[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access

Farell Folly farellfolly at gmail.com
Tue May 30 21:16:13 UTC 2017 

Sorry my bad... disregard  last message.


Regards
@__f_f__

PhD Candidate, Federal Univsersity of Munich -Germany
Computer Security | Internet of Things
https://www.linkedin.com/in/farellf
________________________________.
Mail sent from my mobile phone. Excuse for brievety.

Le 30 mai 2017 21:03, "Farell Folly" <farellfolly at gmail.com> a écrit :

> Contact person email is available in thin data.
>
> Regards
> @__f_f__
>
> PhD Candidate, Federal Univsersity of Munich -Germany
> Computer Security | Internet of Things
> https://www.linkedin.com/in/farellf
> ________________________________.
> Mail sent from my mobile phone. Excuse for brievety.
>
> Le 30 mai 2017 21:00, "John Horton" <john.horton at legitscript.com> a
> écrit :
>
>> Maybe I'm not understanding something, but how would you collect email
>> addresses and phone numbers from thin data?
>>
>> John Horton
>> President and CEO, LegitScript
>>
>>
>> *Follow LegitScript*: LinkedIn
>> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
>> <https://www.facebook.com/LegitScript>  |  Twitter
>> <https://twitter.com/legitscript>  |  *Blog
>> <http://blog.legitscript.com>*  |  Google+
>> <https://plus.google.com/112436813474708014933/posts>
>>
>>
>>
>>
>> On Tue, May 30, 2017 at 1:58 PM, Farell Folly <farellfolly at gmail.com>
>> wrote:
>>
>>> I may be wrong defining  what an abuse is but If one (unauthenticated)
>>> can collect hundreds of email adresses or phone  numbers from thin data,
>>>  and then try to spam....or spoof them... Isn't  that a case of abuse ?
>>>
>>> Regards
>>> @__f_f__
>>>
>>> PhD Candidate, Federal Univsersity of Munich -Germany
>>> Computer Security | Internet of Things
>>> https://www.linkedin.com/in/farellf
>>> ________________________________.
>>> Mail sent from my mobile phone. Excuse for brievety.
>>>
>>> Le 30 mai 2017 20:53, "allison nixon" <elsakoo at gmail.com> a écrit :
>>>
>>> so can you name one specific example of how someone could abuse thin
>>> data?
>>>
>>> On Tue, May 30, 2017 at 4:50 PM, nathalie coupet via gnso-rds-pdp-wg <
>>> gnso-rds-pdp-wg at icann.org> wrote:
>>>
>>>> *Abuse* is the improper usage or treatment of an entity
>>>> <https://en.wikipedia.org/wiki/Entity>, often to unfairly
>>>> <https://en.wikipedia.org/wiki/Distributive_justice> or improperly
>>>> gain benefit. In our context, abuse is the improper usage of WHOIS/RDS to
>>>> unfairly or improperly gain access to information or to game the system.
>>>>
>>>> Here are some of the overarching principles which should guide us when
>>>> building RDS:
>>>>
>>>> DATA LIFECYCLE                        PRIVACY PRINCIPLE
>>>>                       PROTECTION MEASURE
>>>> Collection                       Proportionality and purpose
>>>> specification                     Data minimisation, Data quality
>>>> Storage                   Accountability, Security measures, Sensitive
>>>> data               Confidentiality, Encryption, Pseudonomisation
>>>> Sharing and processing Lawfulness and fairness, Consent, Right of
>>>> access  Data access control, Data leakage prevention
>>>> Deletion                               Openness, Right to erasure
>>>>                                  Retention, Archival, Erasure
>>>>
>>>>
>>>> If such principles are not respected, ICANN will be liable. Consumers
>>>> don't need to have all the thin data when making a query. This could
>>>> protect them and enable them to have access to the RDS without raising much
>>>> opposition.
>>>>
>>>> Now, we could discuss the possibility for broader query types. These
>>>> principles would still apply, but would be contextualized in order to take
>>>> into account new sets of parameters for each broader query. By increasing
>>>> granularity as much as possible, while applying these aformentioned
>>>> principles, we just might find a way to accomodate everyone.
>>>>
>>>>
>>>>
>>>> Nathalie
>>>>
>>>>
>>>> On Tuesday, May 30, 2017 4:00 PM, John Horton <
>>>> john.horton at legitscript.com> wrote:
>>>>
>>>>
>>>> I was going to reply to Natalie's email as well, but Paul's comments
>>>> capture my thoughts, so: *+1. *
>>>>
>>>> John Horton
>>>> President and CEO, LegitScript
>>>>
>>>>
>>>> *Follow LegitScript*: LinkedIn
>>>> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
