[gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from 9 January Meeting
Chuck
consult at cgomes.com
Thu Jan 18 02:18:26 UTC 2018
Paul,
PDP WG do not have any responsibilities with regard to the registry and
registrar agreements; they are between registries and ICANN and registrars
and ICANN. The only way a PDP WG can impact these agreements is to
recommend consensus policies, which, if approved by the GNSO Council and the
ICANN Board would become part of those agreements.
Chuck
From: Paul Keating [mailto:Paul at law.es]
Sent: Wednesday, January 17, 2018 8:26 AM
To: Michele Neylon - Blacknight <michele at blacknight.com>; Chuck
<consult at cgomes.com>; 'nathalie coupet' <nathaliecoupet at yahoo.com>;
'Mounier, Grégory' <gregory.mounier at europol.europa.eu>;
gnso-rds-pdp-wg at icann.org
Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>
Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from
9 January Meeting
Chuck and Michele,
In several of my emails I have suggested that ICANN revise the ARA and the
RAA to require the data collection required for security. This would seem
to be well within ICANN’s ambit/purpose and having it in the agreement – and
passed down to the registrars to collect would remove the present issue –
which is the fact that the data necessary for
security/certification/investigation is not required to perform the
agreement between the registrant and registrar.
Michele, have the registrars considered such a situation?
Paul Keating
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org
<mailto:gnso-rds-pdp-wg-bounces at icann.org> > on behalf of Michele Blacknight
<michele at blacknight.com <mailto:michele at blacknight.com> >
Date: Wednesday, January 17, 2018 at 11:14 AM
To: Chuck <consult at cgomes.com <mailto:consult at cgomes.com> >, 'nathalie
coupet' <nathaliecoupet at yahoo.com <mailto:nathaliecoupet at yahoo.com> >,
<'Mounier>, Grégory' <gregory.mounier at europol.europa.eu
<mailto:gregory.mounier at europol.europa.eu> >, "gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> " <gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> >
Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org
<mailto:gnso-next-gen-rds-lead at icann.org> >
Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from
9 January Meeting
Chuck / Nathalie
Chuck is correct. Every registrar has their own set of terms and conditions.
There is no standard agreement, as no two companies are identical.
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org
<mailto:gnso-rds-pdp-wg-bounces at icann.org> > on behalf of Chuck
<consult at cgomes.com <mailto:consult at cgomes.com> >
Date: Wednesday 17 January 2018 at 01:07
To: 'nathalie coupet' <nathaliecoupet at yahoo.com
<mailto:nathaliecoupet at yahoo.com> >, "'Mounier, Grégory'"
<gregory.mounier at europol.europa.eu
<mailto:gregory.mounier at europol.europa.eu> >, "gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> " <gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> >
Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org
<mailto:gnso-next-gen-rds-lead at icann.org> >
Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from
9 January Meeting
Nathalie,
First of all, let me point out that contracts between registrars and
registrant’s vary by registrar. There is not a standard registrant
contract. The RAA contains certain requirements that registrar must include
in the registrant contract, but I am not aware that it requires a ‘do no
harm’ clause. I have cc’d the leadership team and hope Michele will answer
your question.
Chuck
From: nathalie coupet [ <mailto:nathaliecoupet at yahoo.com>
mailto:nathaliecoupet at yahoo.com]
Sent: Tuesday, January 16, 2018 2:59 PM
To: Chuck < <mailto:consult at cgomes.com> consult at cgomes.com>; 'Mounier,
Grégory' < <mailto:gregory.mounier at europol.europa.eu>
gregory.mounier at europol.europa.eu>; <mailto:gnso-rds-pdp-wg at icann.org>
gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from
9 January Meeting
Chuck and All,
Is there a 'do no harm' clause in the contract between the registrar and the
registrant? This could ease the way for including collection of data for LEA
and IP protection as uses for uses compatible with domain management...
Nathalie
On Tuesday, January 16, 2018 11:52 AM, Chuck < <mailto:consult at cgomes.com>
consult at cgomes.com> wrote:
I don’t think this WG is a negotiation table or a debate forum. PDPs are a
clearly defined process that is neither of these.
