<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<p>Hi Greg,<br>
</p>
<p>We are trekking ahead of the pack again, but as this is now a
topic:<br>
</p>
<p>Our basic premise, in my humble opinion, should be the exact
opposite of your proposal:</p>
<p>a) NO data is collected;</p>
<p>b) NO ONE has access to any of the collected data; <br>
</p>
<p>c) collected data may not be requested/used for any purpose.</p>
<p>From that basic level (which admittely is so extreme it cannot be
our final result) we need to figure out the exceptions to these
rules while trying to poke holes into the exceptions to prevent as
much abuse as we can think of and then establish mechanisms of
review of these exceptions at regular intervals to see if abuse
has occurred or additional exceptions may become necessary. This
is why we are designing use cases now and that is where your
questions would come in. <br>
</p>
<p>Anything less will be a system doomed to be abused without limit.
<br>
</p>
<p>And this would not even enter into the problem of how/where to
store the data, how to design access methods and authorization
verifications, etc. <br>
</p>
<p>To your examples: To drive and/or fly, you need a license and it
is regulated how to get one and who may apply for one.<br>
</p>
<br>
<div class="moz-cite-prefix">Am 22.08.2016 um 18:43 schrieb Greg
Aaron:<br>
</div>
<blockquote
cite="mid:MWHPR13MB1406845487640E5BBED5F98ED9E80@MWHPR13MB1406.namprd13.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Comic Sans MS";
        panose-1:3 15 7 2 3 3 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:186412043;
        mso-list-type:hybrid;
        mso-list-template-ids:580966354 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">No
traditional risk analysis starts with the assumption that
the worst-case scenario will determines what will be
done. (Otherwise none of us should drive because of the
risk of accidents, and none of us should fly, because
terrorists.)
<o:p></o:p></span></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Risk
analysis tends to follow this outline:<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span
style="mso-bookmark:_MailEndCompose"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><span
style="mso-list:Ignore">1.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">What
can happen? (i.e., what can go wrong?)<o:p></o:p></span></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span
style="mso-bookmark:_MailEndCompose"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><span
style="mso-list:Ignore">2.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">How
likely is it that it will happen?<o:p></o:p></span></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span
style="mso-bookmark:_MailEndCompose"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><span
style="mso-list:Ignore">3.<span style="font:7.0pt
"Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">If
it does happen, what are the consequences?<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">And
then choices are made, balancing the various variables. As
we have been discussing, there are various opinions and
concerns among the participants and stakeholders. At
some point those need to be laid out and quantified where
possible, so that fact-based decision-making and balancing
can be done.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">See
also SAC061 Recommendation 2: “The ICANN Board should
ensure that a formal security risk assessment of the
registration data policy be conducted as an input into the
Policy Development Process.” That would happen down the
line, when things have progressed further and policy
options have are coalesced.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">All
best,<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">--Greg<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>
[<a class="moz-txt-link-freetext" href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
<b>On Behalf Of </b>Carlton Samuels<br>
<b>Sent:</b> Monday, August 22, 2016 12:02 PM<br>
<b>To:</b> Volker Greimann <a class="moz-txt-link-rfc2396E" href="mailto:vgreimann@key-systems.net"><vgreimann@key-systems.net></a><br>
<b>Cc:</b> RDS WG <a class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg@icann.org"><gnso-rds-pdp-wg@icann.org></a><br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] @EXT: RE: Use cases:
Fundamental, Incidental, and Theoretical<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Mon, Aug 22, 2016 at 2:19 AM,
Volker Greimann <<a moz-do-not-send="true"
href="mailto:vgreimann@key-systems.net"
target="_blank">vgreimann@key-systems.net</a>>
wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal">Simply put: Anything that can be
abused, will be abuse. We therefore need to model our
approach on the worst possible actors, not the best.
<o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Comic
Sans MS"">+1<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic
Sans MS""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic
Sans MS"">I cannot see how any other model makes
sense in this context.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic
Sans MS""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic
Sans MS"">-Carlton</span><span
style="font-family:"Comic Sans MS""><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><br>
==============================<br>
<i><span style="font-family:"Comic Sans
MS"">Carlton A Samuels</span></i><br>
<i><span style="font-family:"Comic Sans
MS"">Mobile: 876-818-1799<br>
<span style="color:#33CC00">Strategy,
Planning, Governance, Assessment &
Turnaround</span></span></i><br>
=============================<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</body>
</html>