<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Steve,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">I hope you will contribute some good questions for the data commissioners in Copenhagen so that we as a WG can assess their input and factor it in as we deliberate.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Chuck<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org]
<b>On Behalf Of </b>Metalitz, Steven<br>
<b>Sent:</b> Sunday, February 19, 2017 4:41 PM<br>
<b>To:</b> 'theo geurts' <gtheo@xs4all.nl>; nathalie coupet <nathaliecoupet@yahoo.com>; gnso-rds-pdp-wg@icann.org; rrasmussen@infoblox.com<br>
<b>Subject:</b> [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Let me offer a +3/4 to the chain below. The following are my personal views.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I don’ t have any fundamental disagreement with Theo’s take on this. Yes, if we (or the original designers of the current RDS) had ready access to time machines,
it would certainly have been designed quite differently. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">But over 15-20 years, settled expectations have been built up that contact data for domain name registrants will be available to the public without significant
restrictions. People in many fields have come to rely on this as an element that promotes transparency, and thus accountability, for activities on the Internet. Everyone recognizes that it is a highly flawed tool for advancing this goal, but nonetheless
it is a tool many people rely on, and many of them would be very unhappy if an organization like ICANN --- still unknown to the vast majority of Internet users – were somehow to take it away for them.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">So if we are to move to a new system that will deprive people (entirely or to a great extent) of this tool, then this needs to be accompanied by some clear explanations
of why it is absolutely necessary to do so, and how what will replace it will give members of the general public – not just anti-abuse specialists, law enforcement and yes even intellectual property interests --- at least some part of the transparency they
have come to associate with the existing system. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">And personally, I don’t think that enactment of the GDPR comes close – by itself – to providing that explanation. The new regulation does not strike me as a
quantum leap beyond the EU data protection framework that has been in place for more than 20 years, almost as long as Whois itself. Ever since at least 2002 in Shanghai and 2003 in Montreal we have been hearing at ICANN about the impending train wreck when
Whois collides with the data protection authorities. Those who have been crying wolf on this issue for more than a decade will have to take that into account in crafting the narrative that will be needed to explain a change of the magnitude we are discussing.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E"><img width="124" height="41" style="width:1.2916in;height:.425in" id="Picture_x0020_1" src="cid:image002.png@01D28ADB.6C46B5D0" alt="image001"><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E">Steven J. Metalitz
</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">|<b>
</b></span><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E">Partner, through his professional corporation<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">T: 202.355.7902 |
<a href="mailto:met@msk.com"><span style="color:black">met@msk.com</span></a></span><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#88162E"><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#88162E">Mitchell Silberberg & Knupp</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
</span><b><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#88162E">LLP</span></b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#84162E">
</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">|</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#84162E">
<b><a href="http://www.msk.com/"><span style="color:#84162E">www.msk.com</span></a><o:p></o:p></b></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">1818 N Street NW, 8th Floor, Washington, DC 20036<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><u><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:gray">THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS.</span></u></b><b><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:gray">
THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE
IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:gray"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">
<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a> [<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>]
<b>On Behalf Of </b>theo geurts<br>
<b>Sent:</b> Saturday, February 18, 2017 4:24 PM<br>
<b>To:</b> nathalie coupet; <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>;
<a href="mailto:rrasmussen@infoblox.com">rrasmussen@infoblox.com</a><br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] Dangers of public whois<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><br>
Hi Rod, Thanks, Nathalie,<br>
