<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:12.8px">Registrars are not charging their customers extra for use of their privacy rights, they are charging extra for a value added service:<br></span><span style="font-size:12.8px">- provision of alternate address data<br></span><span style="font-size:12.8px">- assumption of legal risks involved in being listed as registered name holder for a third party domain<br></span><span style="font-size:12.8px">- forwarding of email<br></span><span style="font-size:12.8px">- staffing of abuse team to handle and review any incoming communications<br></span><span style="font-size:12.8px">- compliance with all requirements of whois privacy spec of the RAA.</span></blockquote><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Several registrars already offer free whois privacy. They made it work, so you should keep up!</span></div><div><span style="font-size:12.8px"><br></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:12.8px">Maybe dumb bad actors. Savvy bad actors just populate whois with data of unknowing third parties, thereby rendering any verification and validation instruments useless and inconveniencing the affected data subjects as well.</span><span style="font-size:12.8px"> </span></blockquote><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I'm glad you know so much about how bad actors abuse whois. But from my own limited experiences- I don't see that many input validation mechanisms on bad domains because there are a lot of "555-5555" phone numbers out there and other arbitrary strings.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:12.8px">Some points/thoughts :<br></span><span style="font-size:12.8px">Cost of providing the service (this includes cost of the office, personnel to run it - unless you are going to offer this free "John B" to all ICANN registrars ?)<br></span><span style="font-size:12.8px">The underlying data may not even be allowed to be provided to the whois privacy service, unless it is in the local jurisdiction of the registrant.<br></span><span style="font-size:12.8px">Harvesting and storage of whois data to be re-wrapped and sold is illegal and many registrars state this on the terms and conditions.<br></span><span style="font-size:12.8px">Gated access has to be properly defined for each gate/right of access, an example, a registrar would normally only need access to external whois for the purpose of transferring a domain name - they have no other reason to need access to this data. (registration, is totally different as it doesnt need access to the "whois") As above, storage of whois data is illegal unless it was for a lawful purpose and the only one I can think of is transfers. ICANN require registrars to keep this info for upto 2 or 7 years (cant remember which). This will step on some registrars toes as well as John H's toes whi have a business model around the supply of whois data for commercial gain (namely charging for it).<br></span><span style="font-size:12.8px">I am sorry to say that none of what the WG will do or complete will stop bad actors, they are smart, they are not dumb (well some of them are:) )</span></blockquote></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">so who decided that these normal uses of whois are suddenly illegal? I hereby declare my allegiance to the dark side. Down with the government.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 23, 2017 at 8:16 AM, Chris Pelling <span dir="ltr"><<a href="mailto:chris@netearth.net" target="_blank">chris@netearth.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:Arial;font-size:12pt;color:#000000"><div>Typo <span style="color:#000000;font-family:arial;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none">materialistic should have been minimalistic </span></div><div><br></div><div>Kind regards,<br><br>Chris</div><br><hr id="m_-6109239658782977786zwchr"><div><b>From: </b>"Chris Pelling" <<a href="mailto:chris@netearth.net" target="_blank">chris@netearth.net</a>><br><b>To: </b>"gnso-rds-pdp-wg" <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>><br><b>Sent: </b>Thursday, 23 March, 2017 12:06:01<div><div class="h5"><br><b>Subject: </b>Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"<br></div></div></div><div><div class="h5"><br><div><div style="font-family:Arial;font-size:12pt;color:#000000"><div>Hi all,</div><br><div>I hope everyone got home safe that attended ICANN58 :)</div><br><div>Having just sat through and played catch up on this thread, a few things stand out to me.</div><br><div>On one side you have a stakeholder person (maybe group) advocating they will pushing for "free whois protection" provided by registrar which simply won't happen - for a number of reasons (see below), whereas the fundamental issue is what will be collected and who will be able to see it. Maybe this could be worked on from a materialistic point of view, really what does WHOIS/RDS need to show as its most basic data, I remember a discussion some months ago where Michele mentioned about simply domain name, dates of registration, expiry and DNS servers. (registrar name and abuse contact details are a given to be shown) </div><br><div>The storage of such data depending on "whom" the registrant and/or other contacts are located, and where it is being seen from (different jurisdiction for example) will come out further down the line in our deliberations. </div><br><div>Some points/thoughts :</div><ul><li>Cost of providing the service (this includes cost of the office, personnel to run it - unless you are going to offer this free "John B" to all ICANN registrars ?)</li><li>The underlying data may not even be allowed to be provided to the whois privacy service, unless it is in the local jurisdiction of the registrant.</li><li>Harvesting and storage of whois data to be re-wrapped and sold is illegal and many registrars state this on the terms and conditions.</li><li>Gated access has to be properly defined for each gate/right of access, an example, a registrar would normally only need access to external whois for the purpose of transferring a domain name - they have no other reason to need access to this data. (registration, is totally different as it doesnt need access to the "whois") As above, storage of whois data is illegal unless it was for a lawful purpose and the only one I can think of is transfers. ICANN require registrars to keep this info for upto 2 or 7 years (cant remember which). This will step on some registrars toes as well as John H's toes whi have a business model around the supply of whois data for commercial gain (namely charging for it).