<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div id="yui_3_16_0_ym19_1_1496232851554_445156"><span></span></div><div></div><div id="yui_3_16_0_ym19_1_1496232851554_445146"> <span style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445215">My position was and is to secure unauthenticated access to thin data for all.</span></div><div style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445216"><div id="yui_3_16_0_ym19_1_1496232851554_445217"><b id="yui_3_16_0_ym19_1_1496232851554_445218"><i id="yui_3_16_0_ym19_1_1496232851554_445219">[Gomes, Chuck] Wouldn’t ‘all’ include bad actors and consumers? </i></b></div><div id="yui_3_16_0_ym19_1_1496232851554_445217"><b id="yui_3_16_0_ym19_1_1496232851554_445514"><i id="yui_3_16_0_ym19_1_1496232851554_445513">[NC] Probably, but they would only get to a minimal set of data if they click on the Consumer box </i></b></div><div id="yui_3_16_0_ym19_1_1496232851554_445220"> </div></div><div style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445221"><div id="yui_3_16_0_ym19_1_1496232851554_445222">I envisioned access to RDS through 3 chock points to weed out bad actors as much as possible: </div></div><div style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445223"><div id="yui_3_16_0_ym19_1_1496232851554_445224">An end-user would need to check the first box for authenticated/unauthenticated access,</div><div id="yui_3_16_0_ym19_1_1496232851554_445225"><b id="yui_3_16_0_ym19_1_1496232851554_445226"><i id="yui_3_16_0_ym19_1_1496232851554_445227">[Gomes, Chuck] For thin data the WG has already tentatively agreed that access would be unauthenticated so why would a box need to be checked for this? I was just imagining how the API would work; If you click on authenticated access, you might have access to more than just thin data</i></b></div><div id="yui_3_16_0_ym19_1_1496232851554_445228">then another box for consumer</div><div id="yui_3_16_0_ym19_1_1496232851554_445229"><b id="yui_3_16_0_ym19_1_1496232851554_445230"><i id="yui_3_16_0_ym19_1_1496232851554_445231">[Gomes, Chuck] What is a consumer? If someone was a consumer or not, would that determine what thin data they could access? </i></b></div><div id="yui_3_16_0_ym19_1_1496232851554_445229"><b id="yui_3_16_0_ym19_1_1496232851554_445807"><i id="yui_3_16_0_ym19_1_1496232851554_445806">[NC] Yes, Joe the plumber who needs to check if a website is legitimate or to obtain the identity of the author of a website publishing incendiary content against plumbers </i></b></div><div id="yui_3_16_0_ym19_1_1496232851554_445232">and a third would be to select the purpose or a default purpose would be selected for him (maybe no purpose could also be possible). </div><div id="yui_3_16_0_ym19_1_1496232851554_445233"><b id="yui_3_16_0_ym19_1_1496232851554_445234"><i id="yui_3_16_0_ym19_1_1496232851554_445235">[Gomes, Chuck] For thin data the WG has tentatively agreed that access would be granted without identifying a purpose so it appears that you disagree with that conclusion. I confess to being confused.</i></b></div><div id="yui_3_16_0_ym19_1_1496232851554_445233" dir="ltr"><b id="yui_3_16_0_ym19_1_1496232851554_446426"><i id="yui_3_16_0_ym19_1_1496232851554_446425">[NC] No, apologies. I was eager to conver all bases.</i></b></div></div><div style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445236"><div id="yui_3_16_0_ym19_1_1496232851554_445237">Consumers don't need all the thin data to be published for their simple queries, since - in my mind - they want to make sure the website is legitimate or they want to identify the author in case of abuse (such as defamation, abuse or threats). </div></div><div style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445238"><div id="yui_3_16_0_ym19_1_1496232851554_445239">If the principle of proportionality doesn't apply to most other cases, that's fine. But I think it does apply for simple consumer queries. </div><div id="yui_3_16_0_ym19_1_1496232851554_445240"><b id="yui_3_16_0_ym19_1_1496232851554_445241"><i id="yui_3_16_0_ym19_1_1496232851554_445242">[Gomes, Chuck] What is a ‘simple consumer query’? How does the ‘principle of proportionality’ apply to a simple consumer query? What is your understanding of what ‘proportionality’ means?</i></b></div><div id="yui_3_16_0_ym19_1_1496232851554_445240"><b id="yui_3_16_0_ym19_1_1496232851554_446259"><i id="yui_3_16_0_ym19_1_1496232851554_446258">[NC] A simple query from Joe the plumber would be to check who is writing these articles on DeathtoPumbers.com because he feels threatened. He would just need a name, not the status of the website, and other thin data. </i></b></div></div><div style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445243"><div id="yui_3_16_0_ym19_1_1496232851554_445244">This is an interesting debate, but I never thought it would lead to people actually proposing to drop vital data for the functioning of the Internet.