<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Dialing back the level of snark just a little, I agree with the
concern that motivated Nathalie's proposal and am normally strongly
on the side of privacy, but would oppose any measure that would
impede unauthenticated Internet users from accessing thin data.<br>
<br>
<div class="moz-cite-prefix">On 30/5/17 4:24 pm, John Bambenek via
gnso-rds-pdp-wg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:329bf6ce-7236-b76f-6a20-0cbb799cfcc5@bambenekconsulting.com">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>I mean if we're gonna go there, let's just hit the gas. IP
addresses are PII too
(<a class="moz-txt-link-freetext"
href="http://moritzlaw.osu.edu/students/groups/is/files/2012/02/Lah_Formatted_Final.pdf"
moz-do-not-send="true">http://moritzlaw.osu.edu/students/groups/is/files/2012/02/Lah_Formatted_Final.pdf</a>)
which means DNS and RDS should be cognizant of that. I see the
only solution to this using the logic of some in this group is
the immediate deprecation of DNS and closing down the root
servers. Privacy would be dramatically increased in such a
scenario.<br>
</p>
<br>
<div class="moz-cite-prefix">On 05/30/2017 05:27 PM, allison nixon
wrote:<br>
</div>
<blockquote
cite="mid:CACLR7wJ-mkTH8UA-X4n0UC2hQsQH=kRw1=yWZiw+KqV4xhRG_A@mail.gmail.com"
type="cite">
<div dir="ltr">This leads me to my next question. Should members
of the public be allowed to resolve DNS records at all without
authentication and without prior authorization?
<div><br>
</div>
<div><br>
</div>
<div>>>Data that is gleaned from a file related to an
individual, ie in this case their registration data, even if
it is nameservers and the like, is their personal data</div>
<div><br>
</div>
<div>Very good point. I applaud registrars who want to take a
stand for privacy and stop sharing all nameserver data. It
should remain completely private, so members of the public
can stop resolving their domains.*</div>
<div><br>
</div>
<div>*This compliment only applies to registrars in Spamhaus's
list of top abused registrars. For the rest of you, if you
want to do that you are essentially shutting down your
entire business. If that is really what you
want.............</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, May 30, 2017 at 6:19 PM,
Chris Pelling <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:chris@netearth.net" target="_blank">chris@netearth.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div
style="font-family:Arial;font-size:12pt;color:#000000">
<div>Rob,</div>
<div><br>
</div>
<div>As I said, it was a way of abuse. Not all DNS
providers (or registrars for that matter) point out
that the persons email address could be placed into
the DNS zone file. Nor mentioning that it could be
changed for that matter.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Kind regards,<br>
<br>
Chris</div>
<div><br>
</div>
<hr id="m_4380666777333680889zwchr">
<div><b>From: </b>"Rod Rasmussen" <<a
moz-do-not-send="true"
href="mailto:rod@rodrasmussen.com" target="_blank">rod@rodrasmussen.com</a>><br>
<b>To: </b>"Chris Pelling" <<a
moz-do-not-send="true"
href="mailto:chris@netearth.net" target="_blank">chris@netearth.net</a>><br>
<b>Cc: </b>"allison nixon" <<a
moz-do-not-send="true"
href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>>,
"gnso-rds-pdp-wg" <<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>><br>
<b>Sent: </b>Tuesday, 30 May, 2017 23:07:43
<div>
<div class="h5"><br>
<b>Subject: </b>Re: [gnso-rds-pdp-wg] Principle
on Proportionality for "Thin Data"access<br>
</div>
</div>
</div>
<div>
<div class="h5">
<div><br>
</div>
<div>Sorry, that’s not likely a valid example.
That information is made public by publishing it
in the DNS in the first place, by the direct
decision of the publisher (DNS operator). If
the nameserver records aren’t in the DNS, the
domain doesn’t work and if the nameserver
records aren’t in the DNS, you can’t get the SOA
record. All I need is the domain name to start
with, dig the nameservers for the domain, and
then dig the SOA. Importantly, I DO NOT NEED
“whois” or anything else similar to get to these
data records, so these are all public data
points that anyone can anonymously access at any
scale for all operational domains on the
Internet. Publishing the same data (nameserver
related to domain) in a different database
(whois, RDS, whatever) doesn’t make it more
public - it’s been put out there already.
