<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">I did not find Chuck's comments in any way "accusatory." If anything, I found them well-considered and admirable in their restraint.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">If anything, Chuck's intervention may have prevented "accusatory" comments from making their way to the list. As such, I would suggest that Chuck's comments were an exercise in "de-escalation."</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">In that vein, I will refrain from commenting on comments, or commenting on comments about comments or commenting on comments about comments about comments, though if I wanted to comment on comments or comments on comments or comments on comments on comments, I would have comments to make. But I won't.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Greg</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 19, 2016 at 7:08 PM, Stephanie Perrin <span dir="ltr"><<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><font face="Lucida Grande">Gentlemen, with great
respect, I think you are being a bit hard on Ayden here. If,
as our next-gen rep here on the group, he were not questioning
authority, I might be afraid he had somehow "missed the
memo". I think the tone has become a bit accusatory on both
sides and we should de-escalate. I agree that we must be
exceedingly careful about putting words in each others
mouths. However, questioning the efficacy of oversight of
police data protection compliance is fair game in my view and
in the view of most privacy scholars (Korff, Brown, Bennett
and Raab, Anderson etc.). Diana Alonso Blass (who came to
ICANN in 2003 or 04 representing the Article 29 Working Party)
and now of Eurojust speaks regularly on some of these issues
at the data protection commissioners' annual conference and at
CPDP and there can be heated debate. Oversight of law
enforcement, particularly cross border law enforcement, is
difficult just as the actual law enforcement is difficult.
There are many reasons for this:</font></font></p>
<ul>
<li><font size="+1"><font face="Lucida Grande">law enforcement
authorities have (legitimate) exemptions under data
protection law for collection use and disclosure, making it
easy to accidently abuse that discretion <br>
</font></font></li>
<li><font size="+1"><font face="Lucida Grande">Data protection
authorities frequently choose to direct enforcement actions
in other areas, given the constant shortage of resources and
the publicity (reaching political uproar at times) that can
come with enforcement against police<br>
</font></font></li>
<li><font size="+1"><font face="Lucida Grande">governments often
take a dim view of data protection commissioners who go
after the police (I can cite examples if you wish but I
realize noone wants to read an article on the difficulties
of dp oversight of law enforcement</font></font></li>
</ul>
<p><font size="+1"><font face="Lucida Grande">Some of the European
DP authorities testified in the 2014 inquiry into NSA
surveillance....I realize this is about intelligence, but
certainly Europol and cybercrime were mentioned.
<a href="http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A7-2014-0139+0+DOC+PDF+V0//EN" target="_blank">http://www.europarl.europa.eu/<wbr>sides/getDoc.do?pubRef=-//EP//<wbr>NONSGML+REPORT+A7-2014-0139+0+<wbr>DOC+PDF+V0//EN</a>.
Given the global nature of law enforcement in our subject
area, and the perceived failure of certain instruments such as
the Cybercrime treaty, and the general shock and outrage
expressed during the inquiry I just cited, particularly over
cross border data sharing, I think it is reasonable to
question assertions of compliance with data protection law.
You will find the list of witnesses in the appendix. Jacob
Kohnstamm was one of them, as was Peter Hustinx, and let me
finally remind you of my favorite quote from Kohnstamm</font>
<font face="Lucida Grande">'s 2012 letter to Crocker: </font></font><br>
</p>
<p> </p>
<p class="MsoNormal" style="margin-left:36.0pt;line-height:200%"><span lang="EN-US">“The Working Party strongly objects to the
introduction of data retention by means of a contract issued by
a private corporation in order to facilitate (public) law
enforcement.<span> </span>If there is
a pressing social need for specific collections of personal data
to be available for law enforcement, and the proposed data
retention is proportionate to the legitimate aim pursued, it is
up to national governments to introduce legislation that meets
the demands of article 8 of the European Convention on Human
Rights and article 17 of the International Covenant on civil and
Political rights”. <span> </span>(Kohnstamm
to Crocker and Atallah, 26 September 2012).<u></u><u></u></span></p>
<p><font face="Lucida Grande" size="+1">The bottom line here is that
civil society correctly has questions about the efficacy of
oversight. Please don't take it personally, it is not meant
that way. It is our job to question. I would agree that Europol
has an excellent oversight regime, in comparative terms, (I wish
we had it in North America) but that does not mean it works all
the time. While we are not here to criticize particular
countries or regions, please admit the idea of criticism in
general. It is important. <br><span class="HOEnZb"><font color="#888888">
</font></span></font></p><span class="HOEnZb"><font color="#888888">
<p><font face="Lucida Grande" size="+1">Stephanie Perrin</font><br>
</p></font></span><div><div class="h5">
<br>
<div>On 2016-08-18 18:55, Gomes, Chuck
wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Ayden,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
appreciate your frequent contributions because you share
some important concerns. But I want to communicate some
concerns I have about how you are doing that. Please see my
comments below.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Chuck<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.<wbr>org</a>
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-<wbr>bounces@icann.org</a>]
<b>On Behalf Of </b>Ayden Férdeline<br>
<b>Sent:</b> Thursday, August 18, 2016 4:48 PM<br>
<b>To:</b> Mounier, Grégory<br>
<b>Cc:</b> RDS PDP WG<br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] @EXT: RE: Use cases:
Fundamental, Incidental, and Theoretical<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Hi Greg, <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I don’t mean to sound provocative,
however I would like to make sure I am interpreting your
comments correctly. Please see inline below.
