<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><i><font color="#660000">Chuck, Steve, et. al.,</font></i></p>
<p><i><font color="#660000">As I understand it the purpose of this
meeting is to understand their views from their context, and
not to engage them on our views. <br>
</font></i></p>
<i><font color="#660000">Given the long history of both whois and
the data protection authorities, might we first simple ask them:
<br>
(a) What do they see as problematic with the existing whois?
and <br>
(b) What would be their recommendations to be considered as
we develop a new RDS? <br>
<br>
While the remaining list of questions (and questioners) will be
worked out in advance, <br>
I would suggest that the sequence of questions be re-ordered by
Chuck, on the fly, <br>
in response to the content of the opening comments by the data
protection authorities.<br>
<br>
my two cents...<br>
<br>
Sam L.</font></i><br>
<br>
<div class="moz-cite-prefix">On 2/19/2017 6:10 PM, Gomes, Chuck
wrote:<br>
</div>
<blockquote
cite="mid:6DCFB66DEEF3CF4D98FA55BCC43F152E57B55F5F@BRN1WNEXMBX02.vcorp.ad.vrsn.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Steve,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">I
hope you will contribute some good questions for the data
commissioners in Copenhagen so that we as a WG can assess
their input and factor it in as we deliberate.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Chuck<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>
[<a class="moz-txt-link-freetext" href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
<b>On Behalf Of </b>Metalitz, Steven<br>
<b>Sent:</b> Sunday, February 19, 2017 4:41 PM<br>
<b>To:</b> 'theo geurts' <a class="moz-txt-link-rfc2396E" href="mailto:gtheo@xs4all.nl"><gtheo@xs4all.nl></a>;
nathalie coupet <a class="moz-txt-link-rfc2396E" href="mailto:nathaliecoupet@yahoo.com"><nathaliecoupet@yahoo.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>; <a class="moz-txt-link-abbreviated" href="mailto:rrasmussen@infoblox.com">rrasmussen@infoblox.com</a><br>
<b>Subject:</b> [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers
of public whois<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Let
me offer a +3/4 to the chain below. The following are my
personal views.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I
don’ t have any fundamental disagreement with Theo’s take on
this. Yes, if we (or the original designers of the current
RDS) had ready access to time machines, it would certainly
have been designed quite differently. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">But
over 15-20 years, settled expectations have been built up
that contact data for domain name registrants will be
available to the public without significant restrictions.
People in many fields have come to rely on this as an
element that promotes transparency, and thus accountability,
for activities on the Internet. Everyone recognizes that it
is a highly flawed tool for advancing this goal, but
nonetheless it is a tool many people rely on, and many of
them would be very unhappy if an organization like ICANN ---
still unknown to the vast majority of Internet users – were
somehow to take it away for them.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">So
if we are to move to a new system that will deprive people
(entirely or to a great extent) of this tool, then this
needs to be accompanied by some clear explanations of why it
is absolutely necessary to do so, and how what will replace
it will give members of the general public – not just
anti-abuse specialists, law enforcement and yes even
intellectual property interests --- at least some part of
the transparency they have come to associate with the
existing system. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">And
personally, I don’t think that enactment of the GDPR comes
close – by itself – to providing that explanation. The new
regulation does not strike me as a quantum leap beyond the
EU data protection framework that has been in place for more
than 20 years, almost as long as Whois itself. Ever since
at least 2002 in Shanghai and 2003 in Montreal we have been
hearing at ICANN about the impending train wreck when Whois
collides with the data protection authorities. Those who
have been crying wolf on this issue for more than a decade
will have to take that into account in crafting the
narrative that will be needed to explain a change of the
magnitude we are discussing.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E"><img
style="width:1.2916in;height:.425in"
id="Picture_x0020_1"
src="cid:part2.6F5B8C7B.EC909E78@lanfranco.net"
alt="image001" height="41" width="124"><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E">Steven
J. Metalitz
</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">|<b>
</b></span><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E">Partner,
through his professional corporation<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">T:
202.355.7902 |
<a moz-do-not-send="true" href="mailto:met@msk.com"><span
style="color:black">met@msk.com</span></a></span><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E"><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#88162E">Mitchell
Silberberg & Knupp</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"></span><b><span
style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#88162E">LLP</span></b><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#84162E">
</span><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">|</span><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#84162E">
<b><a moz-do-not-send="true" href="http://www.msk.com/"><span
style="color:#84162E">www.msk.com</span></a><o:p></o:p></b></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">1818
N Street NW, 8th Floor, Washington, DC 20036<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><span
style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:gray">THE
INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS
INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF
THE DESIGNATED RECIPIENTS.</span></u></b><b><span
style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:gray">
THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION,
AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE
READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU
ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION,
FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY
PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL
OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL
ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:gray"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif">
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>
[<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
<b>On Behalf Of </b>theo geurts<br>
<b>Sent:</b> Saturday, February 18, 2017 4:24 PM<br>
<b>To:</b> nathalie coupet; <a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>;
<a moz-do-not-send="true"
href="mailto:rrasmussen@infoblox.com">rrasmussen@infoblox.com</a><br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] Dangers of public
whois<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><br>
Hi Rod, Thanks, Nathalie,<br>
<br>
@Rod<br>
That is good info, and I agree this is something we need to
keep in mind <br>
when we get to that stage, but yes as a WG that should compass
us.<br>
<br>
And even though we should not get ahead of ourselves, but
regarding <br>
solutions, having front row seats assisting LEA's and
Intelligence <br>
agencies as a Registrar in several high-profile investigations
like <br>
terrorism, IS, bounty kill lists and a lot more, I am pretty
sure we as <br>
a WG can honor the principle that privacy is a human right as
laid out <br>
by the UN, and yet make sure, we have the technical solutions.