</li><li>I am sorry to say that none of what the WG will do or complete will stop bad actors, they are smart, they are not dumb (well some of them are:) )</li></ul><div>As for John H and clowns, I would gladly offer my services to help you get over that :) My issue/phobia is the dark, sadly for me that is a reality I won't be able to overcome. </div><br><div>Kind regards,<br><br>Chris</div><br><hr id="m_-6109239658782977786zwchr"><div><b>From: </b>"John Horton" <<a href="mailto:john.horton@legitscript.com" target="_blank">john.horton@legitscript.com</a>><br><b>To: </b>"nathalie coupet" <<a href="mailto:nathaliecoupet@yahoo.com" target="_blank">nathaliecoupet@yahoo.com</a>><br><b>Cc: </b>"gnso-rds-pdp-wg" <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>><br><b>Sent: </b>Wednesday, 22 March, 2017 16:33:22<br><b>Subject: </b>Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"<br></div><br><div><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">Thanks, Nathalie. I'm sure many share your frustration!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">I think that's a constructive question, and I'll jump in. My biggest fear is that in the monitoring that companies like mine do for banks, payment providers, e-commerce companies, etc. that helps determine whether a merchant is who they say they are, and whether they are engaged in other bad activity (i.e., laundering money) will be unable to obtain access to the Whois records we need in order to preserve the integrity of the payments system, protect payment providers from risk, and derivatively protect consumers. In other words, my fear is that we'll lose access to Whois records, which we need for that purpose. </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">Actually, to be honest, that's not true -- my biggest fear (to answer your question directly) is of clowns, and every time I travel, I ask the hotel to please check for clowns in my closet before I enter the room. But I assume you didn't really want to know my biggest fear -- you just want to know my biggest fear in relation to Whois policy, correct? Two different things, but yeah -- if a clown jumped out of my hotel closet, that would probably be the realization of my biggest fear. That's probably nothing that this working group can do much about, though. </div></div><div class="gmail_extra"><br clear="all"><div><div class="m_-6109239658782977786gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="color:#073763;font-family:arial,helvetica,sans-serif">John Horton<br>President and CEO, LegitScript</span><div><img width="96" height="36"><br><div><div><p style="margin:0.0px 0.0px 0.0px 0.0px;font:12.0px Helvetica"><br></p><p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><span style="color:#444444">Follow</span><span style="color:#0b5394"> </span><span style="color:#000000">Legit</span><span style="color:#0b5394">Script</span></b>: <a href="http://www.linkedin.com/company/legitscript-com" style="font-weight:normal" target="_blank"><span style="color:#cc0000">LinkedIn</span></a> | <a href="https://www.facebook.com/LegitScript" style="font-weight:normal" target="_blank"><span style="color:#6aa84f">Facebook</span></a> | <a href="https://twitter.com/legitscript" style="font-weight:normal" target="_blank"><span style="color:#674ea7">Twitter</span></a> | <span style="color:#ff9900"><span style="text-decoration:underline"><a href="http://blog.legitscript.com" target="_blank">Blog</a></span></span> |<span style="color:#ff9900"> <span style="font-weight:normal"><a href="https://plus.google.com/112436813474708014933/posts" target="_blank">Google+</a></span></span></p><p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span style="color:#ff9900"><br></span></p><p style="text-align:left;margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span style="color:#ff9900"><img width="46" height="96"><img width="47" height="96"><br></span></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Mar 22, 2017 at 9:24 AM, nathalie coupet via gnso-rds-pdp-wg <span dir="ltr"><<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">+1 I must say I'm a bit disillusioned by the entire process. This PDP should look like a negotiating table, instead it is more like a War of Trenches.<br>
If stakeholders are not motivated to negotiate, there is no sense of urgency and stakes for change are so low, then I wonder what we are doing here in the first place.<br>
Could every stakeholder state what their biggest fear is, and we could try to avoid their realization?<br>
Or maybe, in last resort, we should just vote for the best proposal and go home?<br>
<br>
Nathalie<br>
<br>
<br>
Sent from my iPhone<br>
<div class="m_-6109239658782977786HOEnZb"><div class="m_-6109239658782977786h5"><br>
> On Mar 22, 2017, at 12:06 PM, Andrew Sullivan <<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>> wrote:<br>
><br>
>> On Wed, Mar 22, 2017 at 10:19:56AM -0500, John Bambenek wrote:<br>
>> Yes there is a difference which is why I am using both words. And that's why I am suggesting we talking about optional and maskable fields right up front as part of the requirements discussion not some ancillary discussion that happens later after all the decisions are already made.<br>
>><br>
><br>
> I thought the WG had already decided on a different (multi-pass)<br>
> strategy, in which data collection itself was treated first with the<br>
> principle that, if there were some (legitmate, hand-wave hand-wave)<br>
> purpose then collection would be considered. Later, the further<br>
> question of access to such collected items would be taken up.<br>
><br>
> I don't really care which way we do this, but it seems to me that we<br>
> need to stop arguing about the way by which we'll reach a result and<br>
> start actually doing work in the direction of some result. The<br>
> meta-discussions about process are wearing out contributors (well, at<br>
> least one contributor!) and creating the condition in which those who<br>
> want no changes at all will get their way by exhaustion. If ICANN is<br>
> incapable of coming to terms with the deficiencies of whois (the<br>
> protocol) after all this time, it will be revealed to be ridiculous.<br>
><br>
> Best regards,<br>
><br>
> A<br>
><br>
> --<br>
> Andrew Sullivan<br>
> <a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a><br>
> ______________________________<wbr>_________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</div></div></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></div></div><br>______________________________<wbr>_________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></div></div></div></div></div><br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>