOIS is a disclosure. We are not supposed to
> be talking about that yet. We keep conflating the legitimacy of
> collection, and why we gather or generate data elements about a
> domain name, and disclosure.
>
> Sorry to keep hammering on this, but it is a very simple concept
> that is fundamental to data protection. No wonder we have been
> arguing about this for 18 years.....
>
> cheers Stephanie
>
> On 2017-01-25 21:06, John Bambenek wrote:
>
> Regardless of the privacy implications, if someone who wants
> to look up a hostname and can't find can't figure out what the
> authoritative nameservers are for the domain, DNS quite simply
> will not work and with it the internet is down; go home.
>
> Unless someone is suggesting we completely re-architect DNS,
> having nameservers tied to domain records is absolutely essential.
>
> You could deprecate displaying it in whois but any DNS client
> would easily be able to retrieve the data because the resolver
> still has to know what to ask for.
>
> J
>
> Sent from my iPhone
>
>
> On Jan 25, 2017, at 16:08, Michele Neylon - Blacknight
> <michele at blacknight.com <mailto:michele at blacknight.com>> wrote:
>
> Stephanie
>
> Do you have any links to any legislation / regulations
> etc., that are this broad?
>
> And honestly I don’t see how a set of nameserver is
> “personally identifiable” unless you’re using your own
> name in the hostname (which you could, but then I’d see
> that as your choice and not a technical requirement)
>
> Regards
>
>
> Michele
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> http://www.blacknight.host/
>
> http://blacknight.blog/
>
> http://ceo.hosting/
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside
> Business Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,
>
> Ireland Company No.: 370845
>
> *From: *Stephanie Perrin
> <stephanie.perrin at mail.utoronto.ca
> <mailto:stephanie.perrin at mail.utoronto.ca>>
> *Date: *Wednesday 25 January 2017 at 19:40
> *To: *Michele Neylon <michele at blacknight.com
> <mailto:michele at blacknight.com>>, Scott Hollenbeck
> <shollenbeck at verisign.com
> <mailto:shollenbeck at verisign.com>>, Sam Lanfranco
> <sam at lanfranco.net <mailto:sam at lanfranco.net>>,
> "dave at davecake.net <mailto:dave at davecake.net>"
> <dave at davecake.net <mailto:dave at davecake.net>>
> *Cc: *"gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>"
> <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
> *Subject: *Re: [gnso-rds-pdp-wg] Now open: 18 January Poll
> on Purpose
>
> Unfortunately, in a world where the Internet of things is
> taking off, privacy advocates and authorities have to
> insist that data generated by or as a result of the
> actions of an individual or his devices(eg metadata,
> timestamping, etc) has to be considered as personal
> information. If it is used to describe processes
> pertaining to that information, if it could be used to
> incriminate that individual, it is important that it be
> recognized as information for which individuals have
> rights. Otherwise, we have a situation where the
> individual has no right to access information that may
> impact him, may incriminate him, but to which he may be
> utterly oblivious. Sorry it is such a pain in the neck,
> but there we are.
>
> Stephanie
>
> On 2017-01-25 12:32, Michele Neylon - Blacknight wrote:
>
> Scott
>
> Sure, but if we go down that route we could make cases
> for a lot of things J
>
> My main problem with this entire debacle is that the
> data we’re dealing with is pretty much useless and
> isn’t personally identifiable.
>
> Regards
>
> Michele
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/
>
> http://blacknight.blog/
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Social: http://mneylon.social
>
> Some thoughts: http://ceo.hosting/
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside
> Business Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company
> No.: 370845
>
> *From: *Scott Hollenbeck <shollenbeck at verisign.com>
> <mailto:shollenbeck at verisign.com>
> *Date: *Wednesday 25 January 2017 at 17:15
> *To: *Michele Neylon <michele at blacknight.com>
> <mailto:michele at blacknight.com>, Stephanie Perrin
> <stephanie.perrin at mail.utoronto.ca>
> <mailto:stephanie.perrin at mail.utoronto.ca>, Sam
> Lanfranco <sam at lanfranco.net>
> <mailto:sam at lanfranco.net>, "dave at davecake.net"
> <mailto:dave at davecake.net><dave at davecake.net>
> <mailto:dave at davecake.net>
> *Cc: *"gnso-rds-pdp-wg at icann.org"
> <mailto:gnso-rds-pdp-wg at icann.org><gnso-rds-pdp-wg at icann.org>
> <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject: *RE: [gnso-rds-pdp-wg] Now open: 18 January
> Poll on Purpose
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>[mailto:gnso-rds-pdp-wg-bounces at icann.org]
> *On Behalf Of *Michele Neylon - Blacknight
> *Sent:* Wednesday, January 25, 2017 12:09 PM
> *To:* Stephanie Perrin; Sam Lanfranco; David Cake
> *Cc:* gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Now open:
> 18 January Poll on Purpose
>
> Stephanie
>
> Sorry, but policy + the technology go hand in hand.
> You cannot completely separate them and any policy
> that this (or any other) group produces needs to be
> technically possible to implement.
>
> As to the specifics ..
>
> I would argue that generated data is NOT collected, as
> it’s generated.
>
> If you register stephanieperrin.com
> <http://stephanieperrin.com>with us the only elements
> we are “collecting” that end up in in the “thin” data are:
>
> the domain name string
>
> the nameservers you’re using (and if you don’t specify
> any we’ll use our own)
>
> All the other elements are NOT collected by the
> registrar or even the registry from the registrant,
> they are generated as part of the process of the
> domain being registered.
>
> [SAH] Michele, some might argue that the registration
> period is also collected from the registrant and is
> then used to generate the expiration date at the
> registry. A case might also be made for status values
> like clientTransferProhibited etc. I agree completely
> that generated data is just that – generated.
>
> Scott
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> Mit freundlichen Grüßen,
> Volker A. Greimann
> - Rechtsabteilung -
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
> --------------------------------------------
> Should you have any further questions, please do not hesitate to contact us.
> Best regards,
> Volker A. Greimann
> - legal department -
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
> Follow us on Twitter or join our fan community on Facebook and stay updated:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170126/b816ccac/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list