<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks, <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Ayden<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">-------- Original Message --------<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Subject: @EXT: RE: Use cases:
Fundamental, Incidental, and Theoretical<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Local Time: August 18, 2016 7:00 PM<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">UTC Time: August 18, 2016 6:00 PM<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">From: <a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.<wbr>europa.eu</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">To: <a href="mailto:gregshatanipc@gmail.com" target="_blank">gregshatanipc@gmail.com</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="mailto:icann@ferdeline.com,gnso-rds-pdp-wg@icann.org" target="_blank">icann@ferdeline.com,gnso-rds-<wbr>pdp-wg@icann.org</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Yes
Greg:
</span></span><span><span style="font-family:"Calibri","sans-serif";color:#1f497d">unlike
what Ayden seems to imply:
</span></span><u></u><u></u></p>
<p><span><span style="font-family:Symbol;color:#1f497d">·</span></span><span><span style="font-size:7.0pt;color:#1f497d">
</span></span><span><span style="font-family:"Calibri","sans-serif";color:#1f497d">Europol
is not advocating that personal information be
processed in a manner inconsistent with European law;</span></span><u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal">I am pleased to hear this. However, it
the <a href="https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2014/14-04-17_EDPS_letter_to_ICANN_EN.pdf" title="https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2014/14-04-17_EDPS_letter_to_ICANN_EN.pdf" target="_blank">
opinion</a> of the European Commission’s own Data
Protection Supervisor that the data retention requirements
contained with the 2013 RAA and the Draft Specification
“continue to fall short of compliance with European data
protection law.” You have built a use case around how the
WHOIS protocol operates today, which itself contains data
sourced from registrars through practices which are
inconsistent with the privacy laws of many (all?) EU Member
States.<u></u><u></u></p>
<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[Chuck
Gomes] Greg did not say that the 2013 RAA is compliant
with European law; he only said Europol is.</span></i></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p><span><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d">·</span></span><span><span style="font-size:7.0pt;color:#1f497d">
</span></span><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Europol
access and processing of WHOIS information is in line
with European Data protection rules;</span></span><u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal">I am glad that this is the case. Could
you please expand upon how, under what circumstances, and
how frequently Europol currently retrieves WHOIS records?<u></u><u></u></p>
<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[Chuck
Gomes] This is a terribly broad request and one that I
suspect may be very difficult to respond to. Europol
is not the topic of discussion . Insight they can
provide will be helpful when we deliberate just like
your insights. In all cases we will do our best to
validate information we use.</span></i></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p><span><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d">·</span></span><span><span style="font-size:7.0pt;color:#1f497d">
</span></span><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Europol
does not “trawl” the WHOIS;</span></span><u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal">Are you saying, then, that you do not
find the WHOIS protocol useful in solving crime? If you are
not collecting its records in bulk, I would suggest that we
revise your use case of 25 July to reflect this reality.