<div><br>
</div>
<div>For those of you not familiar with the
intricacies of how DNS SOA (Start of
Authority) records work, the third entry on
each line in the examples below is actually an
e-mail address, where the first dot should be
replaced by an “@“ symbol. So for the first
one, the e-mail address for the entity
claiming authority over the <a
moz-do-not-send="true"
href="http://gmail.com" target="_blank">gmail.com</a>
zone is <a moz-do-not-send="true"
href="mailto:dns-admin@google.com"
target="_blank">dns-admin@google.com</a>.
As Chris mentioned, these are going to largely
be technical contacts, but not always.
However, that’s the purpose for the field -
technical authority over the zone, so putting
your “personal” information into that field
would mean you want to publicly publish your
e-mail address in the DNS so anyone can reach
it. I don’t think we’re trying to tell people
to *not* do things like that in this WP.
Regardless, you have to supply a validly
formatted SOA record for DNS to work,
including an entry that is plausible as an
e-mail address for that field. That doesn’t
require the e-mail address to be answered,
monitored, or even deliverable, so you could
put <a moz-do-not-send="true"
href="http://test.test.com" target="_blank">test.test.com</a>
(<a moz-do-not-send="true"
href="mailto:test@test.com" target="_blank">test@test.com</a>)
in there if you don’t want things to be sent
to you. If I remember right, some ccTLD’s
would require that you actually answer a query
to the SOA e-mail “back in the day” to
delegate your domain - not sure if any do
anymore. For far more arcane trivia around
SOA records etc. see the wikipedia entry (<a
moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/SOA_Resource_Record"
target="_blank">https://en.wikipedia.org/<wbr>wiki/SOA_Resource_Record</a>)
or this handy tutorial (<a
moz-do-not-send="true"
href="https://bobcares.com/blog/understanding-soa-records/"
target="_blank">https://bobcares.com/blog/<wbr>understanding-soa-records/</a>).
It goes all the way back to the original DNS
spec in RFC 1035.
<div><br>
</div>
<div>Cheers,</div>
<div><br>
</div>
<div>Rod<br>
<div><br>
</div>
<div><br>
<div>
<blockquote>
<div>On May 30, 2017, at 2:22 PM,
Chris Pelling <<a
moz-do-not-send="true"
href="mailto:chris@netearth.net"
target="_blank">chris@netearth.net</a>>
wrote:</div>
<br
class="m_4380666777333680889Apple-interchange-newline">
<div>
<div>
<div
style="font-family:Arial;font-size:12pt">
<div>ok - a thought :<br>
</div>
<div><br>
</div>
<div>Thin data includes
nameservers, being able to <strong><span
style="text-decoration:underline">mass</span></strong> collect thin data
gaining NS information then
allows you to do a DIG of a
SOA record on the DNS service
to gain the email address of
the hostmaster : <br>
</div>
<div><br>
</div>
<div>Some examples (radomly
picked from the list) :<br>
</div>
<div><a moz-do-not-send="true"
href="http://gmail.com"
target="_blank">gmail.com</a>
:<br>
</div>
<div>SOA <a
moz-do-not-send="true"
href="http://ns1.google.com"
target="_blank">ns1.google.com</a>.
<a moz-do-not-send="true"
href="http://dns-admin.google.com"
target="_blank">dns-admin.google.com</a>.
157458041 900 900 1800 60<br>
<a moz-do-not-send="true"
href="http://netearthone.com"
target="_blank">netearthone.com</a><br>
</div>
<div>SOA <a
moz-do-not-send="true"
href="http://ns1.netearth.net"
target="_blank">ns1.netearth.net</a>.
<a moz-do-not-send="true"
href="http://root.netearthone.com"
target="_blank">root.netearthone.com</a>.
<a moz-do-not-send="true"
href="tel:%28201%29%20609-0201"
value="+12016090201"
target="_blank">2016090201</a>
14400 3600 1209600 86400<br>
</div>
<div><a moz-do-not-send="true"
href="http://law.es"
target="_blank">law.es</a><br>
</div>
<div>SOA <a
moz-do-not-send="true"
href="http://ns1.eurodns.com"
target="_blank">ns1.eurodns.com</a>.
<a moz-do-not-send="true"
href="http://hostmaster.eurodns.com"
target="_blank">hostmaster.eurodns.com</a>.
