[gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from 9 January Meeting

OBrienTG obrientg at people.ops-trust.net
Tue Jan 16 12:52:19 UTC 2018 

Agreed. If the RDS is not intending to meet the needs of those that use DNS, why are we here?

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity and fat fingers.

On January 16, 2018 4:31:18 AM PST, Dotzero <dotzero at gmail.com> wrote:
>+1 to what Greg wrote. This is about the DNS ecosystem.
>
>Michael Hammer
>
>On Mon, Jan 15, 2018 at 11:38 PM, Greg Shatan <gregshatanipc at gmail.com>
>wrote:
>
>> I apologize for not voting in the recent poll.  If I had, I would
>have
>> voted the same way as Gregory Mounier did, with essentially the same
>> underlying thoughts.  I note Nathalie's suggestion, but I agree with
>John
>> that we haven't even reached that point yet -- we first need to
>decide
>> whether the purpose is legitimate or not , and then (if it is
>legitimate)
>> whether it is primary or secondary.
>>
>> There is a fundamental concept that I think is getting lost here --
>> RDS/Whois does not exist to serve the registrar/registrant
>relationship, it
>> (they?) exists to serve the needs of the DNS ecosystem, which by
>definition
>> includes law enforcement, anti-abuse, and anti-IP-infringement
>activity, as
>> well as actual and potential transferees.  The RDS should be viewed
>as a
>> fundamental part of the system and processes that keep the DNS
>working (not
>> just technically, but in terms of security, trust, and the free
>movement of
>> domain names).
>>
>> Greg
>>
>> On Mon, Jan 15, 2018 at 6:02 PM, John Bambenek via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>>> If its not a legitimate purpose, then its not a secondary purpose
>either.
>>> The language of the purposed agreement makes no accommodation for
>such a
>>> compromise even IF it were acceptable and its not.
>>>
>>> --
>>> John Bambenek
>>>
>>> On Jan 15, 2018, at 15:38, nathalie coupet via gnso-rds-pdp-wg <
>>> gnso-rds-pdp-wg at icann.org> wrote:
>>>
>>> Hi Gregory,
>>>
>>> I was expecting this objection be raised by law enforcement. But, in
>a
>>> spirit of compromise, let's remember a resolution a member made
>earlier
>>> about the implementation of GDPR: we were going to distinguish
>between
>>> primary purpose and secondary purpose (those not directly based on
>the
>>> contract between the registrant and the registrar) and beef up
>'secondary
>>> purposes'. While this might seem unnatural, it allows us to apply
>the
>>> GDPR's distinction while preserving the use of WHOIS for law
>enforcement
>>> and abuse mitigation people.
>>> This is important when submitting the WG's and ultimately ICANN's
>>> rationale to the DPA's review: let's not increase the attack
>surface. We
>>> can make sure that despite this use not being granted full
>legitimate
>>> status for collection, there will be enough data available for this
>use by
>>> allowing additional collection, if need be.
>>> The fact that a purpose is direct or indirect based on the contract
>>> between the reigstrant and the registrar - the initial consent of
>the
>>> registrant being the cirteria for determining which purpose is
>primary
>>> (a.k.a 'legitimate') and which one is not (i.e 'secondary') - could
>really
>>> alleviate our quest for a compromise and still protect ICANN and
>>> registrars.
>>> I fear we'll still be here discussing this until we all turn blue
>and
>>> still not get anywhere. I'm sure no one in the group believes your
>work is
>>> less important, and we'll protect your access to information as much
>as we
>>> can.
>>> We just need to create this little artifice to protect registrars
>and
>>> ICANN, so DPA's wont breathe down our necks.
>>>
>>> Why not give it a try?
>>>
>>> Nathalie
>>>
>>>
>>> On Monday, January 15, 2018 8:30 AM, "Mounier, Grégory" <
>>> gregory.mounier at europol.europa.eu> wrote:
>>>
>>>
>>> Dear all,
>>>
>>> I will not be able to join the call tomorrow so I thought that I
>should
>>> drop an email to the list to explain why I voted against the
>proposed
>>> possible WG Agreement according to which “*Criminal Activity/DNS
>Abuse –
>>> Investigation is NOT a legitimate purpose for requiring collection
>of
>>> registration data, but maybe a legitimate purpose of using some data
>>> collected for other purposes*.”
>>> I think that there are a number of rationales/grounds - including in
>>> ICANN’s Bylaws - to argue that in fact, investigating criminal
>activity and
>>> DNS Abuse *IS* a legitimate purpose for requiring the collection of
>>> registration data.
>>> Some of these rationales have been mentioned during the discussion
>on the
>>> mailing list and during the call on 9th January. Unfortunately, I
>think
>>> that the proposed possible WG agreement does not take into
>consideration
>>> these rationales. I specifically disagree with the assumption that
>we
>>> should make a distinction between 1) the purpose of collecting the
>data and
>>> 2) the purpose for using the data collected for other purposes
>(manage
>>> domain registrations).
>>> The reason why I disagree with making this distinction is that it
>leads
