[gnso-rds-pdp-wg] ICANN Blog re Session with European DPAs

Kris Seeburn seeburn.k at gmail.com
Sat Mar 31 17:07:25 UTC 2018 

+1 Ayden ... people let’s crop up our way and manners of using general list when it is of importance to all and when it is a one to one situation. Or a little group. 

Responsible use of a list is important.  Else we might just miss important matters.

Kris

> On 31 Mar 2018, at 20:48, Ayden Férdeline <icann at ferdeline.com> wrote:
> 
> John,
> 
> Please take this conversation offline.
> 
> I do not need these messages in my inbox.
> 
> Thank you.
> 
> ​Ayden Férdeline 
> 
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> 
>> On 31 March 2018 4:45 PM, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:
>> 
>> ​​
>> 
>> There are two types of people: those who want to complain about things someone else said on the internet and those who will solve problems.
>> 
>> The only choice here is which one are you?
>> 
>> I mean, it we want to keep bringing this issue up of a blog post not published to this list until you brought it here, I am going to bring up that it was a registry that called a female member of this list a criminal and part of a blackhat organization. It was a registrar that has openly talked about putting another members organization out of business. Or we could stop tone-policing other people’s external blog posts and get to work.
>> 
>> Your call.
>> 
>> 
>> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> 
>> John Bambenek
>> 
>>> On Mar 31, 2018, at 10:41, "benny at nordreg.se" benny at nordreg.se wrote:
>>> 
>>> Hmmm so the way of trash talking and blaming registrars in the article are ok in your opinion?
>>> 
>>> Yes or no is good enough as an answer
>>> 
>>> Blame autocorrect for any strange answers
>>> 
>>>> On 31 Mar 2018, at 17:29, John Bambenek jcb at bambenekconsulting.com wrote:
>>>> 
>>>> I haven’t done a full background check on you to know what you have or have not argued during the length of your career. The only interaction many of my fellow professionals had with ICANN is this list. That being said, that so many have quit because they felt bullied, had sexist attacks directed at them, or have been overtly labeled criminals and human rights violators by people on this list tells me something about the state of the multistakeholder model.
>>>> 
>>>> That being said, it sounds like we are basically in agreement. So, Benny, let’s just both talk to the DPAs and suggest this in an open letter and be done with it?
>>>> 
>>>> Let’s stop litigating the past, solve this and everyone move on to more pressing issues?
>>>> 
>>>> --
>>>> 
>>>> John Bambenek
>>>> 
>>>>> On Mar 31, 2018, at 09:58, "benny at nordreg.se" benny at nordreg.se wrote:
>>>>> 
>>>>> Really???
>>>>> 
>>>>> I have argued for privacy by default on registry level as it work in some registries and people can choose of there own free will to turn it on. But part of industry argues they will loose all info then.. I can’t see the difference from that contra what you suggest but apparently there are a difference..
>>>>> 
>>>>> Blame autocorrect for any strange answers
>>>>> 
>>>>>> On 31 Mar 2018, at 16:16, John Bambenek jcb at bambenekconsulting.com wrote:
>>>>>> 
>>>>>> That depends on how you define the problem. The solution here can be
>>>>>> 
>>>>>> defined as "what the DPAs will accept". It is in the economic interest
>>>>>> 
>>>>>> of registrars to display nothing to nobody, so "some ccTLD does X"
>>>>>> 
>>>>>> really isn't relevant in when the problem is defined correctly. GDPR and
>>>>>> 
>>>>>> no privacy legislation ever devised has controlled when I can publish my
>>>>>> 
>>>>>> own information or my ability to tell others to publish it. We can talk
>>>>>> 
>>>>>> about the finer points of implementation details, but the reality is
>>>>>> 
>>>>>> this, if GDPR was meant to restrict even private individuals from
>>>>>> 
>>>>>> publishing their own private information, the discussion we should be
>>>>>> 
>>>>>> having is whether to simply turn off the internet in Europe.
>>>>>> 
>>>>>> Twitter, snapchat, Facebook, instagram, et al, have solved this problem.
>>>>>> 
>>>>>> People are, in fact, going to continue to use these mediums to publish
>>>>>> 
>>>>>> nudes of themselves stored on third-party servers. GDPR isn't going to
>>>>>> 
>>>>>> stop that. Give individuals the choice when not engaging in commercial
>>>>>> 
>>>>>> activity to check a box (or uncheck a box) to have their information
>>>>>> 
>>>>>> displayed. We can continue to "debate" this, and I put debate in quotes
>>>>>> 
>>>>>> because when this suggestion isn't being ignored, I'm simply being told
>>>>>> 
>>>>>> I'm wrong with little to no rationale as to why, or I can just take this
>>>>>> 
>>>>>> to the DPAs and let them give us the answer.
>>>>>> 
>>>>>> j
>>>>>> 
>>>>>>> On 3/31/18 8:59 AM, benny at nordreg.se wrote:
>>>>>>> 
>>>>>>> That really doesn’t solve it completely ...
>>>>>>> 
>>>>>>> Even registries in ccTLD world with privacy already for natural persons are recognizing and acting on what to be published in Whois of legal persons info.
>>>>>>> 
>>>>>>> Blame autocorrect for any strange answers
>>>>>>> 
>>>>>>>> On 31 Mar 2018, at 15:49, John Bambenek jcb at bambenekconsulting.com wrote:
>>>>>>>> 
>>>>>>>> Well for 2 years I’ve been saying give people whois privacy for free, but everyone seems to ignore that. There is your solution. Let individuals decide whether they want their information published.
>>>>>>>> 
>>>>>>>> PROBLEM. SOLVED.
>>>>>>>> 
>>>>>>>> --
>>>>>>>> 
>>>>>>>> John Bambenek
>>>>>>>> 
>>>>>>>>> On Mar 31, 2018, at 02:05, "benny at nordreg.se" benny at nordreg.se wrote:
>>>>>>>>> 
