[gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from 9 January Meeting
Paul Keating
Paul at law.es
Wed Jan 17 16:26:05 UTC 2018
Chuck and Michele,
In several of my emails I have suggested that ICANN revise the ARA and the
RAA to require the data collection required for security. This would seem
to be well within ICANN¹s ambit/purpose and having it in the agreement and
passed down to the registrars to collect would remove the present issue
which is the fact that the data necessary for
security/certification/investigation is not required to perform the
agreement between the registrant and registrar.
Michele, have the registrars considered such a situation?
Paul Keating
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
Michele Blacknight <michele at blacknight.com>
Date: Wednesday, January 17, 2018 at 11:14 AM
To: Chuck <consult at cgomes.com>, 'nathalie coupet'
<nathaliecoupet at yahoo.com>, <'Mounier>, Grégory'
<gregory.mounier at europol.europa.eu>, "gnso-rds-pdp-wg at icann.org"
<gnso-rds-pdp-wg at icann.org>
Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>
Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll
from 9 January Meeting
> Chuck / Nathalie
>
> Chuck is correct. Every registrar has their own set of terms and conditions.
> There is no standard agreement, as no two companies are identical.
>
>
> Regards
>
> Michele
>
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> http://blacknight.blog/
> Intl. +353 (0) 59 9183072
> Direct Dial: +353 (0)59 9183090
> Personal blog: https://michele.blog/
> Some thoughts: https://ceo.hosting/
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Chuck
> <consult at cgomes.com>
> Date: Wednesday 17 January 2018 at 01:07
> To: 'nathalie coupet' <nathaliecoupet at yahoo.com>, "'Mounier, Grégory'"
> <gregory.mounier at europol.europa.eu>, "gnso-rds-pdp-wg at icann.org"
> <gnso-rds-pdp-wg at icann.org>
> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>
> Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from 9
> January Meeting
>
>
> Nathalie,
>
> First of all, let me point out that contracts between registrars and
> registrant¹s vary by registrar. There is not a standard registrant contract.
> The RAA contains certain requirements that registrar must include in the
> registrant contract, but I am not aware that it requires a Œdo no harm¹
> clause. I have cc¹d the leadership team and hope Michele will answer your
> question.
>
> Chuck
>
>
> From: nathalie coupet [mailto:nathaliecoupet at yahoo.com]
> Sent: Tuesday, January 16, 2018 2:59 PM
> To: Chuck <consult at cgomes.com>; 'Mounier, Grégory'
> <gregory.mounier at europol.europa.eu>; gnso-rds-pdp-wg at icann.org
> Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from 9
> January Meeting
>
>
> Chuck and All,
>
>
>
> Is there a 'do no harm' clause in the contract between the registrar and the
> registrant? This could ease the way for including collection of data for LEA
> and IP protection as uses for uses compatible with domain management...
>
>
>
> Nathalie
>
>
>
> On Tuesday, January 16, 2018 11:52 AM, Chuck <consult at cgomes.com
> <mailto:consult at cgomes.com> > wrote:
>
>
> I don¹t think this WG is a negotiation table or a debate forum. PDPs are a
> clearly defined process that is neither of these.
>
>
>
> Chuck
>
>
>
> From: nathalie coupet [mailto:nathaliecoupet at yahoo.com
> <mailto:nathaliecoupet at yahoo.com> ]
> Sent: Tuesday, January 16, 2018 6:50 AM
> To: Chuck <consult at cgomes.com <mailto:consult at cgomes.com> >; 'Mounier,
> Grégory' <gregory.mounier at europol.europa.eu
> <mailto:gregory.mounier at europol.europa.eu> >; gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from 9
> January Meeting
>
>
>
> Yes. As long as each seconday purpose is formulated in such a way as to
> protect vital interests on a case by case basis (law enforcement, research,
> IP, etc.) with additional authorization for collection, if some data is
> missing, etc.
>
> I would need to research this subject much more in details, or as a collective
> endeavour (much better).
>
>
>
> Is this WG a negotiation table or just a debate forum for competing interests?
