[gnso-rds-pdp-wg] Does the principle of proportionality apply to thin data?

Greg Shatan gregshatanipc at gmail.com
Wed May 31 22:00:36 UTC 2017 

Tim +1000

We are here to develop policy for the next gen RDS. The Alice in
 Wonderland approach to this group is quite dizzying.

Consider the fact that the work of this group will not be done by May 2018,
much less implemented, and our forced obsession with privacy above all
becomes even more bewildering.

However, if we're not dealing with GDPR and "this gen" WHOIS, who is? And
how's their work going?

Greg

Greg


On Wed, May 31, 2017 at 4:26 PM Chen, Tim <tim at domaintools.com> wrote:

> I am compelled to point out that making sure ICANN is compliant with
> privacy laws is not "the purpose of this WG".  And I believe statements
> like that, which I hope and believe was made in brevity and not in fact,
> contribute to the belief shared by some here that others have distressingly
> myopic viewpoints as to what the outcome of all this work is meant to be.
> We are trying to solve a complex equation [sidebar, this thin whois piece
> should not be the hard part] not simply protect ICANN from the broad
> category of 'privacy laws' despite that being an important consideration.
>
> Marika has been very clear in repeatedly pointing all of us to the
> original charter docs.  This is how she (not me) summarized it weeks ago:
>
> ·         What are the fundamental requirements for gTLD registration
> data? When addressing this question, the PDP WG should consider, at a
> minimum, users and purposes and associated access, accuracy, data element,
> and privacy requirements.
>
> ·         Is a new policy framework and next-generation RDS needed to
> address these requirements?
>
> o    If yes, what cross-cutting requirements must a next-generation RDS
> address, including coexistence, compliance, system model, and cost,
> benefit, and risk analysis requirements?
>
> o    If no, does the current WHOIS policy framework sufficiently address
> these requirements? If not, what revisions are recommended to the current
> WHOIS policy framework to do so?
>
> On Wed, May 31, 2017 at 12:01 PM, nathalie coupet via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
>
>> Benefits: making sure ICANN is in compliance with privacy laws. Isn't it
>> the purpose of this WG? Issues pertaining to cost and protection of IP
>> address I will leave other to answer. But it seems to me that
>> pseudonimization, randomization and encryption could be candidate
>> solutions.
>>
>>
>> Nathalie
>>
>>
>> On Wednesday, May 31, 2017 2:48 PM, John Bambenek via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>>
>> This applies a web interface... would an API be exposed for those of us
>> who use the command-line? Would there be a central point of query or would
>> a consumer have to google it? Who pays for constructing such a system and
>> what is the commensurate return on the investment for them paying to make
>> all this? If you are asking for this information, surely you are also
>> getting source data (for instance consumer IP, which can be PII), how will
>> all that be protected?
>> There is a whole lot of complexity, in general, and costs for
>> registries/registrars, specifically.  What problem does this solve that it
>> makes sense to engineer a solution for it?
>>
>> On 5/31/2017 1:40 PM, nathalie coupet via gnso-rds-pdp-wg wrote:
>>
>> Hi Chuck,
>>
>> My position was and is to secure unauthenticated access to thin data for
>> all.
>> I envisioned access to RDS through 3 chock points to weed out bad actors
>> as much as possible:
>> An end-user would need to check the first box for
>> authenticated/unauthenticated access, then another box for consumer and a
>> third would be to select the purpose or a default purpose would be selected
>> for him (maybe no purpose could also be possible).
>> Consumers don't need all the thin data to be published for their simple
>> queries, since - in my mind - they want to make sure the website is
>> legitimate or they want to identify the author in case of abuse (such as
>> defamation, abuse or threats).
>> If the principle of proportionality doesn't apply to most other cases,
>> that's fine. But I think it does apply for simple consumer queries.
>> This is an interesting debate, but I never thought it would lead to
>> people actually proposing to drop vital data for the functioning of the
>> Internet.
>> I had in mind the other principle that you do not volunteer data when it
>> is not required. It should be useful. Not because it is PPI, but out of
>> caution.
>>
>>
>>
>> Sent from my iPhone
>>
>> On May 31, 2017, at 2:21 PM, Gomes, Chuck <cgomes at verisign.com> wrote:
>>
>> Nathalie,
>>
>> Thank you for your suggestion that the principle of proportionality be
>> added.  That has generated a very lively discussion.
>>
>> As I am sure you have seen, a lot of WG members have stated that they do
>> not believe that the principle of proportionality applies to thin data and
>> have provided what I think is pretty good rationale in support of their
>> position.  As the originator of the suggestion, do you still maintain that
>> the principle applies to thin data?  If so, how would you counter the
>> arguments that have been made to the contrary?
>>
>> All – If anyone else thinks that the principle of proportionality applies
>> to think data, please speak up and provide your counters to the arguments
>> that have been made to the contrary.
>>
>> Chuck
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170531/64568561/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list