[gnso-rds-pdp-wg] ICANN Meetings/Conversations with Data Protection and Privacy Commissioners
Andrew Sullivan
ajs at anvilwalrusden.com
Tue Sep 26 15:12:59 UTC 2017
On Tue, Sep 26, 2017 at 10:59:15AM -0400, Dotzero wrote:
> predecessor regulations have been around for quite some time and if the
> whois privacy issues we have been debating are truly a significant problem
> to the extent that some represent them to be, I would expect that there
> would have been at least some sort of precedents specific to whois.
I think that, regardless of any legal cases, the current whois leaks
way too much information. ICANN has an enormous bureaucracy around
"whois accuracy" partly (but only partly) because ordinary people
don't want to pay extra to keep their home telephone numbers off from
being wide open on the Internet, so they lie about it. There is _no
reason_ that we are still using an ancient protocol that was designed
for a completely different network environment.
The IAB recommends, in RFC 6973, that protocols do something about
data minimization (see section 6.1). The evidence we have is that
greater exposure of data provides a vector for attacks we haven't even
thought about. Therefore, we should not expose data to everyone
unless we are sure that it is necessary (and some of this data _is_
necessary to expose to everyone); and we should be able to track who
got the data if we're exposing data that is not published to everyone.
I don't think any of this should be news, and I think it is really
strange that we seem still to be discussing whether it is something we
need to embrace.
Best regards,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the gnso-rds-pdp-wg
mailing list