>
>
>
>
>
>
>
> Nathalie
>
>
>
> On Tuesday, January 16, 2018 9:35 AM, Chuck <consult at cgomes.com
> <mailto:consult at cgomes.com> > wrote:
>
>
>
> Nathalie,
>
>
>
> Do I understand you correctly that you are suggesting that a primary purpose
> is one that a registrant gives consent for access and secondary purposes would
> be all other purposes recommended by the WG for which no registrant consent
> for access is given?
>
>
>
> I am asking this for clarification with the understanding that we will get to
> access later.
>
>
>
> Chuck
>
>
>
> From: nathalie coupet [mailto:nathaliecoupet at yahoo.com
> <mailto:nathaliecoupet at yahoo.com> ]
> Sent: Monday, January 15, 2018 1:38 PM
> To: Mounier, Grégory <gregory.mounier at europol.europa.eu
> <mailto:gregory.mounier at europol.europa.eu> >; 'Chuck' <consult at cgomes.com
> <mailto:consult at cgomes.com> >; 'gnso-rds-pdp-wg at icann.org'
> <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org> >
> Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from 9
> January Meeting
>
>
>
> Hi Gregory,
>
>
>
> I was expecting this objection be raised by law enforcement. But, in a spirit
> of compromise, let's remember a resolution a member made earlier about the
> implementation of GDPR: we were going to distinguish between primary purpose
> and secondary purpose (those not directly based on the contract between the
> registrant and the registrar) and beef up 'secondary purposes'. While this
> might seem unnatural, it allows us to apply the GDPR's distinction while
> preserving the use of WHOIS for law enforcement and abuse mitigation people.
>
> This is important when submitting the WG's and ultimately ICANN's rationale to
> the DPA's review: let's not increase the attack surface. We can make sure that
> despite this use not being granted full legitimate status for collection,
> there will be enough data available for this use by allowing additional
> collection, if need be.
>
> The fact that a purpose is direct or indirect based on the contract between
> the reigstrant and the registrar - the initial consent of the registrant being
> the cirteria for determining which purpose is primary (a.k.a 'legitimate') and
> which one is not (i.e 'secondary') - could really alleviate our quest for a
> compromise and still protect ICANN and registrars.
>
> I fear we'll still be here discussing this until we all turn blue and still
> not get anywhere. I'm sure no one in the group believes your work is less
> important, and we'll protect your access to information as much as we can.
>
> We just need to create this little artifice to protect registrars and ICANN,
> so DPA's wont breathe down our necks.
>
>
>
> Why not give it a try?
>
>
>
> Nathalie
>
>
>
> On Monday, January 15, 2018 8:30 AM, "Mounier, Grégory"
> <gregory.mounier at europol.europa.eu <mailto:gregory.mounier at europol.europa.eu>
> > wrote:
>
>
>
> Dear all,
>
>
> I will not be able to join the call tomorrow so I thought that I should drop
> an email to the list to explain why I voted against the proposed possible WG
> Agreement according to which ³Criminal Activity/DNS Abuse Investigation is
> NOT a legitimate purpose for requiring collection of registration data, but
> maybe a legitimate purpose of using some data collected for other purposes.²
>
> I think that there are a number of rationales/grounds - including in ICANN¹s
> Bylaws - to argue that in fact, investigating criminal activity and DNS Abuse
> IS a legitimate purpose for requiring the collection of registration data.
>
> Some of these rationales have been mentioned during the discussion on the
> mailing list and during the call on 9th January. Unfortunately, I think that
> the proposed possible WG agreement does not take into consideration these
> rationales. I specifically disagree with the assumption that we should make a
> distinction between 1) the purpose of collecting the data and 2) the purpose
> for using the data collected for other purposes (manage domain registrations).
>
> The reason why I disagree with making this distinction is that it leads to
> artificially reduce the importance of a valid and legitimate purpose of the
> WHOIS system, acknowledged by ICANN Bylaws: addressing malicious abuse of the
> DNS and providing a framework to address appropriate law enforcement needs.
> (ICANN¹s mandate is to ³ensure the stable and secure operation of the
> internet¹s unique identifier systems²[1]
> <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn1> + WHOIS data is
> essential for ³the legitimate needs of law enforcement² and for ³promoting
> consumer trust.²[2] <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn2>
> ). In its document on the three compliance models issued last Friday[3]
> <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn3> , ICANN has explicitly
> included: addressing the needs of law enforcement, investigation of cybercrime
> and DNS abuse as legitimate purposes of the WHOIS system.