<a moz-do-not-send="true"
href="tel:%28201%29%20606-1402"
value="+12016061402"
target="_blank">2016061402</a>
43200 7200 1209600 86400<br>
</div>
<div><a moz-do-not-send="true"
href="http://riskiq.net"
target="_blank">riskiq.net</a><br>
</div>
<div>SOA <a
moz-do-not-send="true"
href="http://ns-1754.awsdns-27.co.uk"
target="_blank">ns-1754.awsdns-27.co.uk</a>.
<a moz-do-not-send="true"
href="http://awsdns-hostmaster.amazon.com"
target="_blank">awsdns-hostmaster.amazon.com</a>.
1 7200 900 1209600 86400<br>
</div>
<div><br>
</div>
<div>Now as you can see - those
above examples allow you to
get (or build) an email list.
Most will normally point to
the providers service, but,
some that are DIY'ing their
hosting, it might not be.<br>
</div>
<div><br>
</div>
<div>Kind regards,<br>
<br>
Chris</div>
<div><br>
</div>
<hr
id="m_4380666777333680889zwchr">
<div><b>From: </b>"allison
nixon" <<a
moz-do-not-send="true"
href="mailto:elsakoo@gmail.com"
target="_blank">elsakoo@gmail.com</a>><br>
<b>To: </b>"nathalie coupet"
<<a moz-do-not-send="true"
href="mailto:nathaliecoupet@yahoo.com" target="_blank">nathaliecoupet@yahoo.com</a>><br>
<b>Cc: </b>"gnso-rds-pdp-wg"
<<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>><br>
<b>Sent: </b>Tuesday, 30 May,
2017 21:52:32<br>
<b>Subject: </b>Re:
[gnso-rds-pdp-wg] Principle on
Proportionality for
"Thin Data"access<br>
</div>
<div><br>
</div>
<div>
<div dir="ltr">so can you name
one specific example of how
someone could abuse thin
data?</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Tue, May 30, 2017 at 4:50
PM, nathalie coupet via
gnso-rds-pdp-wg <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div>
<div
style="background-color:rgb(255,255,255);font-family:'Helvetica
Neue',Helvetica,Arial,'Lucida Grande',sans-serif;font-size:13px">
<div
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287437"
dir="ltr"><b
style="color:rgb(34,34,34);font-family:sans-serif;font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287679">Abuse</b><span
style="color:rgb(34,34,34);font-family:sans-serif;font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287680"> is
the improper
usage or
treatment of an </span><a
moz-do-not-send="true" href="https://en.wikipedia.org/wiki/Entity"
title="Entity"
style="text-decoration-line:none;color:rgb(11,0,128);background-image:none;background-color:rgb(255,255,255);font-family:sans-serif;font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287681"
target="_blank">entity</a><span
style="color:rgb(34,34,34);font-family:sans-serif;font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287682">,
often to </span><a
moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Distributive_justice"
title="Distributive justice"
style="text-decoration-line:none;color:rgb(11,0,128);background-image:none;background-color:rgb(255,255,255);font-family:sans-serif;font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287683"
target="_blank">unfairly</a><span
style="color:rgb(34,34,34);font-family:sans-serif;font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287684"> or
improperly gain
benefit. In our
context, abuse
is the improper
usage of
WHOIS/RDS to
unfairly or
improperly gain
access to
information or
to game the
system. </span></div>
<div
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287437"
dir="ltr"><span
style="color:rgb(34,34,34);font-family:sans-serif;font-size:14px"><br>
</span></div>
<div
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287437"
dir="ltr"><span
style="color:rgb(34,34,34);font-family:sans-serif;font-size:14px">Here
are some of the
overarching
principles which
should guide us
when building
RDS: </span><br>
</div>
<div
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287437"
dir="ltr"><span
style="color:rgb(34,34,34);font-family:sans-serif;font-size:14px"><br>
</span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287894"><span
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287895"
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287896">DATA
LIFECYCLE
PRIVACY
PRINCIPLE
PROTECTION
MEASURE</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287897"><span
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287898"
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287899">Collection
Proportionality
and purpose
specification
Data
minimisation,
Data quality</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287900"><span
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287901"
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287902">Storage
Accountability,
Security
measures,
Sensitive data
Confidentiality, Encryption, Pseudonomisation</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287903"><span
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287904"
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287905">Sharing
and processing
Lawfulness and
fairness,
Consent, Right
of access
Data access
control, Data
leakage
prevention</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287906"><span
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287907"
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287908">Deletion
Openness,
Right to
erasure
Retention,
Archival,
Erasure</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287906"><span
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"><br>
</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287906"><span
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"><br>
</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287906"><span
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_291686"
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_291685">If
such
principles are
not respected,
ICANN will be
liable.