I think <br>
creating the technical solutions is the least of our worries.
Engineers <br>
can code a solution for everything; we just need lawyers and
privacy <br>
guidelines to help us out. So perhaps we cannot show you X as
it is <br>
personal data we can show you A and how A is involved in tons
of <br>
criminal activities and map out an entire botnet...<br>
<br>
<br>
Have a good weekend or what is left of it.<br>
<br>
Theo<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On 18-2-2017 21:44, nathalie coupet via gnso-rds-pdp-wg wrote:<br>
> I was holding my breath to see what the reaction would
be. +2 to Theo!<br>
><br>
> Sent from my iPhone<br>
><br>
>> On Feb 18, 2017, at 2:10 PM, Rod Rasmussen <<a
moz-do-not-send="true" href="mailto:rrasmussen@infoblox.com">rrasmussen@infoblox.com</a>>
wrote:<br>
>><br>
>> I cannot PLUS ONE this comment enough - thank you
Theo!<br>
>><br>
>> One thing that I would like to point out that we
covered in the EWG and I think is one of many keys to solving
many of the issues exposed here but is missing from this
current debate is the concept that we do not have to come up
with a “one size fits all” solution. For example, there are
different requirements under privacy law for business entities
vs. private individuals, there are different amounts of
information people and businesses may want to provide to
various parties both publicly and privately, and those of us
who deal with abuse and domain reputation can make different
decisions on actions (blocking, take-down, LE involvement,
etc.) based on what is occurring and what is published in an
RDS. Everyone in the ecosystem already does this with the
current whois system, but inconsistently, with varying degrees
of knowledge, and without formal “rules of the road”. I think
it would be helpful for everyone, no matter what your primary
issues are to keep this in mind, as it allows you to better
conceive solutions to the myriad issues we have to address.
Make the system flexible to accommodate different kinds of use
cases and desires for “transparency” around domain ownership,
contactabilty, and accountability.<br>
>><br>
>> Cheers,<br>
>><br>
>> Rod<br>
>><br>
>><br>
>> Rod Rasmussen<br>
>> VP, Cybersecurity<br>
>> Infoblox<br>
>><br>
>>> On Feb 17, 2017, at 1:09 PM, theo geurts <<a
moz-do-not-send="true" href="mailto:gtheo@xs4all.nl">gtheo@xs4all.nl</a>>
wrote:<br>
>>><br>
>>> Mark,<br>
>>><br>
>>> Thank you for your comment. I think you are
nailing the problem here; this is very good IMO.<br>
>>><br>
>>> "and the need to mitigate them does not eliminate
the need to have public data."<br>
>>><br>
>>> This is the issue here. That data should have
never been public if we look at the EU GDPR and many other
data privacy laws around the globe, and this is what causes
Registries and Registrars having massive problems regarding
complying with the law.<br>
>>><br>
>>> So we with the RDS we are starting from scratch.
So and I think this is KEY here, how do we ensure privacy and
yet make sure we can still effectively combat abuse.<br>
>>><br>
>>> Speaking personally, I think privacy is very
important, and I do not like the fact my personal data is
being processed all over the place by shady folks.<br>
>>> As a Registrar, I find it very important that we
should not go backward in fighting abuse. For the simple
reason, abuse costs us money, and we should never be in a
situation that it becomes harder to battle child porn, or
taking down terrorists, or sinkhole botnets.<br>
>>><br>
>>> So what we cannot do is ignore all these privacy
laws. That would be insane as we would be piling up in tons of
fines here.<br>
>>> We do not want to reduce effectiveness regarding
abuse because that is costing money also. And to be clear
here, the registrants will be soaking it all up one way or
another.<br>
>>><br>
>>> So my take on this is, we make sure that we move
on and address BOTH issues and this is our task as a WG. Our
task is to solve these problems as we start from scratch with
RDS. We learned our lessons from the current WHOIS, now we
need to make sure that we can avoid all these pitfalls within
RDS.<br>
>>><br>
>>> Thank you for making it this far.<br>
>>><br>
>>> Have a good weekend,<br>
>>><br>
>>> Theo<br>
>>> Registrar<br>
>>><br>
>>><br>
>> _______________________________________________<br>
>> gnso-rds-pdp-wg mailing list<br>
>> <a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
>> <a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
> _______________________________________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
> <a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
<br>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
------------------------------------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
------------------------------------------------
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: <a class="moz-txt-link-abbreviated" href="mailto:Lanfran@Yorku.ca">Lanfran@Yorku.ca</a> Skype: slanfranco
blog: <a class="moz-txt-link-freetext" href="https://samlanfranco.blogspot.com">https://samlanfranco.blogspot.com</a>
Phone: +1 613-476-0429 cell: +1 416-816-2852</pre>
</body>
</html>