<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><font face="Lucida Grande">I am not quite sure
which arguments Alex is labelling obstructive, but I feel compelled
(at the risk of being called obstructive) to clarify a couple
of things. As a non lawyer, I would add.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">1. Proportionality is
a pretty well known concept in EU law, as is the reasonable
person test I talked about last week, in common law. It does
not mean that by introducing those concepts into the law, we
are punching a hole in the bottom of the bucket. It does not
mean that all a party has to claim is "I need that data" "I
have a business that was founded on harvesting that data" or
"if I don't get that data my auto bots will not be able to
send out letters automatically, I will have to hire people to
do work", and a data commissioner is supposed to fold and say
"why shucks, you need that data you just go right ahead and
take it. Chances are the individuals will never know". Not
saying that doesn't happen, of course, humanity being what it
is....</font></font></p>
<p><font size="+1"><font face="Lucida Grande">2. We are supposed to
be finding out what the right thing to do is. I do not expect
anyone on the IP/BC to stop arguing that they need the data,
(although I do pray for conversions on a biblical scale in my
private moments) and I will not label you or John Horton or
anyone else, I hope, obstructive for continuing to insist on
the same arguments. Happy to have it pointed out if I am
getting shrill, sometimes we all get short tempered. But
repeating the same argument and refusing to fold is not
obstructive. (I believe the BC or the IPC even added similar
language into their comments on the recent draft anti-harassment
policy, for which I congratulate them.)<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">3. As for bread crumb
data. This is a very difficult area. For those of us who are
not prepared to give up on privacy, the fact that you can find
anything about anybody today without their consent, if you
know where to look and what identifiers to use is not okay.
As we move into the IOT (following some of Sam's examples) we
do get closer to that world, and if we dont hurry up it will
be hard to have any privacy about our most intimate affairs.
So privacy advocates (and not just the lone nutter
volunteering on this group who is speaking at the moment) are
determined to set limits on bread crumb data. (see the 2014 paper
by the Art 29, which touches on some of these issues
<a class="moz-txt-link-freetext" href="http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf">http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf</a>).
Those of us who also administered the access to information
acts when those acts were in their infancy, heard a lot of
earnest argument from defence/intelligence/law enforcement
agencies that we could not release seemingly innocuous crumbs
of data lest they contribute to the "mosaic effect", whereby a
dangerous picture of intelligence gathering/law enforcement
techniques etc could be deduced from small elements released,
once combined with others. Obviously this is true. The same
agencies, again quite logically, argued that the same did not
apply to personal data they needed. Personally, I find it
hard to agree with that. Sadly, in the internet world,
individuals are on their own in a largely unregulated
universe. They are the victims of "information asymmetry",
anyone with a life is too busy to be focused on what is happening
to their personal data. We are past the point where someone
can say "caveat emptor, it is up to the individual to read
everything and find out what is happening to their data."
Bread crumb data is therefore much more important now than it
was when the original deal for a wide open WHOIS was hatched.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">4. AS for authentication
to get access to thick data, which you have pointed out
correctly lies ahead of us.....we should not substitute one
completely insecure open data trove with one with a weak authenticator
that only stops bots. You and Scott Hollenbeck and many
others would know better than I what we need, but given we only
tweak this thing every 20 years we had better think ahead and
make it better than an email address. We need to be able to
arrest those who are committing fraud to get access to PI,
what standard of evidence would that take?<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Stephanie Perrin<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande"><br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande"></font></font><br>
</p>
<br>
<div class="moz-cite-prefix">On 2017-02-13 20:23, Deacon, Alex
wrote:<br>
</div>
<blockquote cite="mid:A8D6EA8A-0B2E-4D9C-90BF-47D4EADC1177@mpaa.org"
type="cite">
<pre wrap="">All,
So it seems the debate has progressed from “thin data” to “thick data” (i.e. data that includes email). I know we are all super excited to talk about “thick data” but I don’t think we are there yet (are we? Hopefully I didn’t miss the party…)
Focusing on thin data for the moment I struggle to understand how it is personal data. I do not believe it is. As for the odd logic proposed by some that the property of privacy is transitive (i.e. Because “thin data” can be used to link/point/discover other data then “thin data” equals “personal data”) I just don’t buy it.
I don’t disagree with much of what was expressed in this thread, however we must keep in mind that balance and proportionality are important concepts in many (all?) data privacy laws. Any arguments that imply that no such balance exists (or should exist) is obstructive IMO.
Alex
On 2/13/17, 5:42 AM, <a class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg-bounces@icann.orgonbehalfofmichele@blacknight.com"><gnso-rds-pdp-wg-bounces@icann.org on behalf of michele@blacknight.com></a> wrote:
I agree and I know from how I’ve used various email addresses that they are actively being harvested and spammed.
Also it’s one of the biggest sources of complaints we get from our clients (registrants)
It’s definitely not an “edge case”.
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
<a class="moz-txt-link-freetext" href="https://www.blacknight.com/">https://www.blacknight.com/</a>
<a class="moz-txt-link-freetext" href="http://blacknight.blog/">http://blacknight.blog/</a>
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Social: <a class="moz-txt-link-freetext" href="http://mneylon.social">http://mneylon.social</a>
Some thoughts: <a class="moz-txt-link-freetext" href="http://ceo.hosting/">http://ceo.hosting/</a>
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>