<br>
@Rod<br>
That is good info, and I agree this is something we need to keep in mind <br>
when we get to that stage, but yes as a WG that should compass us.<br>
<br>
And even though we should not get ahead of ourselves, but regarding <br>
solutions, having front row seats assisting LEA's and Intelligence <br>
agencies as a Registrar in several high-profile investigations like <br>
terrorism, IS, bounty kill lists and a lot more, I am pretty sure we as <br>
a WG can honor the principle that privacy is a human right as laid out <br>
by the UN, and yet make sure, we have the technical solutions. I think <br>
creating the technical solutions is the least of our worries. Engineers <br>
can code a solution for everything; we just need lawyers and privacy <br>
guidelines to help us out. So perhaps we cannot show you X as it is <br>
personal data we can show you A and how A is involved in tons of <br>
criminal activities and map out an entire botnet...<br>
<br>
<br>
Have a good weekend or what is left of it.<br>
<br>
Theo<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On 18-2-2017 21:44, nathalie coupet via gnso-rds-pdp-wg wrote:<br>
> I was holding my breath to see what the reaction would be. +2 to Theo!<br>
><br>
> Sent from my iPhone<br>
><br>
>> On Feb 18, 2017, at 2:10 PM, Rod Rasmussen <<a href="mailto:rrasmussen@infoblox.com">rrasmussen@infoblox.com</a>> wrote:<br>
>><br>
>> I cannot PLUS ONE this comment enough - thank you Theo!<br>
>><br>
>> One thing that I would like to point out that we covered in the EWG and I think is one of many keys to solving many of the issues exposed here but is missing from this current debate is the concept that we do not have to come up with a “one size fits all”
solution. For example, there are different requirements under privacy law for business entities vs. private individuals, there are different amounts of information people and businesses may want to provide to various parties both publicly and privately, and
those of us who deal with abuse and domain reputation can make different decisions on actions (blocking, take-down, LE involvement, etc.) based on what is occurring and what is published in an RDS. Everyone in the ecosystem already does this with the current
whois system, but inconsistently, with varying degrees of knowledge, and without formal “rules of the road”. I think it would be helpful for everyone, no matter what your primary issues are to keep this in mind, as it allows you to better conceive solutions
to the myriad issues we have to address. Make the system flexible to accommodate different kinds of use cases and desires for “transparency” around domain ownership, contactabilty, and accountability.<br>
>><br>
>> Cheers,<br>
>><br>
>> Rod<br>
>><br>
>><br>
>> Rod Rasmussen<br>
>> VP, Cybersecurity<br>
>> Infoblox<br>
>><br>
>>> On Feb 17, 2017, at 1:09 PM, theo geurts <<a href="mailto:gtheo@xs4all.nl">gtheo@xs4all.nl</a>> wrote:<br>
>>><br>
>>> Mark,<br>
>>><br>
>>> Thank you for your comment. I think you are nailing the problem here; this is very good IMO.<br>
>>><br>
>>> "and the need to mitigate them does not eliminate the need to have public data."<br>
>>><br>
>>> This is the issue here. That data should have never been public if we look at the EU GDPR and many other data privacy laws around the globe, and this is what causes Registries and Registrars having massive problems regarding complying with the law.<br>
>>><br>
>>> So we with the RDS we are starting from scratch. So and I think this is KEY here, how do we ensure privacy and yet make sure we can still effectively combat abuse.<br>
>>><br>
>>> Speaking personally, I think privacy is very important, and I do not like the fact my personal data is being processed all over the place by shady folks.<br>
>>> As a Registrar, I find it very important that we should not go backward in fighting abuse. For the simple reason, abuse costs us money, and we should never be in a situation that it becomes harder to battle child porn, or taking down terrorists, or sinkhole
botnets.<br>
>>><br>
>>> So what we cannot do is ignore all these privacy laws. That would be insane as we would be piling up in tons of fines here.<br>
>>> We do not want to reduce effectiveness regarding abuse because that is costing money also. And to be clear here, the registrants will be soaking it all up one way or another.<br>
>>><br>
>>> So my take on this is, we make sure that we move on and address BOTH issues and this is our task as a WG. Our task is to solve these problems as we start from scratch with RDS. We learned our lessons from the current WHOIS, now we need to make sure that
we can avoid all these pitfalls within RDS.<br>
>>><br>
>>> Thank you for making it this far.<br>
>>><br>
>>> Have a good weekend,<br>
>>><br>
>>> Theo<br>
>>> Registrar<br>
>>><br>
>>><br>
>> _______________________________________________<br>
>> gnso-rds-pdp-wg mailing list<br>
>> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
>> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
> _______________________________________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
<br>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></p>
</div>
</body>
</html>