[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

allison nixon elsakoo at gmail.com
Wed Oct 4 14:06:48 UTC 2017 

>>Allison – I have one clarifying question for you: Do you support keeping
personal information public in jurisdictions where that would be illegal?
I assume not and, if I am correct in assuming that, then I think that we
need to focus on how to deal with that.  Your suggestions for informed
consent could help in that regard.

What a complicated question. First, obviously, I don't support breaking the
law, but laws in different countries are going to conflict, so we ARE going
to contractually obligate someone to break the law somewhere.

Second, it's still not clear that this breaks the law. As has been said
time and time again, data collection is not legal but only if there is no
worthy purpose behind it. When the data protection commissioners, and
outside counsel were both asked about WHOIS, they were not supplied with
any of the many many worthy purposes that were discussed on this list, and
no realistic conversation was actually had about the anti-abuse use of
WHOIS. This is why I objected so much to the re-use of those questions.
Apparently others asked to give input in the questions asked of outside
counsel and they were not given the opportunity to either.

Third, a number of people on this list who want nothing more than to remove
WHOIS entirely have declared it illegal, but from the overall patterns on
this list, it appears that many making that argument are happy to ignore
and misinterpret facts and even basic English sentences so long as it
allows them to declare that removing WHOIS is what needs to be done. So
their legal opinions are highly suspect, and I do not believe they are the
actual legal opinions of the EU regulators.

Fourth, I know a number of exemptions exist within the GDPR that allows
companies to retain data to protect themselves, and for national security,
criminal investigations, public safety, etc. Despite WHOIS fulfilling a
critical role in all of those issues, this has never been seriously
discussed here, and certainly wouldn't have been acknowledged by the people
who only use their legal knowledge to find reasons to declare WHOIS
illegal. I don't know how ICANN can seek or obtain an exemption, but I'm
hoping someone with legal knowledge and less bias could illuminate this. If
an exemption can be issued, many legal concerns become moot.



and re: Paul Keating's email:

>> Is there a purpose that could support the public display of PID such
that consent could be requested and provided?

I don't know what PID stands for






On Wed, Oct 4, 2017 at 8:45 AM, Chuck <consult at cgomes.com> wrote:

> I have similar views to Allison’s with regard to primary versus secondary
> purposes.  It is not at all clear to me that it matters.  One of the
> clarifying questions we have asked WSGR relates to this.  I hope they will
> respond because I think it would help us as we deliberate further on users
> and purposes.
>
>
>
> Allison – I have one clarifying question for you: Do you support keeping
> personal information public in jurisdictions where that would be illegal?
> I assume not and, if I am correct in assuming that, then I think that we
> need to focus on how to deal with that.  Your suggestions for informed
> consent could help in that regard.
>
>
>
> Chuck
>
>
>
> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org] *On Behalf Of *allison nixon
> *Sent:* Tuesday, October 03, 2017 3:32 PM
> *To:* Jeremy Malcolm <jmalcolm at eff.org>
> *Cc:* gnso-rds-pdp-wg at icann.org >> gnso-rds-pdp-wg at icann.org <
> gnso-rds-pdp-wg at icann.org>
> *Subject:* Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to
> have (was Re: What we want redux)
>
>
>
> Thank you for the additional clarification Jeremy as I think I understand
> youall's position better. Those of us from the anti-abuse side are pretty
> happy with the imperfect, redacted, and fake info we currently have access
> to. We aren't interested in coercing reluctant people into disclosing
> things they don't want to. We want to keep the available information
> public, not gated, for the same reasons why you described a "vetting"
> process as prone to problems. We don't want the collected information
> reduced, and we are very adamant about this. We agree on informed consent
> and really anything that can help people keep themselves safer online.
>
>
>
> The distinction between "primary" and "secondary" purpose seems less
> important to me since no one here is seriously pushing for an expansion of
> collected information. We just don't want it reduced to uselessness which
> is what this group is still in danger of doing, since this working group
> has for the most part treated anti-abuse as completely irrelevant. I am
> fine with anti-abuse being listed as a secondary purpose. So long as it is
> listed as a purpose.
>
>
>
>
>
>
>
>
>
> On Tue, Oct 3, 2017 at 6:04 PM, Jeremy Malcolm <jmalcolm at eff.org> wrote:
>
> On 3/10/17 2:56 pm, allison nixon wrote:
> > Those and others are currently listed on ICANN's website as uses for
> > WHOIS data. To reject anti-abuse as a purpose would be to shift away
> > from the currently accepted purposes of WHOIS.
>
> I'm arguing that it's a secondary purpose, not the primary purpose.  A
> secondary purpose is a purpose for which information, that was gathered
> for a primary purpose, can also legitimately be used.  So for ICANN to
> call these uses of WHOIS data "legitimate" does not imply for purposes
> of data protection law that they are the primary purpose for collection
> of that data.
>
> The distinction is that if anti-abuse is a primary purpose, we would be
> collecting a lot more information than if it is a secondary purpose.  (I
> accept you're not arguing for the collection of additional information,
> but my opposition to anti-abuse as a primary purpose is to counter such
> arguments.)
>
>
> --
> Jeremy Malcolm
> Senior Global Policy Analyst
> Electronic Frontier Foundation
> https://eff.org
> jmalcolm at eff.org
>
> Tel: 415.436.9333 ext 161
>
> :: Defending Your Rights in the Digital World ::
>
> Public key: https://www.eff.org/files/2016/11/27/key_jmalcolm.txt
> PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122
>
>
>
>
>
> --
>
> _________________________________
> Note to self: Pillage BEFORE burning.
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171004/cd238763/attachment.html>

More information about the gnso-rds-pdp-wg mailing list