<u></u><u></u></p>
<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[Chuck
Gomes] He did not say that. I encourage you to avoid
adding to what he said.</span></i></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">We should remove the reference to “Python
DNS scripts or domain tool API” being utilised to identify
connections between DNS information and potentially
troublesome websites, and replace it with something which
respects the right to, say, due process. <u></u><u></u></p>
<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[Chuck
Gomes] Please remember that our objective is not to
create perfect use cases.</span></i></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">After all, illegal content like child
abuse material (which you flagged in your use case) is just
that – illegal. Illegal material should be dealt with in a
legal manner. You should not be advocating for the
circumvention of the rule of law; to do so is a direct
violation of the human rights standards that Europol has
committed itself to upholding.<u></u><u></u></p>
<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[Chuck
Gomes] Who is advocating for the “</span></i></b>the
circumvention of the rule of law<b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">”?
I think that the implication you make here is
inappropriate.</span></i></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p><span><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d">·</span></span><span><span style="font-size:7.0pt;color:#1f497d">
</span></span><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Europol
is indeed subject to one of the most stringent data
protection framework in the LEA world.
</span></span><u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal">Whether that is reality or rhetoric, I do
not know. My gut feeling is that Europol’s data protection
provisions are comprehensive in theory, but critically
undermined by procedural weakness. One example that comes to
mind: the Europol Joint Supervisory Body is the independent
body which supposedly monitors your adherence to data
protection rules. However, it has no powers of enforcement,
it can only “make any complaints it deems necessary to the
Director” of Europol.<u></u><u></u></p>
<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[Chuck
Gomes] I think it best if you avoid criticizing
specific organizations and stick to issues.</span></i></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I’ll
stop here because this is only partially relevant to
this PDP.</span></span><u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal">My understanding has been that some
politicians in the EU have been reluctant to expand
Europol’s remit/mandate, given concerns around effectiveness
and a perceived democratic deficit, so it is fascinating to
me to see Europol working to expand its powers and data
collection abilities in working groups such as this one.<u></u><u></u></p>
<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[Chuck
Gomes] Once again I think you are concluding more than
is reasonable and also don’t find you comment here
constructive.</span></i></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Best</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Greg</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal"><span><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b></span><span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Greg Shatan [<a href="mailto:gregshatanipc@gmail.com" target="_blank">mailto:gregshatanipc@gmail.<wbr>com</a>]
</span></span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><br>
<span><b>Sent:</b> 18 August 2016 19:49</span><br>
<span><b>To:</b> Mounier, Grégory</span><br>
<span><b>Cc:</b> Ayden Férdeline; RDS PDP
WG</span><br>
<span><b>Subject:</b> Re: [gnso-rds-pdp-wg]
@EXT: RE: Use cases: Fundamental, Incidental, and
Theoretical</span></span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Verdana","sans-serif"">Greg,</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Verdana","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Verdana","sans-serif"">For
the rest of us who may not be so well informed, is
there something more we should understand and take
into account in considering this particular
back-and-forth?</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Verdana","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Verdana","sans-serif"">Thanks!</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Verdana","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Verdana","sans-serif"">Greg
Shatan</span></span><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On
Thu, Aug 18, 2016 at 1:45 PM, Mounier, Grégory <<a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.<wbr>europa.eu</a>>
wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Dear
Ayden,
</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
objected because some of your statements were
misinformed so I thought that I should help
and clarify. But it seems that you are very
well informed and that you don’t need further
explanations
</span></span><span><span style="font-size:11.0pt;font-family:Wingdings;color:#1f497d">J</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Best
regards,
</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Greg</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal"><span><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b></span><span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Ayden Férdeline [mailto:<a href="mailto:icann@ferdeline.com" target="_blank">icann@ferdeline.com</a>]
</span></span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><br>
<span><b>Sent:</b> 18 August 2016
19:27</span><br>
<span><b>To:</b> Mounier, Grégory</span><br>
<span><b>Cc:</b> Rob Golding; RDS
PDP WG</span><br>
<span><b>Subject:</b> Re: @EXT: RE:
[gnso-rds-pdp-wg] Use cases: Fundamental,
Incidental, and Theoretical</span></span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">Thank
you for the response, Greg. I did not mean to
suggest that Europol was
<b>wholly</b>exempt from European data
protection regulations, because it is not. In my
original message, I wrote:
<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>"...your
agency is exempt from
<b>some</b> of the general provisions on data
processing." </i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I
have bolded the word ‘some’ on this occasion for
emphasis. When I wrote that Europol had
exemptions from
<b>some</b>of the general provisions on data
processing, I was referring to the Europol
Council Decision as published in the Official
Journal of the European Union on 15 May 2009. I
am sure you are intimately familiar with this
document, as you cited it in your email to me