Chuck
From: nathalie coupet [ <mailto:nathaliecoupet at yahoo.com>
mailto:nathaliecoupet at yahoo.com]
Sent: Tuesday, January 16, 2018 6:50 AM
To: Chuck < <mailto:consult at cgomes.com> consult at cgomes.com>; 'Mounier,
Grégory' < <mailto:gregory.mounier at europol.europa.eu>
gregory.mounier at europol.europa.eu>; <mailto:gnso-rds-pdp-wg at icann.org>
gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from
9 January Meeting
Yes. As long as each seconday purpose is formulated in such a way as to
protect vital interests on a case by case basis (law enforcement, research,
IP, etc.) with additional authorization for collection, if some data is
missing, etc.
I would need to research this subject much more in details, or as a
collective endeavour (much better).
Is this WG a negotiation table or just a debate forum for competing
interests?
Nathalie
On Tuesday, January 16, 2018 9:35 AM, Chuck < <mailto:consult at cgomes.com>
consult at cgomes.com> wrote:
Nathalie,
Do I understand you correctly that you are suggesting that a primary purpose
is one that a registrant gives consent for access and secondary purposes
would be all other purposes recommended by the WG for which no registrant
consent for access is given?
I am asking this for clarification with the understanding that we will get
to access later.
Chuck
From: nathalie coupet [ <mailto:nathaliecoupet at yahoo.com>
mailto:nathaliecoupet at yahoo.com]
Sent: Monday, January 15, 2018 1:38 PM
To: Mounier, Grégory < <mailto:gregory.mounier at europol.europa.eu>
gregory.mounier at europol.europa.eu>; 'Chuck' < <mailto:consult at cgomes.com>
consult at cgomes.com>; <mailto:'gnso-rds-pdp-wg at icann.org>
'gnso-rds-pdp-wg at icann.org' < <mailto:gnso-rds-pdp-wg at icann.org>
gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: IMPORTANT: Invitation for Poll from
9 January Meeting
Hi Gregory,
I was expecting this objection be raised by law enforcement. But, in a
spirit of compromise, let's remember a resolution a member made earlier
about the implementation of GDPR: we were going to distinguish between
primary purpose and secondary purpose (those not directly based on the
contract between the registrant and the registrar) and beef up 'secondary
purposes'. While this might seem unnatural, it allows us to apply the GDPR's
distinction while preserving the use of WHOIS for law enforcement and abuse
mitigation people.
This is important when submitting the WG's and ultimately ICANN's rationale
to the DPA's review: let's not increase the attack surface. We can make sure
that despite this use not being granted full legitimate status for
collection, there will be enough data available for this use by allowing
additional collection, if need be.
The fact that a purpose is direct or indirect based on the contract between
the reigstrant and the registrar - the initial consent of the registrant
being the cirteria for determining which purpose is primary (a.k.a
'legitimate') and which one is not (i.e 'secondary') - could really
alleviate our quest for a compromise and still protect ICANN and registrars.
I fear we'll still be here discussing this until we all turn blue and still
not get anywhere. I'm sure no one in the group believes your work is less
important, and we'll protect your access to information as much as we can.
We just need to create this little artifice to protect registrars and ICANN,
so DPA's wont breathe down our necks.
Why not give it a try?
Nathalie
On Monday, January 15, 2018 8:30 AM, "Mounier, Grégory" <
<mailto:gregory.mounier at europol.europa.eu>
gregory.mounier at europol.europa.eu> wrote:
Dear all,
I will not be able to join the call tomorrow so I thought that I should drop
an email to the list to explain why I voted against the proposed possible WG
Agreement according to which “Criminal Activity/DNS Abuse – Investigation is
NOT a legitimate purpose for requiring collection of registration data, but
maybe a legitimate purpose of using some data collected for other purposes.”
I think that there are a number of rationales/grounds - including in ICANN’s
Bylaws - to argue that in fact, investigating criminal activity and DNS
Abuse IS a legitimate purpose for requiring the collection of registration
data.
Some of these rationales have been mentioned during the discussion on the
mailing list and during the call on 9th January. Unfortunately, I think that
the proposed possible WG agreement does not take into consideration these
rationales. I specifically disagree with the assumption that we should make
a distinction between 1) the purpose of collecting the data and 2) the
purpose for using the data collected for other purposes (manage domain
registrations).
