[gnso-rds-pdp-wg] Does the principle of proportionality apply to thin data?
Gomes, Chuck
cgomes at verisign.com
Wed May 31 19:54:28 UTC 2017
I may be wrong but it appears to me that what you are envisioning goes way beyond proportionality. Also, as I think someone else already stated, your envisioned approach to thin data access would be operationally very challenging and expensive.
Chuck
From: nathalie coupet [mailto:nathaliecoupet at yahoo.com]
Sent: Wednesday, May 31, 2017 3:48 PM
To: Gomes, Chuck <cgomes at verisign.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: [EXTERNAL] Re: Does the principle of proportionality apply to thin data?
My position was and is to secure unauthenticated access to thin data for all.
[Gomes, Chuck] Wouldn’t ‘all’ include bad actors and consumers?
[NC] Probably, but they would only get to a minimal set of data if they click on the Consumer box
I envisioned access to RDS through 3 chock points to weed out bad actors as much as possible:
An end-user would need to check the first box for authenticated/unauthenticated access,
[Gomes, Chuck] For thin data the WG has already tentatively agreed that access would be unauthenticated so why would a box need to be checked for this? I was just imagining how the API would work; If you click on authenticated access, you might have access to more than just thin data
then another box for consumer
[Gomes, Chuck] What is a consumer? If someone was a consumer or not, would that determine what thin data they could access?
[NC] Yes, Joe the plumber who needs to check if a website is legitimate or to obtain the identity of the author of a website publishing incendiary content against plumbers
and a third would be to select the purpose or a default purpose would be selected for him (maybe no purpose could also be possible).
[Gomes, Chuck] For thin data the WG has tentatively agreed that access would be granted without identifying a purpose so it appears that you disagree with that conclusion. I confess to being confused.
[NC] No, apologies. I was eager to conver all bases.
Consumers don't need all the thin data to be published for their simple queries, since - in my mind - they want to make sure the website is legitimate or they want to identify the author in case of abuse (such as defamation, abuse or threats).
If the principle of proportionality doesn't apply to most other cases, that's fine. But I think it does apply for simple consumer queries.
[Gomes, Chuck] What is a ‘simple consumer query’? How does the ‘principle of proportionality’ apply to a simple consumer query? What is your understanding of what ‘proportionality’ means?
[NC] A simple query from Joe the plumber would be to check who is writing these articles on DeathtoPumbers.com because he feels threatened. He would just need a name, not the status of the website, and other thin data.
This is an interesting debate, but I never thought it would lead to people actually proposing to drop vital data for the functioning of the Internet.
I had in mind the other principle that you do not volunteer data when it is not required. It should be useful. Not because it is PPI, but out of caution.
[Gomes, Chuck] It sounds like you are suggesting that RDS requestors should have to identify a purpose for thin data elements. Am I missing something?
[NC] It would not have to be a 'legitimate purpose' as defined in the GDPR; but for consumers, we could map the category of requestor to a type of query or several types of queries in advance, (and in some cases, add an option for 'other', if needed). In the case of Joe the plumber, he only needs a name, so the query mapped to this requestor type could be a 'Request for thin data to identify legitimacy or name of website author".
On Wednesday, May 31, 2017 3:14 PM, "Gomes, Chuck" <cgomes at verisign.com<mailto:cgomes at verisign.com>> wrote:
Thanks for the quick reply Nathalie. Please see my responses below.
Chuck
From: nathalie coupet [mailto:nathaliecoupet at yahoo.com]
Sent: Wednesday, May 31, 2017 2:40 PM
To: Gomes, Chuck <cgomes at verisign.com<mailto:cgomes at verisign.com>>
Cc: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] Re: Does the principle of proportionality apply to thin data?
Hi Chuck,
My position was and is to secure unauthenticated access to thin data for all.
[Gomes, Chuck] Wouldn’t ‘all’ include bad actors and consumers?
I envisioned access to RDS through 3 chock points to weed out bad actors as much as possible:
An end-user would need to check the first box for authenticated/unauthenticated access,
[Gomes, Chuck] For thin data the WG has already tentatively agreed that access would be unauthenticated so why would a box need to be checked for this?
then another box for consumer
[Gomes, Chuck] What is a consumer? If someone was a consumer or not, would that determine what thin data they could access?
and a third would be to select the purpose or a default purpose would be selected for him (maybe no purpose could also be possible).
[Gomes, Chuck] For thin data the WG has tentatively agreed that access would be granted without identifying a purpose so it appears that you disagree with that conclusion. I confess to being confused.
Consumers don't need all the thin data to be published for their simple queries, since - in my mind - they want to make sure the website is legitimate or they want to identify the author in case of abuse (such as defamation, abuse or threats).
If the principle of proportionality doesn't apply to most other cases, that's fine. But I think it does apply for simple consumer queries.
[Gomes, Chuck] What is a ‘simple consumer query’? How does the ‘principle of proportionality’ apply to a simple consumer query? What is your understanding of what ‘proportionality’ means?
This is an interesting debate, but I never thought it would lead to people actually proposing to drop vital data for the functioning of the Internet.
I had in mind the other principle that you do not volunteer data when it is not required. It should be useful. Not because it is PPI, but out of caution.
[Gomes, Chuck] It sounds like you are suggesting that RDS requestors should have to identify a purpose for thin data elements. Am I missing something?
Sent from my iPhone
On May 31, 2017, at 2:21 PM, Gomes, Chuck <cgomes at verisign.com<mailto:cgomes at verisign.com>> wrote:
Nathalie,
Thank you for your suggestion that the principle of proportionality be added. That has generated a very lively discussion.
As I am sure you have seen, a lot of WG members have stated that they do not believe that the principle of proportionality applies to thin data and have provided what I think is pretty good rationale in support of their position. As the originator of the suggestion, do you still maintain that the principle applies to thin data? If so, how would you counter the arguments that have been made to the contrary?
All – If anyone else thinks that the principle of proportionality applies to think data, please speak up and provide your counters to the arguments that have been made to the contrary.
Chuck
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170531/248d2d90/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list