today as providing the “basis for Europol to
establish and maintain cooperative relations
with Union or Community institutions, bodies,
offices and agencies; third States and
organisations; private parties and private
persons in so far as it is relevant to the
performance of its tasks.” <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Aside
from this, this decision contains data
processing rules which were, to quote you again
in your email, "tailor-made" for Europol, and is
complemented by a set of implementation
guidelines which privilege Europol with the
ability to process personal data “for the
purpose of prevention, investigation, detection
and prosecution of criminal offences or the
execution of criminal penalties” in a manner
that would not be permitted of other
stakeholders.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Given
this, I'm unsure as to why you found my comments
so objectionable, but I hope this email has
brought about some more clarity. If not, I am
happy to expand upon my thoughts.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">Ayden
<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">--------
Original Message --------<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Subject:
@EXT: RE: [gnso-rds-pdp-wg] Use cases:
Fundamental, Incidental, and Theoretical<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Local
Time: August 18, 2016 5:54 PM<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">UTC
Time: August 18, 2016 4:54 PM<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">From:
<a href="mailto:gregory.mounier@europol.europa.eu" target="_blank">gregory.mounier@europol.<wbr>europa.eu</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">To:
<a href="mailto:icann@ferdeline.com" target="_blank">icann@ferdeline.com</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="mailto:rob.golding@astutium.com,gnso-rds-pdp-wg@icann.org" target="_blank">rob.golding@astutium.com,gnso-<wbr>rds-pdp-wg@icann.org</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Dear
Ayden,
</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thank
you very much for sharing your concerns
and apologies for the late response, I was
away from the office.</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
am not sure how you got the perception
that Europol was “trawling” through WHOIS
records or that Europol was “exempt from
some of the general provisions on data
processing” or even that our legal
framework limited the ability of Europol
staff to process data from publicly
available sources related to “terror
manuals” or “criminals claiming credit for
attacks”.</span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">In
fact, I can assure you that
<u>Europol is not exempted from the
general provisions on data protection</u>.
European data protection legislation has
been implemented in the organisation with
the aim of creating a legal framework
which balances the fundamental interests
of freedom and security. The tailor-made
set of rules provides Europol with one of
the strongest, most robust data protection
framework in the world of law enforcement.</span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><u></u> <u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">As
far as data exchange inside the EU is
concerned, Art.22-25 of Europol Council
Decision (ECD) provides a basis for
Europol to establish and maintain
cooperative relations with Union or
Community institutions, bodies, offices
and agencies; third States and
organisations; private parties and private
persons in so far as it is relevant to the
performance of its tasks.</span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Europol
exchanges personal data only with third
parties which have an adequate level of
data protection. The prior data protection
assessment of the third party involves a
check on the necessary data protection
legislation and confidentiality rules in
place and in practice. The list of the
third countries with which Europol has
established an operational agreement is
published on our website.
</span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">In
addition, Europol can receive information
from private parties such as companies,
business associations or non-profit
organisations. As with any transfer of
personal data, this process is subject to
data protection controls. </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Last
but not least, in line with the respective
provisions of the ECD, Europol can also
retrieve and process data, including
personal data, from publicly available
sources, such as media and public data and
commercial intelligence providers, in
accordance with the data protection
framework.</span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
hope that I could clarify some of the
issues you raised.
</span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Kind
regards,
</span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal" style="text-align:justify"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Greg</span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></span><u></u><u></u></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><span><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b></span><span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Ayden Férdeline [<a href="mailto:icann@ferdeline.com" target="_blank">mailto:icann@ferdeline.com</a>]
</span></span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><br>
<span><b>Sent:</b> 08
August 2016 14:11</span><br>
<span><b>To:</b> Mounier,
Grégory</span><br>
<span><b>Cc:</b> Rob
Golding; RDS PDP WG</span><br>
<span><b>Subject:</b> Re:
[gnso-rds-pdp-wg] @EXT: RE: Use cases:
Fundamental, Incidental, and
Theoretical</span></span><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<table style="width:100.0%" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in" valign="top">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in" valign="top">
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif"">Greg,</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif"">I
am disappointed that
Europol seems to be
advocating that personal
information be processed
in a manner inconsistent
with European law.</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif"">I
fully appreciate that,
in order to allow
Europol to collect
sensitive information
from the Member States
in the pursuit of
investigations, your
agency is exempt from
some of the general
provisions on data
processing. You are
permitted to directly
retrieve and process
information obtained
from publicly-available
sources, but the
promotional literature
on the Europol website
suggests Europol agents
searching for
publicly-available
‘terror manuals’ or
criminals claiming
credit for attacks.