>
> If one of the purpose of the WHOIS system is to support a framework to address
> issues involving domain name registrations, including investigation of
> cybercrime and DNS abuse, it can be argued that investigating criminal
> activity and DNS abuse IS a legitimate purpose for requiring the collection of
> registration data. Likewise, I think that requiring collection of registration
> data to prevent crime is NOT beyond ICANN's mandate because this data is
> essential for ICANN to fulfil its mandate.
>
> I have attached a list of relevant references supporting this point of view
> taken from ICANN¹s Bylaws and the GDPR.
>
>
>
> I hope that you¹ll find this contribution helpful and I¹m looking forward to
> reading the transcript of the next call J.
>
>
>
> Best,
>
> Greg
>
>
>
> Gregory Mounier
>
> Europol
>
> European Cybercrime Centre
>
> +31 6 55782743
>
>
>
> From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org> ] On Behalf Of Chuck
> Sent: 12 January 2018 15:21
> To: gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> Subject: [gnso-rds-pdp-wg] FW: IMPORTANT: Invitation for Poll from 9 January
> Meeting
> Importance: High
>
>
>
> The response to this week¹s poll is particularly low so I strongly encourage
> more members to respond so that we have enough data to help us in our meeting
> next week. Thanks to those who have already responded.
>
>
>
> Chuck
>
>
>
> From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org> ] On Behalf Of Marika Konings
> Sent: Wednesday, January 10, 2018 7:27 AM
> To: gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> Subject: [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 9 January
> Meeting
>
>
>
> Dear all,
>
>
>
> In follow-up to this week¹s WG meeting, all RDS PDP WG Members are encouraged
> to participate in the following poll:
>
>
>
> https://www.surveymonkey.com/r/VM6S8YK
> <https://www.surveymonkey.com/r/VM6S8YK>
>
>
>
> Responses should be submitted through the above URL. For offline reference, a
> PDF of poll questions can also be found at:
>
>
>
>
> https://community.icann.org/download/attachments/74580034/Poll-from-9January-C
> all.pdf?version=1&modificationDate=1515544361000&api=v2
> <https://community.icann.org/download/attachments/74580034/Poll-from-9January-
> Call.pdf?version=1&modificationDate=1515544361000&api=v2>
>
>
>
> This poll will close at COB Saturday 13 January.
>
>
>
> Please note that you must be a WG Member to participate in polls. If you are a
> WG Observer wishing to participate in polls, you must first contact
> gnso-secs at icann.org <mailto:gnso-secs at icann.org> to upgrade to WG Member.
>
>
>
> Best regards,
>
>
>
> Marika
>
>
>
> Marika Konings
>
> Vice President, Policy Development Support GNSO, Internet Corporation for
> Assigned Names and Numbers (ICANN)
>
> Email: marika.konings at icann.org <mailto:marika.konings at icann.org>
>
>
>
> Follow the GNSO via Twitter @ICANN_GNSO
>
> Find out more about the GNSO by taking our interactive courses
> <http://learn.icann.org/courses/gnso> and visiting the GNSO Newcomer pages
> <http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-ef
> forts.htm#newcomers> .
>
>
>
>
> [1] <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref1> ICANN Bylaws
> Article One, Section 1.1, Mission.
>
> [2] <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref2> ICANN Bylaws,
> Registration Directory Services Review, §4.6(e).
>
> [3] <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref3>
> https://www.icann.org/en/system/files/files/interim-models-gdpr-compliance-12j
> an18-en.pdf
> <https://www.icann.org/en/system/files/files/interim-models-gdpr-compliance-12
> jan18-en.pdf>
>
> *******************
>
> DISCLAIMER : This message is sent in confidence and is only intended for the
> named recipient. If you receive this message by mistake, you may not use,
> copy, distribute or forward this message, or any part of its contents or rely
> upon the information contained in it.
> Please notify the sender immediately by e-mail and delete the relevant e-mails
> from any computer. This message does not constitute a commitment by Europol
> unless otherwise indicated.
>
> *******************
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
> _______________________________________________ gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180117/a19d0755/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 171 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180117/a19d0755/image001-0001.png>
More information about the gnso-rds-pdp-wg
mailing list