The reason why I disagree with making this distinction is that it leads to
artificially reduce the importance of a valid and legitimate purpose of the
WHOIS system, acknowledged by ICANN Bylaws: addressing malicious abuse of
the DNS and providing a framework to address appropriate law enforcement
needs. (ICANN’s mandate is to “ensure the stable and secure operation of the
internet’s unique identifier systems”
<https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn1> [1] + WHOIS data is
essential for “the legitimate needs of law enforcement” and for “promoting
consumer trust.” <https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn2> [2]
). In its document on the three compliance models issued last Friday
<https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftn3> [3], ICANN has
explicitly included: addressing the needs of law enforcement, investigation
of cybercrime and DNS abuse as legitimate purposes of the WHOIS system.
If one of the purpose of the WHOIS system is to support a framework to
address issues involving domain name registrations, including investigation
of cybercrime and DNS abuse, it can be argued that investigating criminal
activity and DNS abuse IS a legitimate purpose for requiring the collection
of registration data. Likewise, I think that requiring collection of
registration data to prevent crime is NOT beyond ICANN's mandate because
this data is essential for ICANN to fulfil its mandate.
I have attached a list of relevant references supporting this point of view
taken from ICANN’s Bylaws and the GDPR.
I hope that you’ll find this contribution helpful and I’m looking forward to
reading the transcript of the next call :).
Best,
Greg
Gregory Mounier
Europol
European Cybercrime Centre
+31 6 55782743
From: gnso-rds-pdp-wg [ <mailto:gnso-rds-pdp-wg-bounces at icann.org>
mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Chuck
Sent: 12 January 2018 15:21
To: <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
Subject: [gnso-rds-pdp-wg] FW: IMPORTANT: Invitation for Poll from 9 January
Meeting
Importance: High
The response to this week’s poll is particularly low so I strongly encourage
more members to respond so that we have enough data to help us in our
meeting next week. Thanks to those who have already responded.
Chuck
From: gnso-rds-pdp-wg [ <mailto:gnso-rds-pdp-wg-bounces at icann.org>
mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Marika Konings
Sent: Wednesday, January 10, 2018 7:27 AM
To: <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
Subject: [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 9 January
Meeting
Dear all,
In follow-up to this week’s WG meeting, all RDS PDP WG Members are
encouraged to participate in the following poll:
<https://www.surveymonkey.com/r/VM6S8YK>
https://www.surveymonkey.com/r/VM6S8YK
Responses should be submitted through the above URL. For offline reference,
a PDF of poll questions can also be found at:
<https://community.icann.org/download/attachments/74580034/Poll-from-9Januar
y-Call.pdf?version=1&modificationDate=1515544361000&api=v2>
https://community.icann.org/download/attachments/74580034/Poll-from-9January
-Call.pdf?version=1&modificationDate=1515544361000&api=v2
This poll will close at COB Saturday 13 January.
Please note that you must be a WG Member to participate in polls. If you are
a WG Observer wishing to participate in polls, you must first contact
<mailto:gnso-secs at icann.org> gnso-secs at icann.org to upgrade to WG Member.
Best regards,
Marika
Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for
Assigned Names and Numbers (ICANN)
Email: <mailto:marika.konings at icann.org> marika.konings at icann.org
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our
<http://learn.icann.org/courses/gnso> interactive courses and visiting the
<http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-
efforts.htm#newcomers> GNSO Newcomer pages.
<https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref1> [1]ICANN Bylaws
Article One, Section 1.1, Mission.
<https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref2> [2] ICANN
Bylaws, Registration Directory Services Review, §4.6(e).
<https://mail.yahoo.com/?soc_src=mail&soc_trk=ma#_ftnref3> [3]
<https://www.icann.org/en/system/files/files/interim-models-gdpr-compliance-
12jan18-en.pdf>
https://www.icann.org/en/system/files/files/interim-models-gdpr-compliance-1
2jan18-en.pdf
*******************
DISCLAIMER : This message is sent in confidence and is only intended for the
named recipient. If you receive this message by mistake, you may not use,
copy, distribute or forward this message, or any part of its contents or
rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant
e-mails from any computer. This message does not constitute a commitment by
Europol unless otherwise indicated.
*******************
_______________________________________________
gnso-rds-pdp-wg mailing list
<mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
<https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180117/84f87722/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 171 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180117/84f87722/image001-0001.png>
More information about the gnso-rds-pdp-wg
mailing list