>>>> <https://www.facebook.com/LegitScript>  |  Twitter
>>>> <https://twitter.com/legitscript>  |  *Blog
>>>> <http://blog.legitscript.com/>*  |  Google+
>>>> <https://plus.google.com/112436813474708014933/posts>
>>>>
>>>>
>>>>
>>>> On Tue, May 30, 2017 at 12:57 PM, Paul Keating <paul at law.es> wrote:
>>>>
>>>> Natalie,
>>>>
>>>> Thank you for the email.  Im copying the list because i see others have
>>>> replied to your comment.
>>>>
>>>> I strenuously object to the concept.  We are discussing THIN DATA ONLY
>>>> HERE.  Unless someone can explain to me why any of this data set has
>>>> privacy concerns this is a non-issue.  I would certainly appreciate someone
>>>> explaining what, if any, privacy issues are perceived to be at issue here.
>>>>
>>>> Moreover, while you suggest that the idea escapes the need to declare a
>>>> purpose, it does nothing but reinforce a subjective criteria based system
>>>> in which the declared purpose is used to somehow limit the data being
>>>> retrieved.
>>>>
>>>> If i am missing something please let me know.
>>>>
>>>> Paul
>>>>
>>>> Sent from my iPad
>>>>
>>>> On 30 May 2017, at 21:08, nathalie coupet via gnso-rds-pdp-wg <
>>>> gnso-rds-pdp-wg at icann.org> wrote:
>>>>
>>>> Hi Paul,
>>>>
>>>> In the context of thin data, in view of the opposition of some to allow
>>>> unauthenticated access to all the thin data, the principle of
>>>> proportionality serves as an over-arching principle at this particular
>>>> phase in our work in order to protect data from abuse while not restricting
>>>> access.
>>>> Thin data must be proportionate to the query, be useful for that
>>>> particular query. All and any other thin data foreign to this query should
>>>> not be shared. This principle potentially avoids having to resort to
>>>> 'legitimate purposes' which cannot be verified for unauthenticated access.
>>>>
>>>>
>>>>
>>>> Nathalie
>>>>
>>>>
>>>> On Tuesday, May 30, 2017 2:44 PM, "Gomes, Chuck via gnso-rds-pdp-wg" <
>>>> gnso-rds-pdp-wg at icann.org> wrote:
>>>>
>>>>
>>>> Because Nathalie was the originator and was unable to speak on the
>>>> call, I encourage her to describe the nature of the issue on this thread.
>>>>
>>>> Chuck
>>>>
>>>> *From:* gnso-rds-pdp-wg-bounces at icann. org
>>>> <gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-
>>>> bounces at icann.org <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Paul
>>>> Keating
>>>> *Sent:* Tuesday, May 30, 2017 2:17 PM
>>>> *To:* Lisa Phifer <lisa at corecom.com>; RDS PDP WG <
>>>> gnso-rds-pdp-wg at icann.org>
>>>> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Principle on
>>>> Proportionality for "Thin Data"access
>>>>
>>>> Im sorry to have missed the call but had a client engagement.
>>>>
>>>> Can someone briefly describe the nature of the issue?
>>>>
>>>> Thanks
>>>> Paul
>>>>
>>>> *From: *<gnso-rds-pdp-wg-bounces@ icann.org
>>>> <gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Lisa Phifer <
>>>> lisa at corecom.com>
>>>> *Date: *Tuesday, May 30, 2017 at 7:52 PM
>>>> *To: *RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>>>> *Subject: *[gnso-rds-pdp-wg] Principle on Proportionality for "Thin
>>>> Data"access
>>>>
>>>>
>>>> All, per today's call action item:
>>>>
>>>>
>>>>
>>>> *Action Item: Nathalie Coupet and any other WG members who wish to do
>>>> so to propose to the WG list a new principle on proportionality for "thin
>>>> data." All WG members to comment on that proposed principle in advance of
>>>> next call. *we are starting a new thread here which anyone may reply
>>>> to if they wish to propose (or respond to) a new principle on
>>>> proportionality for "thin data" access.
>>>>
>>>> Best, Lisa
>>>> ______________________________ _________________ gnso-rds-pdp-wg
>>>> mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/
>>>> listinfo/gnso-rds-pdp-wg
>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>
>>>> ______________________________ _________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>
>>>>
>>>> ______________________________ _________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>
>>>>
>>>> ______________________________ _________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>
>>>
>>>
>>> --
>>> _________________________________
>>> Note to self: Pillage BEFORE burning.
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170530/f2641204/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list