Consumers
don't need to
have all the
thin data when
making a
query. This
could protect
them and
enable them to
have access to
the RDS
without
raising much
opposition. </span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287906"><span
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"><br>
</span></span></div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287906"><span
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_292975"
style="color:#222222;font-family:sans-serif"><span
style="font-size:14px"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_292974">Now,
we could
discuss the
possibility
for broader
query types.
These
principles
would still
apply, but
would be
contextualized
in order to
take into
account new
sets of
parameters for
each broader
query. By
increasing
granularity as
much as
possible,
while applying
these
aformentioned
principles, we
just might
find a way to
accomodate
everyone. </span></span></div>
<div
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287437"><span><br>
</span></div>
<div
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287437"><span><br>
</span></div>
<div
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287435"> </div>
<div
class="m_4380666777333680889m_-1108286820301507687signature"
id="m_4380666777333680889m_-1108286820301507687yui_3_16_0_ym19_1_1496151286812_287433">Nathalie </div>
<div
class="m_4380666777333680889m_-1108286820301507687qtdSeparateBR"><br>
<br>
</div>
<div
class="m_4380666777333680889m_-1108286820301507687yahoo_quoted"
style="display:block">
<div
style="font-family:Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:13px">
<div
style="font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><span>
<div dir="ltr"><span
style="font-family:Arial;font-size:small"> On Tuesday, May 30, 2017 4:00
PM, John
Horton <<a
moz-do-not-send="true" href="mailto:john.horton@legitscript.com"
target="_blank">john.horton@legitscript.com</a>>
wrote:<br>
</span></div>
<br>
<br>
</span>
<div
class="m_4380666777333680889m_-1108286820301507687y_msg_container">
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093">
<div><span>
<div dir="ltr">
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444">I was going
to reply to
Natalie's
email as well,
but Paul's
comments
capture my
thoughts, so:
<b>+1. </b></div>
</div>
</span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093gmail_extra"><span><br
clear="all">
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><span
style="color:#073763;font-family:arial,helvetica,sans-serif">John Horton<br
clear="none">
President and
CEO,
LegitScript</span>
<div><img
moz-do-not-send="true"
width="96"
height="36"><br
clear="none">
<div>
<div>
<div
style="margin:0.0px
0.0px 0.0px
0.0px;font:12.0px
Helvetica"><br
clear="none">
</div>
<div
style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><span
style="color:#444444">Follow</span><span style="color:#0b5394"> </span><span>Legit</span><span
style="color:#0b5394">Script</span></b>: <a moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="http://www.linkedin.com/company/legitscript-com"
style="font-weight:normal" target="_blank"><span style="color:#cc0000">LinkedIn</span></a>
| <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="https://www.facebook.com/LegitScript"
style="font-weight:normal" target="_blank"><span style="color:#6aa84f">Facebook</span></a>
| <a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="https://twitter.com/legitscript"
style="font-weight:normal" target="_blank"><span style="color:#674ea7">Twitter</span></a>
| <span
style="color:#ff9900"><span
style="text-decoration:underline"><a moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="http://blog.legitscript.com/"
target="_blank">Blog</a></span></span> |<span style="color:#ff9900"> <span
style="font-weight:normal"><a moz-do-not-send="true" rel="nofollow"
shape="rect"
href="https://plus.google.com/112436813474708014933/posts"
target="_blank">Google+</a></span></span><br>
</div>
<div
style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span
style="color:#ff9900"><br clear="none">
</span></div>
<div
style="text-align:left;margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span
style="color:#ff9900"><img moz-do-not-send="true" width="46" height="96"><img
moz-do-not-send="true" width="47" height="96"><br clear="none">
</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br
clear="none">
</span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093gmail_quote"><span>On
Tue, May 30,
2017 at 12:57
PM, Paul
Keating <span
dir="ltr"><<a
moz-do-not-send="true" rel="nofollow" shape="rect"
href="mailto:paul@law.es"
target="_blank">paul@law.es</a>></span> wrote:<br clear="none">
</span>
<blockquote
class="m_4380666777333680889m_-1108286820301507687yiv8771876093gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093yqt3775885078"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093yqt77589">
<div><span>
<div>Natalie,</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature"><br
clear="none">
</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature">Thank
you for the
email. Im
copying the
list because i
see others
have replied
to your
comment.</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature"><br
