[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access

Farell Folly farellfolly at gmail.com
Tue May 30 21:03:01 UTC 2017 

Contact person email is available in thin data.

Regards
@__f_f__

PhD Candidate, Federal Univsersity of Munich -Germany
Computer Security | Internet of Things
https://www.linkedin.com/in/farellf
________________________________.
Mail sent from my mobile phone. Excuse for brievety.

Le 30 mai 2017 21:00, "John Horton" <john.horton at legitscript.com> a écrit :

> Maybe I'm not understanding something, but how would you collect email
> addresses and phone numbers from thin data?
>
> John Horton
> President and CEO, LegitScript
>
>
> *Follow LegitScript*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
> <https://www.facebook.com/LegitScript>  |  Twitter
> <https://twitter.com/legitscript>  |  *Blog <http://blog.legitscript.com>*
>  |  Google+ <https://plus.google.com/112436813474708014933/posts>
>
>
>
>
> On Tue, May 30, 2017 at 1:58 PM, Farell Folly <farellfolly at gmail.com>
> wrote:
>
>> I may be wrong defining  what an abuse is but If one (unauthenticated)
>> can collect hundreds of email adresses or phone  numbers from thin data,
>>  and then try to spam....or spoof them... Isn't  that a case of abuse ?
>>
>> Regards
>> @__f_f__
>>
>> PhD Candidate, Federal Univsersity of Munich -Germany
>> Computer Security | Internet of Things
>> https://www.linkedin.com/in/farellf
>> ________________________________.
>> Mail sent from my mobile phone. Excuse for brievety.
>>
>> Le 30 mai 2017 20:53, "allison nixon" <elsakoo at gmail.com> a écrit :
>>
>> so can you name one specific example of how someone could abuse thin data?
>>
>> On Tue, May 30, 2017 at 4:50 PM, nathalie coupet via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>>> *Abuse* is the improper usage or treatment of an entity
>>> <https://en.wikipedia.org/wiki/Entity>, often to unfairly
>>> <https://en.wikipedia.org/wiki/Distributive_justice> or improperly gain
>>> benefit. In our context, abuse is the improper usage of WHOIS/RDS to
>>> unfairly or improperly gain access to information or to game the system.
>>>
>>> Here are some of the overarching principles which should guide us when
>>> building RDS:
>>>
>>> DATA LIFECYCLE                        PRIVACY PRINCIPLE
>>>                       PROTECTION MEASURE
>>> Collection                       Proportionality and purpose
>>> specification                     Data minimisation, Data quality
>>> Storage                   Accountability, Security measures, Sensitive
>>> data               Confidentiality, Encryption, Pseudonomisation
>>> Sharing and processing Lawfulness and fairness, Consent, Right of access
>>>  Data access control, Data leakage prevention
>>> Deletion                               Openness, Right to erasure
>>>                                  Retention, Archival, Erasure
>>>
>>>
>>> If such principles are not respected, ICANN will be liable. Consumers
>>> don't need to have all the thin data when making a query. This could
>>> protect them and enable them to have access to the RDS without raising much
>>> opposition.
>>>
>>> Now, we could discuss the possibility for broader query types. These
>>> principles would still apply, but would be contextualized in order to take
>>> into account new sets of parameters for each broader query. By increasing
>>> granularity as much as possible, while applying these aformentioned
>>> principles, we just might find a way to accomodate everyone.
>>>
>>>
>>>
>>> Nathalie
>>>
>>>
>>> On Tuesday, May 30, 2017 4:00 PM, John Horton <
>>> john.horton at legitscript.com> wrote:
>>>
>>>
>>> I was going to reply to Natalie's email as well, but Paul's comments
>>> capture my thoughts, so: *+1. *
>>>
>>> John Horton
>>> President and CEO, LegitScript
>>>
>>>
>>> *Follow LegitScript*: LinkedIn
>>> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
>>> <https://www.facebook.com/LegitScript>  |  Twitter
>>> <https://twitter.com/legitscript>  |  *Blog
>>> <http://blog.legitscript.com/>*  |  Google+