>>>>>>>>> I find it highly offending that registrars are blamed for this mess. http://www.circleid.com/posts/20180330_icann_cannot_expect_the_dpas_to_re_design_whois/
>>>>>>>>> 
>>>>>>>>> It’s a bit late to come up with solutions for something which have been known to happen for nearly two years, especially from a part of the industry who have work hard to stop any changes.
>>>>>>>>> 
>>>>>>>>> I as one of many requested you and others to come up with solutions which would work for all but all forces was used to fight that and fight for the status quo.
>>>>>>>>> 
>>>>>>>>> I fully understand and acknowledge that security need data to work with and these suggestions should have been brought to the table loooooong time ago.
>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> 
>>>>>>>>> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>>>>>>>>> 
>>>>>>>>> Benny Samuelsen
>>>>>>>>> 
>>>>>>>>> Registry Manager - Domainexpert
>>>>>>>>> 
>>>>>>>>> Nordreg AB - ICANN accredited registrar
>>>>>>>>> 
>>>>>>>>> IANA-ID: 638
>>>>>>>>> 
>>>>>>>>> Phone: +46.42197000
>>>>>>>>> 
>>>>>>>>> Direct: +47.32260201
>>>>>>>>> 
>>>>>>>>> Mobile: +47.40410200
>>>>>>>>> 
>>>>>>>>>> On 30 Mar 2018, at 18:08, jonathan m jonathan.matkowsky at riskiq.net wrote:
>>>>>>>>>> 
>>>>>>>>>> Hi Chuck—I’d like to get a discussion going if that’s okay with you. I’d like to know whether for the public data set, it is feasible to have the following solution for the registrant email. It’s based in part on both technical implications and policy requirements.
>>>>>>>>>> 
>>>>>>>>>> 1.  Registrar required to notify registrants that starting on x date, the registrant org field will be relied on for purposes of treating the Whois record as an organizational domain rather than as belonging to a natural person. Check your record for accuracy because it may have implications for your privacy if you do not already have or subscribe to proxy or privacy services. A few reminders go out. Educate registrants they may want to update to “Domain Admin” instead of having their first and last name for organizational domains because starting on x date, existing organizational records will otherwise obfuscate or mask the local part of the registrant email in public Whois
>>>>>>>>>> 
>>>>>>>>>> 2.  For organizational domains, ICANN will prohibit masking the organizational domain name in the registrant email address. Registrars are free to mask the local part of the registrant email address in accordance with applicable law in the public Whois.
>>>>>>>>>> 
>>>>>>>>>> 3.  for natural persons, registrars will be required to use the same encrypted hash algorith so there is parity across databases even though there is no centralized database to manage the encryption. The policy will be enforced by ICANN and subject to auditing. They can warn registrants of the associated risks of compromise to give them a chance to take added precautions and purchase proxy or privacy services.
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> This would be the minimum requirements for modifying public Whois registrant email address to avoid damaging the security and stability of the unique identifiers and DNS. If the downside of doing this is prohibitive, than ICANN should seek guidance in the April meeting on whether the public interest in not damaging security and stability outweighs the privacy interference of having email addresses remain in the phone books given its not a particularly strong personal indicator to begin with as privacy and proxy services are available to those that mind as long as they are notified.
>>>>>>>>>> 
>>>>>>>>>> This would result in emails in Whois of natural data subjects being uniformly hashed so that you can freely see which hash owns what, and Whois of organizations being freely listed with any local part of such organizational emails being masked if required by applible law.
>>>>>>>>>> 
>>>>>>>>>> I would like to hear a discussion on this from the group this week. Not on the legality of it under GDPR as the Article 29 working group can weigh in but first we need to discuss the architectural and policy issues.
>>>>>>>>>> 
>>>>>>>>>> Thanks
>>>>>>>>>> 
>>>>>>>>>> Jonathan
>>>>>>>>>> 
>>>>>>>>>> On Fri, Mar 30, 2018 at 11:27 AM Chuck consult at cgomes.com wrote:
>>>>>>>>>> 
>>>>>>>>>> For any of you who have not seen it, the ICANN Blog re the Session with European DPAs that occurred yesterday, here is the link:
>>>>>>>>>> 
>>>>>>>>>> https://www.icann.org/news/blog/data-protection-privacy-issues-update-discussion-with-article-29-en
>>>>>>>>>> 
>>>>>>>>>> Chuck
>>>>>>>>>> 
>>>>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>>>>> 
>>>>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>>>>> 
>>>>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> ------------------------------------------------------------------------------------------------------------------
>>>>>>>>>> 
>>>>>>>>>> Jonathan Matkowsky
>>>>>>>>>> 
>>>>>>>>>> This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.
>>>>>>>>>> 
>>>>>>>>>> *******************************************************************_______________________________________________
>>>>>>>>>> 
>>>>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>>>>> 
>>>>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>>>>> 
>>>>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>>> 
>>>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>>>> 
>>>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>>>> 
>>>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> 
>> gnso-rds-pdp-wg mailing list
>> 
>> gnso-rds-pdp-wg at icann.org
>> 
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> 
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list