[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access

Farell Folly farellfolly at gmail.com
Tue May 30 20:58:05 UTC 2017 

I may be wrong defining  what an abuse is but If one (unauthenticated) can
collect hundreds of email adresses or phone  numbers from thin data,  and
then try to spam....or spoof them... Isn't  that a case of abuse ?

Regards
@__f_f__

PhD Candidate, Federal Univsersity of Munich -Germany
Computer Security | Internet of Things
https://www.linkedin.com/in/farellf
________________________________.
Mail sent from my mobile phone. Excuse for brievety.

Le 30 mai 2017 20:53, "allison nixon" <elsakoo at gmail.com> a écrit :

so can you name one specific example of how someone could abuse thin data?

On Tue, May 30, 2017 at 4:50 PM, nathalie coupet via gnso-rds-pdp-wg <
gnso-rds-pdp-wg at icann.org> wrote:

> *Abuse* is the improper usage or treatment of an entity
> <https://en.wikipedia.org/wiki/Entity>, often to unfairly
> <https://en.wikipedia.org/wiki/Distributive_justice> or improperly gain
> benefit. In our context, abuse is the improper usage of WHOIS/RDS to
> unfairly or improperly gain access to information or to game the system.
>
> Here are some of the overarching principles which should guide us when
> building RDS:
>
> DATA LIFECYCLE                        PRIVACY PRINCIPLE
>                     PROTECTION MEASURE
> Collection                       Proportionality and purpose specification
>                     Data minimisation, Data quality
> Storage                   Accountability, Security measures, Sensitive
> data               Confidentiality, Encryption, Pseudonomisation
> Sharing and processing Lawfulness and fairness, Consent, Right of access
>  Data access control, Data leakage prevention
> Deletion                               Openness, Right to erasure
>                                Retention, Archival, Erasure
>
>
> If such principles are not respected, ICANN will be liable. Consumers
> don't need to have all the thin data when making a query. This could
> protect them and enable them to have access to the RDS without raising much
> opposition.
>
> Now, we could discuss the possibility for broader query types. These
> principles would still apply, but would be contextualized in order to take
> into account new sets of parameters for each broader query. By increasing
> granularity as much as possible, while applying these aformentioned
> principles, we just might find a way to accomodate everyone.
>
>
>
> Nathalie
>
>
> On Tuesday, May 30, 2017 4:00 PM, John Horton <john.horton at legitscript.com>
> wrote:
>
>
> I was going to reply to Natalie's email as well, but Paul's comments
> capture my thoughts, so: *+1. *
>
> John Horton
> President and CEO, LegitScript
>
>
> *Follow LegitScript*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
> <https://www.facebook.com/LegitScript>  |  Twitter
> <https://twitter.com/legitscript>  |  *Blog
> <http://blog.legitscript.com/>*  |  Google+
> <https://plus.google.com/112436813474708014933/posts>
>
>
>
> On Tue, May 30, 2017 at 12:57 PM, Paul Keating <paul at law.es> wrote:
>
> Natalie,
>
> Thank you for the email.  Im copying the list because i see others have
> replied to your comment.
>
> I strenuously object to the concept.  We are discussing THIN DATA ONLY
> HERE.  Unless someone can explain to me why any of this data set has
> privacy concerns this is a non-issue.  I would certainly appreciate someone
> explaining what, if any, privacy issues are perceived to be at issue here.
>
> Moreover, while you suggest that the idea escapes the need to declare a
> purpose, it does nothing but reinforce a subjective criteria based system
> in which the declared purpose is used to somehow limit the data being
> retrieved.
>
> If i am missing something please let me know.
>
> Paul
>
> Sent from my iPad
>
> On 30 May 2017, at 21:08, nathalie coupet via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
>
> Hi Paul,
>
> In the context of thin data, in view of the opposition of some to allow
> unauthenticated access to all the thin data, the principle of
> proportionality serves as an over-arching principle at this particular
> phase in our work in order to protect data from abuse while not restricting
> access.
> Thin data must be proportionate to the query, be useful for that
> particular query. All and any other thin data foreign to this query should
> not be shared. This principle potentially avoids having to resort to
> 'legitimate purposes' which cannot be verified for unauthenticated access.
>
>
>
> Nathalie
>
>
> On Tuesday, May 30, 2017 2:44 PM, "Gomes, Chuck via gnso-rds-pdp-wg" <
> gnso-rds-pdp-wg at icann.org> wrote:
>
>
> Because Nathalie was the originator and was unable to speak on the call, I
> encourage her to describe the nature of the issue on this thread.
>
> Chuck
>
> *From:* gnso-rds-pdp-wg-bounces at icann. org
> <gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-
> bounces at icann.org <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Paul
> Keating
> *Sent:* Tuesday, May 30, 2017 2:17 PM
> *To:* Lisa Phifer <lisa at corecom.com>; RDS PDP WG <
> gnso-rds-pdp-wg at icann.org>
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Principle on Proportionality
> for "Thin Data"access
>
> Im sorry to have missed the call but had a client engagement.
>
> Can someone briefly describe the nature of the issue?
>
> Thanks
> Paul
>
> *From: *<gnso-rds-pdp-wg-bounces@ icann.org
> <gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Lisa Phifer <
> lisa at corecom.com>
> *Date: *Tuesday, May 30, 2017 at 7:52 PM
> *To: *RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> *Subject: *[gnso-rds-pdp-wg] Principle on Proportionality for "Thin
> Data"access
>
>
> All, per today's call action item:
>
>
>
> *Action Item: Nathalie Coupet and any other WG members who wish to do so
> to propose to the WG list a new principle on proportionality for "thin
> data." All WG members to comment on that proposed principle in advance of
> next call. *we are starting a new thread here which anyone may reply to
> if they wish to propose (or respond to) a new principle on proportionality
> for "thin data" access.
>
> Best, Lisa
> ______________________________ _________________ gnso-rds-pdp-wg mailing
> list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/
> listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> ______________________________ _________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
> ______________________________ _________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
> ______________________________ _________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170530/a29183d4/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list