There is no indication
that this includes
Europol trawling through
things like WHOIS
records to identify the
administrator of a
website, something far
less sinister. And if
the RDS evolves into
something very different
from what it is today –
perhaps not open to any
and everyone to query,
or federated into a
single data store – my
understanding is that
the routing of
information from a
private party to Europol
would be subject to
European data protection
controls and safeguards.</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif"">The
very specific exemptions
that Europol has
received in order to
carry out its work
simply do not call for
Europol to advocate for
a lower standard of
privacy protection for
European residents in
privately-owned or
publicly-accessible
sources of information.</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif"">There
is no doubt that
effective police work
requires top
intelligence, but
equally as important is
the employment of sound
data protection
safeguards which strike
an appropriate balance
between the interests of
freedom and security.</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif"">Just
my $0.02.</span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif""> </span></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-family:"Calibri","sans-serif"">-
Ayden</span></span><u></u><u></u></p>
</div>
<p class="MsoNormal"><img src="https://app.mixmax.com/api/track/v2/PsCAAXCzeb1f72NwN/i02bj5SZulGblRmclZGQu5WYjlmI/ISdl5SYw9mc1VmLs9GcvJXdlBkcllmb19WbukncvdWZydmI/gI5J3bnl6wydEIsIXZp5Wdv1kI?sc=false" align="left"><u></u><u></u></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<div>
<div>
<p> <u></u><u></u></p>
<div>
<p> <u></u><u></u></p>
<div>
<p class="MsoNormal">On
Thu, Aug 4, 2016 1:59 PM, wrote:<u></u><u></u></p>
<p>Dear Rob, <u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Thanks for sharing the outcome of
your chat with ex-FBI and UK LEA
agents. I feel that I need to step in
to provide a different perspective
than the one you just gave on the law
enforcement use of the WHOIS. It might
be a matter of interpretation but the
views expressed by your interlocutors
are not shared by my colleagues
working throughout European police
cyber divisions.
<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>If European cyber investigators are
obviously all aware of the fact that
WHOIS registration data can sometime
be inaccurate and not up-to-date
(ICANN compliance reported that for
the first quarter of 2015, WHOIS
inaccuracy comprised 74.0 % of
complaints), in 90% of cases they will
start their investigations with a
WHOIS lookup. This is really the first
step.
<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Despite the lack of accuracy, WHOIS
information is useful in so many
different ways. One of the first them
is to make correlations and link
pieces of information obtained through
other means than from the WHOIS. This
was the point I tried to make on
Tuesday during the conference call. <u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Accurate and reliable WHOIS data
helps crime attribution and can save
precious investigation time (you can
rule out wrong investigative leads).
