[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access

John Horton john.horton at legitscript.com
Tue May 30 20:59:42 UTC 2017 

Maybe I'm not understanding something, but how would you collect email
addresses and phone numbers from thin data?

John Horton
President and CEO, LegitScript


*Follow LegitScript*: LinkedIn
<http://www.linkedin.com/company/legitscript-com>  |  Facebook
<https://www.facebook.com/LegitScript>  |  Twitter
<https://twitter.com/legitscript>  |  *Blog <http://blog.legitscript.com>*
 |  Google+ <https://plus.google.com/112436813474708014933/posts>




On Tue, May 30, 2017 at 1:58 PM, Farell Folly <farellfolly at gmail.com> wrote:

> I may be wrong defining  what an abuse is but If one (unauthenticated) can
> collect hundreds of email adresses or phone  numbers from thin data,  and
> then try to spam....or spoof them... Isn't  that a case of abuse ?
>
> Regards
> @__f_f__
>
> PhD Candidate, Federal Univsersity of Munich -Germany
> Computer Security | Internet of Things
> https://www.linkedin.com/in/farellf
> ________________________________.
> Mail sent from my mobile phone. Excuse for brievety.
>
> Le 30 mai 2017 20:53, "allison nixon" <elsakoo at gmail.com> a écrit :
>
> so can you name one specific example of how someone could abuse thin data?
>
> On Tue, May 30, 2017 at 4:50 PM, nathalie coupet via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
>
>> *Abuse* is the improper usage or treatment of an entity
>> <https://en.wikipedia.org/wiki/Entity>, often to unfairly
>> <https://en.wikipedia.org/wiki/Distributive_justice> or improperly gain
>> benefit. In our context, abuse is the improper usage of WHOIS/RDS to
>> unfairly or improperly gain access to information or to game the system.
>>
>> Here are some of the overarching principles which should guide us when
>> building RDS:
>>
>> DATA LIFECYCLE                        PRIVACY PRINCIPLE
>>                     PROTECTION MEASURE
>> Collection                       Proportionality and purpose
>> specification                     Data minimisation, Data quality
>> Storage                   Accountability, Security measures, Sensitive
>> data               Confidentiality, Encryption, Pseudonomisation
>> Sharing and processing Lawfulness and fairness, Consent, Right of access
>>  Data access control, Data leakage prevention
>> Deletion                               Openness, Right to erasure
>>                                Retention, Archival, Erasure
>>
>>
>> If such principles are not respected, ICANN will be liable. Consumers
>> don't need to have all the thin data when making a query. This could
>> protect them and enable them to have access to the RDS without raising much
>> opposition.
>>
>> Now, we could discuss the possibility for broader query types. These
>> principles would still apply, but would be contextualized in order to take
>> into account new sets of parameters for each broader query. By increasing
>> granularity as much as possible, while applying these aformentioned
>> principles, we just might find a way to accomodate everyone.
>>
>>
>>
>> Nathalie
>>
>>
>> On Tuesday, May 30, 2017 4:00 PM, John Horton <
>> john.horton at legitscript.com> wrote:
>>
>>
>> I was going to reply to Natalie's email as well, but Paul's comments
>> capture my thoughts, so: *+1. *
>>
>> John Horton
>> President and CEO, LegitScript
>>
>>
>> *Follow LegitScript*: LinkedIn
>> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
>> <https://www.facebook.com/LegitScript>  |  Twitter
>> <https://twitter.com/legitscript>  |  *Blog
>> <http://blog.legitscript.com/>*  |  Google+
>> <https://plus.google.com/112436813474708014933/posts>
>>
>>
>>
>> On Tue, May 30, 2017 at 12:57 PM, Paul Keating <paul at law.es> wrote:
>>
>> Natalie,
>>
>> Thank you for the email.  Im copying the list because i see others have
>> replied to your comment.
>>
>> I strenuously object to the concept.  We are discussing THIN DATA ONLY
>> HERE.  Unless someone can explain to me why any of this data set has
>> privacy concerns this is a non-issue.  I would certainly appreciate someone
>> explaining what, if any, privacy issues are perceived to be at issue here.
>>
>> Moreover, while you suggest that the idea escapes the need to declare a
>> purpose, it does nothing but reinforce a subjective criteria based system
>> in which the declared purpose is used to somehow limit the data being
>> retrieved.
>>
>> If i am missing something please let me know.
>>
>> Paul
>>
>> Sent from my iPad
>>
>> On 30 May 2017, at 21:08, nathalie coupet via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>> Hi Paul,
>>
>> In the context of thin data, in view of the opposition of some to allow
>> unauthenticated access to all the thin data, the principle of
>> proportionality serves as an over-arching principle at this particular
>> phase in our work in order to protect data from abuse while not restricting
>> access.
>> Thin data must be proportionate to the query, be useful for that
>> particular query. All and any other thin data foreign to this query should
>> not be shared. This principle potentially avoids having to resort to
>> 'legitimate purposes' which cannot be verified for unauthenticated access.
>>
>>
>>
>> Nathalie
>>
>>
>> On Tuesday, May 30, 2017 2:44 PM, "Gomes, Chuck via gnso-rds-pdp-wg" <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>>
>> Because Nathalie was the originator and was unable to speak on the call,
>> I encourage her to describe the nature of the issue on this thread.
>>
>> Chuck
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann. org
>> <gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-
>> bounces at icann.org <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Paul
>> Keating
>> *Sent:* Tuesday, May 30, 2017 2:17 PM
>> *To:* Lisa Phifer <lisa at corecom.com>; RDS PDP WG <
>> gnso-rds-pdp-wg at icann.org>
>> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Principle on Proportionality
>> for "Thin Data"access
>>
>> Im sorry to have missed the call but had a client engagement.
>>
>> Can someone briefly describe the nature of the issue?
>>
>> Thanks
>> Paul
>>
>> *From: *<gnso-rds-pdp-wg-bounces@ icann.org
>> <gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Lisa Phifer <
>> lisa at corecom.com>
>> *Date: *Tuesday, May 30, 2017 at 7:52 PM
>> *To: *RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>> *Subject: *[gnso-rds-pdp-wg] Principle on Proportionality for "Thin
>> Data"access
>>
>>
>> All, per today's call action item:
>>
>>
>>
>> *Action Item: Nathalie Coupet and any other WG members who wish to do so
>> to propose to the WG list a new principle on proportionality for "thin
>> data." All WG members to comment on that proposed principle in advance of
>> next call. *we are starting a new thread here which anyone may reply to
>> if they wish to propose (or respond to) a new principle on proportionality
>> for "thin data" access.
>>
>> Best, Lisa
>> ______________________________ _________________ gnso-rds-pdp-wg mailing
>> list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/
>> listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>> ______________________________ _________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>> ______________________________ _________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>> ______________________________ _________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170530/6d015e34/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list