>>> to artificially reduce the importance of a valid and legitimate
>purpose of
>>> the WHOIS system, acknowledged by ICANN Bylaws: addressing malicious
>abuse
>>> of the DNS and providing a framework to address appropriate law
>enforcement
>>> needs. (ICANN’s mandate is to “ensure the stable and secure
>operation of
>>> the internet’s unique identifier systems”[1]
>>> <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn1> + WHOIS data
>is
>>> essential for “the legitimate needs of law enforcement” and for
>“promoting
>>> consumer trust.”[2]
>>> <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn2> ). In its
>>> document on the three compliance models issued last Friday[3]
>>> <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn3>, ICANN has
>>> explicitly included: addressing the needs of law enforcement,
>investigation
>>> of cybercrime and DNS abuse as legitimate purposes of the WHOIS
>system.
>>> If one of the purpose of the WHOIS system is to support a framework
>to
>>> address issues involving domain name registrations, including
>investigation
>>> of cybercrime and DNS abuse, it can be argued that investigating
>criminal
>>> activity and DNS abuse IS a legitimate purpose for requiring the
>collection
>>> of registration data. Likewise, I think that requiring collection of
>>> registration data to prevent crime is NOT beyond ICANN's mandate
>because
>>> this data is essential for ICANN to fulfil its mandate.
>>> I have attached a list of relevant references supporting this point
>of
>>> view taken from ICANN’s Bylaws and the GDPR.
>>>
>>> I hope that you’ll find this contribution helpful and I’m looking
>forward
>>> to reading the transcript of the next call J.
>>>
>>> Best,
>>> Greg
>>>
>>> Gregory Mounier
>>> Europol
>>> European Cybercrime Centre
>>> +31 6 55782743 <+31%206%2055782743>
>>>
>>> *From:* gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
>>> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Chuck
>>> *Sent:* 12 January 2018 15:21
>>> *To:* gnso-rds-pdp-wg at icann.org
>>> *Subject:* [gnso-rds-pdp-wg] FW: IMPORTANT: Invitation for Poll from
>9
>>> January Meeting
>>> *Importance:* High
>>>
>>> The response to this week’s poll is particularly low so I strongly
>>> encourage more members to respond so that we have enough data to
>help us in
>>> our meeting next week.  Thanks to those who have already responded.
>>>
>>> Chuck
>>>
>>> *From:* gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
>>> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Marika Konings
>>> *Sent:* Wednesday, January 10, 2018 7:27 AM
>>> *To:* gnso-rds-pdp-wg at icann.org
>>> *Subject:* [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 9
>>> January Meeting
>>>
>>> Dear all,
>>>
>>> In follow-up to this week’s WG meeting, *all RDS PDP WG Members* are
>>> encouraged to participate in the following poll:
>>>
>>> https://www.surveymonkey.com/r/VM6S8YK
>>>
>>> Responses should be submitted through the above URL. For offline
>>> reference, a PDF of poll questions can also be found at:
>>>
>>>               https://community.icann.org/download/attachmen
>>> ts/74580034/Poll-from-9January-Call.pdf?version=1&
>>> modificationDate=1515544361000&api=v2
>>>
>>> *This poll will close at COB Saturday 13 January. *
>>>
>>> Please note that you *must be a WG Member* to participate in polls.
>If
>>> you are a WG Observer wishing to participate in polls, you must
>first
>>> contact gnso-secs at icann.org to upgrade to WG Member.
>>>
>>> Best regards,
>>>
>>> Marika
>>>
>>> *Marika Konings*
>>> *Vice President, Policy Development Support – GNSO, Internet
>Corporation
>>> for Assigned Names and Numbers (ICANN) *
>>> *Email: **marika.konings at icann.org* <marika.konings at icann.org>
>>>
>>> *Follow the GNSO via Twitter @ICANN_GNSO*
>>> *Find out more about the GNSO by taking our **interactive courses*
>>> <http://learn.icann.org/courses/gnso>* and visiting the **GNSO
>Newcomer
>>> pages*
>>>
><http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-efforts.htm#newcomers>
>>> *. *
>>>
>>>
>>> ------------------------------
>>> [1] <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref1> ICANN
>>> Bylaws Article One, Section 1.1, Mission.
>>> [2] <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref2> ICANN
>>> Bylaws, Registration Directory Services Review, §4.6(e).
>>> [3] <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref3>
>>> https://www.icann.org/en/system/files/files/interim-models-
>>> gdpr-compliance-12jan18-en.pdf
>>> *******************
>>>
>>> DISCLAIMER : This message is sent in confidence and is only intended
>for
>>> the named recipient. If you receive this message by mistake, you may
>not
>>> use, copy, distribute or forward this message, or any part of its
>contents
>>> or rely upon the information contained in it.
>>> Please notify the sender immediately by e-mail and delete the
>relevant
>>> e-mails from any computer. This message does not constitute a
>commitment by
>>> Europol unless otherwise indicated.
>>>
>>> *******************
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>

More information about the gnso-rds-pdp-wg mailing list