[gnso-rds-pdp-wg] ICANN Blog re Session with European DPAs

Chuck consult at cgomes.com
Fri Apr 13 23:35:39 UTC 2018


Like I have said before, we gain nothing by blaming and criticizing.  

 

Chuck

 

From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> On Behalf Of jonathan m
Sent: Friday, April 13, 2018 4:24 PM
To: theo geurts <gtheo at xs4all.nl>; benny at nordreg.se
Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] ICANN Blog re Session with European DPAs

 

Hi, Benny, Theo et al., 

 

I am sorry either/both of you took offense from what I published on CircleID, but I don't see why my personal opinions outside this working group should really matter for the substantive discussion I tried to have below on March 30. I don't think I have pointed fingers at anyone specifically in this group from contracted parties or the registry/registrar community, so please have a little thicker skin and let's re-engage in the discussion of the merits of what I was proposing.

 

I don't think it's productive to say that because I didn't bring these ideas up in the working group earlier, therefore "gotcha, it's too late" and doesn't merit discussion. We are trying to balance privacy with security. And in this working group, pointing fingers or blaming one another is totally unproductive. I have not done it to you. And I ask that you please argue the merits instead of questioning my intent based on my personal opinions on how or why we got where we are generally speaking. It's irrelevant. And I didn't bring it up. I hope to hear from you whether in the group or outside of it.




All the best,

Jonathan Matkowsky

 

 

On Sat, Mar 31, 2018 at 1:20 PM, theo geurts <gtheo at xs4all.nl <mailto:gtheo at xs4all.nl> > wrote:

Really?

Shame on you all. SHAME!

Theo

On 31-3-2018 22:08, allison nixon wrote:

Sorry for being late to the party, but- registrars dominate these icann working groups and they dominated this working group too before the rest of us showed up. The fact that ICANN makes its money from domain fees collected by registrars is also not even debatable. So yes, registrars will be blamed, even if that fact offends you. Even if the appearance of regulatory capture is unfair (which i am not the judge of and so cannot say), that is the appearance at this point. 

 

Its amusing to see the first comment on his blog is from someone claiming that the author is not able to use whois for security purposes. The same wrong argument made many times on this list by many registrars here. The author of the blog post is the vice president of RiskIQ. Maybe he knows a thing or two about using whois for security purposes. Just maybe. Hahahahahaha.

 

If you google search for any other news coverage on this situation, most of it is pretty critical about the loss of security we are looking forward to, and critical of ICANN's procrastination, and so far none are heralding this as any kind of great victory for the tiny percentage of registrants who will receive a slightly smaller volume of one particular kind of spam. You might not like it, but that's how it is. We were warning about this for a year now.

 

 

 

On Mar 31, 2018 3:06 AM, "benny at nordreg.se <mailto:benny at nordreg.se> " <benny at nordreg.se <mailto:benny at nordreg.se> > wrote:

I find it highly offending that registrars are blamed for this mess. http://www.circleid.com/posts/20180330_icann_cannot_expect_the_dpas_to_re_design_whois/
It’s a bit late to come up with solutions for something which have been known to happen for nearly two years, especially from a part of the industry who have work hard to stop any changes.

I as one of many requested you and others to come up with solutions which would work for all but all forces was used to fight that and fight for the status quo.

I fully understand and acknowledge that security need data to work with and these suggestions should have been brought to the table loooooong time ago.

--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197000 <tel:%2B46.42197000> 
Direct: +47.32260201 <tel:%2B47.32260201> 
Mobile: +47.40410200 <tel:%2B47.40410200> 

> On 30 Mar 2018, at 18:08, jonathan m <jonathan.matkowsky at riskiq.net <mailto:jonathan.matkowsky at riskiq.net> > wrote:
>
> Hi Chuck—I’d like to get a discussion going if that’s okay with you. I’d like to know whether for the public data set, it is feasible to have the following solution for the registrant email. It’s based in part on both technical implications and policy requirements.
>
> 1) Registrar required to notify registrants that starting on x date, the registrant org field will be relied on for purposes of treating the Whois record as an organizational domain rather than as belonging to a natural person. Check your record for accuracy because it may have implications for your privacy if you do not already have or subscribe to proxy or privacy services. A few reminders go out. Educate registrants they may want to update to “Domain Admin” instead of having their first and last name for organizational domains because starting on x date, existing organizational records will otherwise obfuscate or mask the local part of the registrant email in public Whois
>
> 2) For organizational domains, ICANN will prohibit masking the organizational domain name in the registrant email address. Registrars are free to mask the local part of the registrant email address in accordance with applicable law in the public Whois.
>
> 3) for natural persons, registrars will be required to use the same encrypted hash algorith so there is parity across databases even though there is no centralized database to manage the encryption. The policy will be enforced by ICANN and subject to auditing. They can warn registrants of the associated risks of compromise to give them a chance to take added precautions and purchase proxy or privacy services.
>
> This would be the minimum requirements for modifying public Whois registrant email address to avoid damaging the security and stability of the unique identifiers and DNS. If the downside of doing this is prohibitive, than ICANN should seek guidance in the April meeting on whether the public interest in not damaging security and stability outweighs the privacy interference of having email addresses remain in the phone books given its not a particularly strong personal indicator to begin with as privacy and proxy services are available to those that mind as long as they are notified.
>
> This would result in emails in Whois of natural data subjects being uniformly hashed so that you can freely see which hash owns what, and Whois of organizations being freely listed with any local part of such organizational emails being masked if required by applible law.
>
> I would like to hear a discussion on this from the group this week. Not on the legality of it under GDPR as the Article 29 working group can weigh in but first we need to discuss the architectural and policy issues.
>
> Thanks
> Jonathan
>
> On Fri, Mar 30, 2018 at 11:27 AM Chuck <consult at cgomes.com <mailto:consult at cgomes.com> > wrote:
> For any of you who have not seen it, the ICANN Blog re the Session with European DPAs that occurred yesterday, here is the link:
>
>
>
> https://www.icann.org/news/blog/data-protection-privacy-issues-update-discussion-with-article-29-en
>
>
>
> Chuck
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org> 
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> --
> Jonathan Matkowsky
>
> *******************************************************************
> This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.
>
> *******************************************************************_______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org> 
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org> 
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

 

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org> 
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

 

 


*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.

*******************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180413/5a6a1174/attachment-0001.html>


More information about the gnso-rds-pdp-wg mailing list