<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Nick,</p>
<p>This case is very, very real. It is exactly what I have seen many
times in my experience.</p>
<p>Kathy</p>
Kathy Kleiman, Esq.<br>
Co-Founder, Noncommercial Users Constituency <br>
<br>
<div class="moz-cite-prefix">On 7/26/2016 5:27 AM, Nick Shorey
wrote:<br>
</div>
<blockquote
cite="mid:CACrcH9qoLRR5Zf1EFJ=XFE3_AtbYtPcZVpq7WBQ+U=GSBdzj_g@mail.gmail.com"
type="cite">
<div dir="ltr">Are we keeping these source cases based on fact, or
are hypothetical use cases permitted?</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><b><span></span><span></span>Nick
Shorey
BA(Hons) MSc.</b></div>
<div>Senior
Policy Advisor
| Global
Internet
Governance</div>
<div>Department
for Culture,
Media &
Sport</div>
<div>HM
Government |
United Kingdom</div>
<div><br>
</div>
<div>Email: <a
moz-do-not-send="true" href="mailto:nick.shorey@culture.gov.uk"
target="_blank">nick.shorey@culture.gov.uk</a></div>
<div>Tel: +44
(0)7741 256
320</div>
<div>Skype:
nick.shorey</div>
<div>Twitter:
@nickshorey</div>
<div>LinkedIn:
<a
moz-do-not-send="true"
href="http://www.linkedin.com/in/nicklinkedin" target="_blank">www.linkedin.com/in/nicklinkedin</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 25 July 2016 at 23:41, Ayden
Férdeline <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:icann@ferdeline.com" target="_blank">icann@ferdeline.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:normal;word-break:break-word">
<table valign="top" style="width:100%;margin-top:6px"
border="0" cellpadding="0" cellspacing="0"
lang="container">
<tbody>
<tr>
<td
style="line-height:1.31;color:#222;font-family:arial,sans-serif"
valign="top">
<div>Hello all,</div>
<div><font><br>
</font></div>
<div>I would like to introduce an additional use
case. This is just a rough draft for now, and I
welcome your feedback on how this use case can
be strengthened. </div>
<div><font><br>
</font></div>
<div>The scenario is: a dissident group launches a
website to bring important news and information
to the public. They register their domain name
in a foreign nation and do not want law
enforcement, or other parties, to be able to
identify the website’s administrators,
management, and/or sources of information. If
this information was made known, their
publishing could be silenced and their sources
and contributors could suffer harm. The
registrant is not aware of the existence of
privacy proxy services at the time they register
their domain name.</div>
<div><font><br>
</font></div>
<div><b>Misuse Case:</b> The RDS could be used by
State actors or other
parties to identify members of or contributors
to the dissident group, and this
could result in their voices being silenced
through legal, political, or
physical means.</div>
<div><font><br>
</font></div>
<div><b>Main Misuse Case: </b>An actor is unhappy
that a website in a
country is publishing material that speaks
unfavourably about a given topic.
They wish to launch political and legal attacks
to silence the website’s
publishers and to alter the narrative of the
historical record on this topic.
They thus utilise the RDS to identify a contact
of someone involved in the
administration of this website, with the view of
torturing or otherwise
extracting from this contact the names and
contact details of contributors to
the dissenting website. As the registrant does
not subscribe to a privacy proxy service
(possibly because of limited financial
resources, or lack of awareness that such a
service exists), their contact details have been
permanently published into the public record and
their privacy is thus permanently breached. As a
result the RDS threatens the ability of
dissenting voices
to exercise their inalienable rights in an
online environment. </div>
<div><font><br>
</font></div>
<div><b>Primary Actor: </b>Government or other
entity wanting to censor
a dissident group.</div>
<div><font><br>
</font></div>
<div><b>Other stakeholders:</b> Domain name
registrant.</div>
<div><font><br>
</font></div>
<div><b>Scope:</b></div>
<div><font><b><br>
</b></font></div>
<div><b>Level:</b></div>
<div><font><br>
</font></div>
<div><b>Data Elements:</b> In order to prevent
misuse by another actor,
no personally identifiable information should be
stored in the RDS whatsoever. The
only data elements that the RDS requires to
operate on a technical level are: the domain
name itself, the
registrar, the domain name’s expiry date, and
its status (registered / not
registered). For it to be of functional use,
there are two optional fields:
name servers, and the auth-code.</div>
<div><font><br>
</font></div>
<div><b>Story: </b></div>
<ul style="font-size:small">
<li>A requestor accesses the RDS to obtain
information
about a registered domain name. The RDS
immediately returns the registration data
associated with the domain name, which may
include a name and physical address
of the registrant.</li>
<li>The requestor
passes the extracted information on to a third
party who visits the physical
address of the contact. The registrant suffers
physical harm as a result of the
RDS and no longer feels comfortable using the
Internet to convey to the public
important information.</li>
</ul>
<div><b>Privacy
implications: </b>Article 19 of the Universal
Declaration of Human Rights states that everyone
has the right to freedom of
opinion and expression; this right includes the
freedom to hold opinions
without interference and to seek, receive, and
impart information and ideas
through any media and regardless of frontiers.
These principles must be upheld
in the RDS. An RDS that contains any
personally-identifiable information would
threaten
these very freedoms. Accordingly, the RDS must
only collect and store data for
limited, lawful, and appropriate purposes.<br>
</div>
<div style="margin-bottom:0.0001pt"><font><b><br>
</b></font></div>
<div style="margin-bottom:0.0001pt"><b>Who has
control of and access to the data: </b></div>
<div style="margin-bottom:0.0001pt"><b> </b></div>
<div style="margin-bottom:0.0001pt"><b>Conditions
under which the data are accessible: </b></div>
<div style="margin-bottom:0.0001pt"> </div>
<div style="margin-bottom:0.0001pt"><b>How data
can be accessed: </b>At this time, personally
identifiable information
can be accessed by any party in the world, for
any reason. This is not
consistent with best practices in privacy
protection.</div>
<div style="margin-bottom:0.0001pt"> </div>
<div style="margin-bottom:0.0001pt"><b>Other?</b></div>
<div> </div>
<div>As you can see, I have left a few of the
fields in Lisa's template for use cases blank. I
do not have all the answers, so I would very
much welcome your suggestions on how this use
case could be strengthened. I'm still a little
uncertain as to whether we are designing use
cases for what the WHOIS protocol is like today
(this is an assumption I have gone by in this
first draft) or if this is meant to be more like
a use case in a dream system instead. I'll
revise this use case once I understand this
exercise a bit better.</div>
<div><br>
</div>
<div>Thank you for your time, consideration, and
feedback.</div>
<div><font><br>
</font></div>
<div>Best wishes,</div>
<div><font><br>
</font></div>
<div>Ayden Férdeline</div>
<img moz-do-not-send="true"
style="border:0;width:0px;min-height:0px"
src="https://app.mixmax.com/api/track/v2/Rv7sFvWFObcE9nmgR/i02bj5SZulGblRmclZGQu5WYjlmI/icmcv5ibuF2YpB0Z31CckBXLzRmct82cudmI/?sc=false"
alt="" height="0" align="left" width="0"> </td>
</tr>
</tbody>
</table>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>