[gnso-rds-pdp-wg] Does the principle of proportionality apply to thin data?

Chen, Tim tim at domaintools.com
Wed May 31 20:26:18 UTC 2017 

I am compelled to point out that making sure ICANN is compliant with
privacy laws is not "the purpose of this WG".  And I believe statements
like that, which I hope and believe was made in brevity and not in fact,
contribute to the belief shared by some here that others have distressingly
myopic viewpoints as to what the outcome of all this work is meant to be.
We are trying to solve a complex equation [sidebar, this thin whois piece
should not be the hard part] not simply protect ICANN from the broad
category of 'privacy laws' despite that being an important consideration.

Marika has been very clear in repeatedly pointing all of us to the original
charter docs.  This is how she (not me) summarized it weeks ago:

·         What are the fundamental requirements for gTLD registration data?
When addressing this question, the PDP WG should consider, at a minimum,
users and purposes and associated access, accuracy, data element, and
privacy requirements.

·         Is a new policy framework and next-generation RDS needed to
address these requirements?

o    If yes, what cross-cutting requirements must a next-generation RDS
address, including coexistence, compliance, system model, and cost,
benefit, and risk analysis requirements?

o    If no, does the current WHOIS policy framework sufficiently address
these requirements? If not, what revisions are recommended to the current
WHOIS policy framework to do so?

On Wed, May 31, 2017 at 12:01 PM, nathalie coupet via gnso-rds-pdp-wg <
gnso-rds-pdp-wg at icann.org> wrote:

> Benefits: making sure ICANN is in compliance with privacy laws. Isn't it
> the purpose of this WG? Issues pertaining to cost and protection of IP
> address I will leave other to answer. But it seems to me that
> pseudonimization, randomization and encryption could be candidate
> solutions.
>
>
> Nathalie
>
>
> On Wednesday, May 31, 2017 2:48 PM, John Bambenek via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
>
>
> This applies a web interface... would an API be exposed for those of us
> who use the command-line? Would there be a central point of query or would
> a consumer have to google it? Who pays for constructing such a system and
> what is the commensurate return on the investment for them paying to make
> all this? If you are asking for this information, surely you are also
> getting source data (for instance consumer IP, which can be PII), how will
> all that be protected?
> There is a whole lot of complexity, in general, and costs for
> registries/registrars, specifically.  What problem does this solve that it
> makes sense to engineer a solution for it?
>
> On 5/31/2017 1:40 PM, nathalie coupet via gnso-rds-pdp-wg wrote:
>
> Hi Chuck,
>
> My position was and is to secure unauthenticated access to thin data for
> all.
> I envisioned access to RDS through 3 chock points to weed out bad actors
> as much as possible:
> An end-user would need to check the first box for
> authenticated/unauthenticated access, then another box for consumer and a
> third would be to select the purpose or a default purpose would be selected
> for him (maybe no purpose could also be possible).
> Consumers don't need all the thin data to be published for their simple
> queries, since - in my mind - they want to make sure the website is
> legitimate or they want to identify the author in case of abuse (such as
> defamation, abuse or threats).
> If the principle of proportionality doesn't apply to most other cases,
> that's fine. But I think it does apply for simple consumer queries.
> This is an interesting debate, but I never thought it would lead to people
> actually proposing to drop vital data for the functioning of the Internet.
> I had in mind the other principle that you do not volunteer data when it
> is not required. It should be useful. Not because it is PPI, but out of
> caution.
>
>
>
> Sent from my iPhone
>
> On May 31, 2017, at 2:21 PM, Gomes, Chuck <cgomes at verisign.com> wrote:
>
> Nathalie,
>
> Thank you for your suggestion that the principle of proportionality be
> added.  That has generated a very lively discussion.
>
> As I am sure you have seen, a lot of WG members have stated that they do
> not believe that the principle of proportionality applies to thin data and
> have provided what I think is pretty good rationale in support of their
> position.  As the originator of the suggestion, do you still maintain that
> the principle applies to thin data?  If so, how would you counter the
> arguments that have been made to the contrary?
>
> All – If anyone else thinks that the principle of proportionality applies
> to think data, please speak up and provide your counters to the arguments
> that have been made to the contrary.
>
> Chuck
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170531/5e7fd0ef/attachment.html>

More information about the gnso-rds-pdp-wg mailing list