<u></u><u></u></p>
<p>It raises the bar and makes it more
difficult for criminals to abuse
domain names. It pushes them to resort
to more complex techniques such as ID
theft to register domains for
malicious purposes.<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>In short, for LEA WHOIS is certainly
not the silver bullet to attribute
crime on line but it is an essential
tool in the tool box of law
enforcement.<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Best, <u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Greg<u></u><u></u></p>
<p> <u></u><u></u></p>
<p> <u></u><u></u></p>
<p>-----Original Message-----<u></u><u></u></p>
<p>From: <a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.<wbr>org</a>
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-<wbr>bounces@icann.org</a>]
On Behalf Of Rob Golding<u></u><u></u></p>
<p>Sent: 04 August 2016 01:46<u></u><u></u></p>
<p>To: RDS PDP WG<u></u><u></u></p>
<p>Subject: Re: [gnso-rds-pdp-wg] Use
cases: Fundamental, Incidental, and
Theoretical<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>>> Theoretical<u></u><u></u></p>
<p>>> ===========<u></u><u></u></p>
<p>>> We have seen a couple of
proposed use cases that seem to be
ideas <u></u><u></u></p>
<p>>> that people have for useful
or harmful ways that RDS can be used,
but <u></u>
<u></u></p>
<p>>> that do not exist today (at
least not that anyone can fully <u></u><u></u></p>
<p>>> document).<u></u><u></u></p>
<p>>> <u></u><u></u></p>
<p>>> For example, there seems to
be a desire to use the RDS as a way to
<u></u><u></u></p>
<p>>> issue warrants for
information about registrants. While
this may be <u></u><u></u></p>
<p>>> useful, this is not possible
today (even with RDAP, I note).<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>It not only is possible today, it's
also "common" (although thankfully not
frequent)<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Registrars get served warrants for
details about registrants, and the
_only_ information from WHOIS that's
"needed" or used for such cases is the
name of the Registrar.<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>I had the pleasure of meeting Chris
Tarbell, ex-FBI Cyber Crime, at
HostingCon last week - asked about
WHOIS/domain data he said "we dont use
it"<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Last year at the UKNOF event in
Sheffield I spent quite some time
talking with some amazing people from
the UK CyberCrime departments - asked
the same questions, they confirmed
that although whois _might_ be looked
at to see if it matches _data they
already have_ for confirmation, it's
not used or relied on.<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Which beggars the question, should
"LawEnforcement" use cases even be
part of the discussions ?<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>Rob<u></u><u></u></p>
<p>--<u></u><u></u></p>
<p>Rob Golding <a href="mailto:rob.golding@astutium.com" target="_blank">rob.golding@astutium.com</a><u></u><u></u></p>
<p>Astutium Ltd, Number One Poultry,
London. EC2R 8JR<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>* domains * hosting * vps * servers *
cloud * backups *
______________________________<wbr>_________________<u></u><u></u></p>
<p>gnso-rds-pdp-wg mailing list<u></u><u></u></p>
<p><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><u></u><u></u></p>
<p><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><u></u><u></u></p>
<p>*******************<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>DISCLAIMER : This message is sent in
confidence and is only intended for
the named recipient. If you receive
this message by mistake, you may not
use, copy, distribute or forward this
message, or any part of its contents
or rely upon the information contained
in it.<u></u><u></u></p>
<p>Please notify the sender immediately
by e-mail and delete the relevant
e-mails from any computer. This
message does not constitute a
commitment by Europol unless otherwise
indicated.<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>*******************<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>______________________________<wbr>_________________<u></u><u></u></p>
<p>gnso-rds-pdp-wg mailing list<u></u><u></u></p>
<p><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><u></u><u></u></p>
<p><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><u></u><u></u></p>
<p> <u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p>
<div>
<p class="MsoNormal">Ayden
Férdeline<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="https://community.icann.org/display/gnsosoi/Ayden+F%E9rdeline+SOI" target="_blank"><span><span style="font-family:"Calibri","sans-serif";background:white">Statement
of Interest</span></span></a><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal">*******************<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">DISCLAIMER
: This message is sent in confidence and is
only intended for the named recipient. If you
receive this message by mistake, you may not
use, copy, distribute or forward this message,
or any part of its contents or rely upon the
information contained in it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Please
notify the sender immediately by e-mail and
delete the relevant e-mails from any computer.
This message does not constitute a commitment
by Europol unless otherwise indicated.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">*******************
<u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal">*******************<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">DISCLAIMER : This message is
sent in confidence and is only intended for the
named recipient. If you receive this message by
mistake, you may not use, copy, distribute or
forward this message, or any part of its contents
or rely upon the information contained in it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Please notify the sender
immediately by e-mail and delete the relevant
e-mails from any computer. This message does not
constitute a commitment by Europol unless
otherwise indicated.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">*******************<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">______________________________<wbr>_________________<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">gnso-rds-pdp-wg mailing list<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal">*******************<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">DISCLAIMER : This message is sent in
confidence and is only intended for the named recipient.
If you receive this message by mistake, you may not use,
copy, distribute or forward this message, or any part of
its contents or rely upon the information contained in it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Please notify the sender immediately by
e-mail and delete the relevant e-mails from any computer.
This message does not constitute a commitment by Europol
unless otherwise indicated.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">******************* <u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>