clear="none">
</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature">I
strenuously
object to the
concept. We
are discussing
THIN DATA ONLY
HERE. Unless
someone can
explain to me
why any of
this data set
has privacy
concerns this
is a
non-issue. I
would
certainly
appreciate
someone
explaining
what, if any,
privacy issues
are perceived
to be at issue
here.</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature"><br
clear="none">
</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature">Moreover,
while you
suggest that
the idea
escapes the
need to
declare a
purpose, it
does nothing
but reinforce
a subjective
criteria based
system in
which the
declared
purpose is
used to
somehow limit
the data being
retrieved.</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature"><br
clear="none">
</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature">If
i am missing
something
please let me
know. </div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature"><br
clear="none">
Paul</div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945AppleMailSignature"><br
clear="none">
Sent from my
iPad</div>
</span>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093h5"><span>
<div><br
clear="none">
On 30 May
2017, at
21:08,
nathalie
coupet via
gnso-rds-pdp-wg
<<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>> wrote:<br clear="none">
<br
clear="none">
</div>
</span>
<blockquote>
<div>
<div
style="background-color:rgb(255,255,255);font-family:'Helvetica
Neue',Helvetica,Arial,'Lucida Grande',sans-serif;font-size:13px"><span>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yui_3_16_0_ym19_1_1496151286812_239556">Hi
Paul,</div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yui_3_16_0_ym19_1_1496151286812_239556"><br
clear="none">
</div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yui_3_16_0_ym19_1_1496151286812_239556">In
the context of
thin data, in
view of the
opposition of
some to allow
unauthenticated access to all the thin data, the principle of
proportionality
serves as an
over-arching
principle at
this
particular
phase in our
work in order
to protect
data from
abuse while
not
restricting
access. </div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yui_3_16_0_ym19_1_1496151286812_239556">Thin
data must be
proportionate
to the query,
be useful for
that
particular
query. All and
any other thin
data foreign
to this query
should not be
shared. This
principle
potentially
avoids having
to resort to
'legitimate
purposes'
which cannot
be verified
for
unauthenticated
access. </div>
<div dir="ltr"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yui_3_16_0_ym19_1_1496151286812_239556"> </div>
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yui_3_16_0_ym19_1_1496151286812_239558"> </div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945signature"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yui_3_16_0_ym19_1_1496151286812_239560">Nathalie </div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945qtdSeparateBR"><br
clear="none">
<br
clear="none">
</div>
</span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yahoo_quoted"
style="display:block">
<div
style="font-family:Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:13px">
<div
style="font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><span>
<div dir="ltr"><span
style="font-family:Arial;font-size:small"> On Tuesday, May 30, 2017 2:44
PM, "Gomes,
Chuck via
gnso-rds-pdp-wg"
<<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>> wrote:<br clear="none">
</span></div>
<br
clear="none">
<br
clear="none">
</span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945y_msg_container">
<div
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320">
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320WordSection1"><span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:11.0pt">Because Nathalie was the originator and was
unable to
speak on the
call, I
encourage her
to describe
the nature of
the issue on
this thread.</span></div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:11.0pt"> </span></div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:11.0pt">Chuck</span></div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><a
moz-do-not-send="true" rel="nofollow" shape="rect"
name="m_4380666777333680889_m_-1108286820301507687_m_-2551964071040587945__MailEndCompose"><span
style="font-size:11.0pt"> </span></a><br>
</div>
<span></span>
</span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320yqt1472831610"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320yqt95202">
<div>
<div
style="border:none;border-top:solid
#e1e1e1
1.0pt;padding:3.0pt
0in 0in 0in">
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><b><span
style="font-size:11.0pt">From:</span></b><span style="font-size:11.0pt">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">gnso-rds-pdp-wg-bounces@icann. org</a> [<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">mailto:gnso-rds-pdp-wg- bounces@icann.org</a>] <b>On
Behalf Of </b>Paul
Keating<span><br
clear="none">
<b>Sent:</b>
Tuesday, May
30, 2017 2:17
PM<br
clear="none">
<b>To:</b>
Lisa Phifer
<<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:lisa@corecom.com"
