<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><font face="Lucida Grande">WHOIS at the moment is
a phone book, and it is a phone book that arguably violates
data protection law. The purpose of this pdp is to determine
what the policy behind the RDS ought to be....not just limp
along with the vestigial WHOIS we inherited from Jon Postel.
<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">The analogy with
health data was to demonstrate that if the management of the
DNS was in the hands of government, they would have public
policy responsibilities, enforced in their parliaments or
legislatures, to take ALL views with due consideration (read
with a grain of salt) and act in compliance with law and with
their respective Constitutions and Charters. That was the
point I was trying to make...we are in a multistakeholder environment
where stakeholders can influence policy to a greater extent,
with no recourse to a higher authority to question the
inclusion of perspectives that may not be agreed by others
(eg. a Parliament). and I am aware that the list of exceptions
for third party access is long. But they are for release or
sharing of data....they are not purposes of collection. In
the cases of many of the government exceptions you list, those
are releases or sharing agreements authorized by law, and
subject to legal protection. They are not, in most cases where
there is a constitution in place that protects fundamental
rights and due process, reasons for broader collection for
those purposes. There are rare exceptions to that general
principle, but by and large they are rare.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Apologies if that
example was not sufficiently clear.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Stephanie</font></font><br>
</p>
<br>
<div class="moz-cite-prefix">On 2017-01-25 07:53, nathalie coupet
wrote:<br>
</div>
<blockquote
cite="mid:3689FB49-73C8-4FDE-8B64-6532FC588FD8@yahoo.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>Regarding the analogy with health data, the list of
exceptions is long, when it comes to the application of data
protection laws. For example, they do not apply in cases where
public health and safety require it;</div>
<div id="AppleMailSignature">For government research and
statistics needs;</div>
<div id="AppleMailSignature">In case of a law enforcement
investigation;</div>
<div id="AppleMailSignature">When the security of the President or
other high ranking officials is at stake;</div>
<div id="AppleMailSignature">When the data can be collected from
other sources (such as the phone book);</div>
<div id="AppleMailSignature">When needed for legislative purposes;</div>
<div id="AppleMailSignature">In case of a court order or other
legal mandate;</div>
<div id="AppleMailSignature">If the person giving the data does so
willingly;</div>
<div id="AppleMailSignature">And data protection doesn't apply to
second or all subsequent sharings. </div>
<div id="AppleMailSignature"><br>
</div>
<div id="AppleMailSignature">The truth is data protection is very
loosely applied and is not meant to prevent law enforcement,
legal processes from going their course. </div>
<div id="AppleMailSignature">By gating all data, or reducing RDS
to just a technician's tool, this would also break the economy
of the Internet. </div>
<div id="AppleMailSignature">WHOIS/RDS is also a phone book and as
such, it protects the end-user by affording her and additional
and important level of security. </div>
<div id="AppleMailSignature">Nowhere is it said that RDS is purely
technical.</div>
<div id="AppleMailSignature">This is reductive view. </div>
<div id="AppleMailSignature"><br>
</div>
<div id="AppleMailSignature">Nathalie</div>
<div id="AppleMailSignature"><br>
Sent from my iPhone</div>
<div><br>
On Jan 25, 2017, at 6:56 AM, Stephanie Perrin <<a
moz-do-not-send="true"
href="mailto:stephanie.perrin@mail.utoronto.ca">stephanie.perrin@mail.utoronto.ca</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<p><font size="+1"><font face="Lucida Grande">Sorry, this
discussion is important. Your example proves my point.
What you show below is a disclosure. It is a disclosure
of a limited set of data. we are not supposed to be
talking about disclosure at this point in our
proceedings. I leave it to the experts on whether this
is "thin" in the sense of the thick transition
discussion, I really don't know because we are focused
on gTLD policy here. My point is this is a disclosure.
We do not "collect" thin data per se, we collect a whole
mess of mandatory data elements, as per the RAA. Then
we generate a whole mess as part of activating and
making real the domain's existence. Then we share
(release) a small subset. <br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">So talking about
collecting thin data is misleading in my view. Purpose
of disclosing it is what we are in fact talking about.
Calling it a purpose for collection opens the barn door.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Stephanie</font></font><br>
</p>
<br>
<div class="moz-cite-prefix">On 2017-01-25 06:46, Sam
Lanfranco wrote:<br>
</div>
<blockquote cite="mid:5888902C.3070606@lanfranco.net"
type="cite"> Thank you Michele, ( ignoring the spell check
driven typo of "think" for "thick" (-: ). We should be able
to put this "thin" discussion behind us.<br>
The "thin" discussion should have taken about 2 email
exchanges. Here is CIRA's (thin) search for .ca domain names
[disclosure: it is my domain name]<br>
<br>
<div>
<div
id="ctl00_MainContent_ctlWhoisInformation_standardWhoIs"
class="standardWhoIs"><font color="#660000"><small>Domain
name: <a moz-do-not-send="true"
href="http://artisanalpot.ca">artisanalpot.ca</a><br>
Domain status: registered<br>
Creation date: 2016/12/14<br>
Expiry date: 2017/12/14<br>
Updated date: 2016/12/19<br>
DNSSEC: Unsigned<br>
Registrar:<br>
Name: Web Hosting Canada (7081936 Canada Inc.)<br>
Number: 5000080<br>
Name servers:<br>
<a moz-do-not-send="true" href="http://ns1.whc.ca">ns1.whc.ca</a>
173.209.49.178<br>
<a moz-do-not-send="true" href="http://ns2.whc.ca">ns2.whc.ca</a>
198.245.53.176<br>
<a moz-do-not-send="true" href="http://ns3.whc.ca">ns3.whc.ca</a>
198.245.61.86<br>
% WHOIS look-up made at 2017-01-25 11:32:24 (GMT)<br>
% Use of CIRA's WHOIS service is governed by the
Terms of Use in its Legal<br>
% Notice, available at <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.cira.ca/legal-notice/?lang=en">http://www.cira.ca/legal-notice/?lang=en</a>
<br>
% (c) 2017 Canadian Internet Registration Authority,
(<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.cira.ca/">http://www.cira.ca/</a>)</small></font><br>
<br>
Nothing private is disclosed and LEA would have to
resort to legal means to get to what is in the "thick"
data set. <br>
There are no ICANN policy issues here.<br>
<br>
Sam L <<a moz-do-not-send="true"
href="http://artisanalpot.ca">artisanalpot.ca</a>>
(-: <br>
</div>
</div>
<br>
</blockquote>
<br>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>gnso-rds-pdp-wg mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a></span><br>
<span><a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span></div>
</blockquote>
</blockquote>
<br>
</body>
</html>