>>> <https://plus.google.com/112436813474708014933/posts>
>>>
>>>
>>>
>>> On Tue, May 30, 2017 at 12:57 PM, Paul Keating <paul at law.es> wrote:
>>>
>>> Natalie,
>>>
>>> Thank you for the email.  Im copying the list because i see others have
>>> replied to your comment.
>>>
>>> I strenuously object to the concept.  We are discussing THIN DATA ONLY
>>> HERE.  Unless someone can explain to me why any of this data set has
>>> privacy concerns this is a non-issue.  I would certainly appreciate someone
>>> explaining what, if any, privacy issues are perceived to be at issue here.
>>>
>>> Moreover, while you suggest that the idea escapes the need to declare a
>>> purpose, it does nothing but reinforce a subjective criteria based system
>>> in which the declared purpose is used to somehow limit the data being
>>> retrieved.
>>>
>>> If i am missing something please let me know.
>>>
>>> Paul
>>>
>>> Sent from my iPad
>>>
>>> On 30 May 2017, at 21:08, nathalie coupet via gnso-rds-pdp-wg <
>>> gnso-rds-pdp-wg at icann.org> wrote:
>>>
>>> Hi Paul,
>>>
>>> In the context of thin data, in view of the opposition of some to allow
>>> unauthenticated access to all the thin data, the principle of
>>> proportionality serves as an over-arching principle at this particular
>>> phase in our work in order to protect data from abuse while not restricting
>>> access.
>>> Thin data must be proportionate to the query, be useful for that
>>> particular query. All and any other thin data foreign to this query should
>>> not be shared. This principle potentially avoids having to resort to
>>> 'legitimate purposes' which cannot be verified for unauthenticated access.
>>>
>>>
>>>
>>> Nathalie
>>>
>>>
>>> On Tuesday, May 30, 2017 2:44 PM, "Gomes, Chuck via gnso-rds-pdp-wg" <
>>> gnso-rds-pdp-wg at icann.org> wrote:
>>>
>>>
>>> Because Nathalie was the originator and was unable to speak on the call,
>>> I encourage her to describe the nature of the issue on this thread.
>>>
>>> Chuck
>>>
>>> *From:* gnso-rds-pdp-wg-bounces at icann. org
>>> <gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-
>>> bounces at icann.org <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Paul
>>> Keating
>>> *Sent:* Tuesday, May 30, 2017 2:17 PM
>>> *To:* Lisa Phifer <lisa at corecom.com>; RDS PDP WG <
>>> gnso-rds-pdp-wg at icann.org>
>>> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Principle on
>>> Proportionality for "Thin Data"access
>>>
>>> Im sorry to have missed the call but had a client engagement.
>>>
>>> Can someone briefly describe the nature of the issue?
>>>
>>> Thanks
>>> Paul
>>>
>>> *From: *<gnso-rds-pdp-wg-bounces@ icann.org
>>> <gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Lisa Phifer <
>>> lisa at corecom.com>
>>> *Date: *Tuesday, May 30, 2017 at 7:52 PM
>>> *To: *RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>>> *Subject: *[gnso-rds-pdp-wg] Principle on Proportionality for "Thin
>>> Data"access
>>>
>>>
>>> All, per today's call action item:
>>>
>>>
>>>
>>> *Action Item: Nathalie Coupet and any other WG members who wish to do so
>>> to propose to the WG list a new principle on proportionality for "thin
>>> data." All WG members to comment on that proposed principle in advance of
>>> next call. *we are starting a new thread here which anyone may reply to
>>> if they wish to propose (or respond to) a new principle on proportionality
>>> for "thin data" access.
>>>
>>> Best, Lisa
>>> ______________________________ _________________ gnso-rds-pdp-wg mailing
>>> list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/
>>> listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>
>>> ______________________________ _________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>
>>>
>>> ______________________________ _________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>
>>>
>>> ______________________________ _________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>
>>
>>
>> --
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170530/8a63d3e4/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list