target="_blank">lisa@corecom.com</a>>; RDS PDP WG <<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>><br clear="none">
<b>Subject:</b>
[EXTERNAL] Re:
[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access</span></span></div>
</div>
</div>
<span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal">
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt">Im sorry to have missed the call but had a
client
engagement.</span></div>
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt"> </span></div>
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt">Can someone briefly describe the nature of the
issue?</span></div>
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt"> </span></div>
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt">Thanks</span></div>
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt">Paul</span></div>
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt"> </span></div>
</div>
</span>
<div
style="border:none;border-top:solid
#b5c4df
1.0pt;padding:3.0pt
0in 0in 0in">
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><b><span
style="font-size:11.0pt">From: </span></b><span
style="font-size:11.0pt"><<a
moz-do-not-send="true" rel="nofollow" shape="rect"
href="mailto:gnso-rds-pdp-wg-bounces@icann.org"
target="_blank">gnso-rds-pdp-wg-bounces@ icann.org</a>> on behalf of
Lisa Phifer
<<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:lisa@corecom.com"
target="_blank">lisa@corecom.com</a>><span><br clear="none">
<b>Date: </b>Tuesday,
May 30, 2017
at 7:52 PM<br
clear="none">
<b>To: </b>RDS
PDP WG <<a
moz-do-not-send="true" rel="nofollow" shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>><br clear="none">
<b>Subject: </b>[gnso-rds-pdp-wg]
Principle on
Proportionality
for "Thin
Data"access</span></span></div>
</div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt"> </span></div>
</div>
<blockquote
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE"
style="border:none;border-left:solid #b5c4df 4.5pt;padding:0in 0in 0in
4.0pt;margin-left:3.75pt;margin-right:0in"><span>
<div>
<div>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt">All, per today's call action item:<br
clear="none">
<br
clear="none">
<b>Action
Item: Nathalie
Coupet and any
other WG
members who
wish to do so
to propose to
the WG list a
new principle
on
proportionality
for "thin
data." All WG
members to
comment on
that proposed
principle in
advance of
next call.<br
clear="none">
<br
clear="none">
</b>we are
starting a new
thread here
which anyone
may reply to
if they wish
to propose (or
respond to) a
new principle
on
proportionality
for "thin
data" access.<br
clear="none">
<br
clear="none">
Best, Lisa</span></div>
</div>
</div>
</span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yiv0605036320MsoNormal"><span
style="font-size:10.5pt">______________________________
_________________
gnso-rds-pdp-wg mailing list <a moz-do-not-send="true" rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a> <a moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">
https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg</a></span><br>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<span>
<div
class="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yqt1472831610"
id="m_4380666777333680889m_-1108286820301507687yiv8771876093m_-2551964071040587945yqt24053">______________________________
_________________<br clear="none">
gnso-rds-pdp-wg mailing list<br clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg</a><br>
</div>
<br
clear="none">
<br
clear="none">
</span></div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<span>
<blockquote>
<div><span>______________________________
_________________</span><br clear="none">
<span>gnso-rds-pdp-wg
mailing list</span><br
clear="none">
<span><a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a></span><br clear="none">
<span><a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg</a></span><br>
</div>
</blockquote>
</span></div>
</div>
</div>
</div>
<span><br
clear="none">
______________________________ _________________<br clear="none">
gnso-rds-pdp-wg mailing list<br clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg</a><br
clear="none">
</span></blockquote>
</div>
<br
clear="none">
</div>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing
list<br>
<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a
moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer"
target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div
class="m_4380666777333680889gmail_signature">______________________________<wbr>___<br>
Note to self: Pillage
BEFORE burning.</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</div>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Jeremy Malcolm
Senior Global Policy Analyst
Electronic Frontier Foundation
<a class="moz-txt-link-freetext" href="https://eff.org">https://eff.org</a>
<a class="moz-txt-link-abbreviated" href="mailto:jmalcolm@eff.org">jmalcolm@eff.org</a>
Tel: 415.436.9333 ext 161
:: Defending Your Rights in the Digital World ::
Public key: <a class="moz-txt-link-freetext" href="https://www.eff.org/files/2016/11/27/key_jmalcolm.txt">https://www.eff.org/files/2016/11/27/key_jmalcolm.txt</a>
PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122</pre>
</body>
</html>