</div></div><div style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1496232851554_445245"><div id="yui_3_16_0_ym19_1_1496232851554_445246">I had in mind the other principle that you do not volunteer data when it is not required. It should be useful. Not because it is PPI, but out of caution.</div><div dir="ltr" id="yui_3_16_0_ym19_1_1496232851554_445247"><b id="yui_3_16_0_ym19_1_1496232851554_445248"><i id="yui_3_16_0_ym19_1_1496232851554_445249">[Gomes, Chuck] It sounds like you are suggesting that RDS requestors should have to identify a purpose for thin data elements. Am I missing something?</i></b></div><div dir="ltr" id="yui_3_16_0_ym19_1_1496232851554_445247"><b id="yui_3_16_0_ym19_1_1496232851554_446423"><i id="yui_3_16_0_ym19_1_1496232851554_446422">[NC] It would not have to be a 'legitimate purpose' as defined in the GDPR; but for consumers, we could map the category of requestor to a type of query or several types of queries in advance, (and in some cases, add an option for 'other', if needed). In the case of Joe the plumber, he only needs a name, so the query mapped to this requestor type could be a 'Request for thin data to identify legitimacy or name of website author". </i></b></div></div><div class="signature" id="yui_3_16_0_ym19_1_1496232851554_445083"><br></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> On Wednesday, May 31, 2017 3:14 PM, "Gomes, Chuck" <cgomes@verisign.com> wrote:<br></font></div> <br><br> <div class="y_msg_container"><div id="yiv0291693560"><style>#yiv0291693560 #yiv0291693560 --
_filtered #yiv0291693560 {panose-1:2 4 5 3 5 4 6 3 2 4;}
_filtered #yiv0291693560 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}
#yiv0291693560
#yiv0291693560 p.yiv0291693560MsoNormal, #yiv0291693560 li.yiv0291693560MsoNormal, #yiv0291693560 div.yiv0291693560MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;}
#yiv0291693560 a:link, #yiv0291693560 span.yiv0291693560MsoHyperlink
{color:#0563C1;text-decoration:underline;}
#yiv0291693560 a:visited, #yiv0291693560 span.yiv0291693560MsoHyperlinkFollowed
{color:#954F72;text-decoration:underline;}
#yiv0291693560 p.yiv0291693560msonormal0, #yiv0291693560 li.yiv0291693560msonormal0, #yiv0291693560 div.yiv0291693560msonormal0
{margin-right:0in;margin-left:0in;font-size:12.0pt;}
#yiv0291693560 span.yiv0291693560EmailStyle18
{color:windowtext;}
#yiv0291693560 span.yiv0291693560EmailStyle19
{color:windowtext;}
#yiv0291693560 .yiv0291693560MsoChpDefault
{font-size:10.0pt;}
_filtered #yiv0291693560 {margin:1.0in 1.0in 1.0in 1.0in;}
#yiv0291693560 div.yiv0291693560WordSection1
{}
#yiv0291693560 </style><div>
<div class="yiv0291693560WordSection1">
<div class="yiv0291693560MsoNormal">Thanks for the quick reply Nathalie. Please see my responses below.</div>
<div class="yiv0291693560MsoNormal"> </div>
<div class="yiv0291693560MsoNormal">Chuck</div>
<div class="yiv0291693560MsoNormal"><a rel="nofollow" shape="rect" name="_MailEndCompose" href=""> </a></div>
<span style=""></span>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in;">
<div class="yiv0291693560MsoNormal"><b>From:</b> nathalie coupet [mailto:nathaliecoupet@yahoo.com]
<br clear="none">
<b>Sent:</b> Wednesday, May 31, 2017 2:40 PM<br clear="none">
<b>To:</b> Gomes, Chuck <cgomes@verisign.com><br clear="none">
<b>Cc:</b> gnso-rds-pdp-wg@icann.org<br clear="none">
<b>Subject:</b> [EXTERNAL] Re: Does the principle of proportionality apply to thin data?</div>
</div>
</div>
<div class="yiv0291693560MsoNormal"> </div>
<div>
<div class="yiv0291693560MsoNormal">Hi Chuck,<span style="font-size:12.0pt;"></span></div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal"> </div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal">My position was and is to secure unauthenticated access to thin data for all.</div>
<div class="yiv0291693560MsoNormal"><b><i>[Gomes, Chuck] Wouldn’t ‘all’ include bad actors and consumers?</i></b></div>
<div class="yiv0291693560MsoNormal"> </div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal">I envisioned access to RDS through 3 chock points to weed out bad actors as much as possible: </div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal">An end-user would need to check the first box for authenticated/unauthenticated access,</div>
<div class="yiv0291693560MsoNormal"><b><i>[Gomes, Chuck] For thin data the WG has already tentatively agreed that access would be unauthenticated so why would a box need to be checked for this?</i></b></div>
<div class="yiv0291693560MsoNormal">then another box for consumer</div>
<div class="yiv0291693560MsoNormal"><b><i>[Gomes, Chuck] What is a consumer? If someone was a consumer or not, would that determine what thin data they could access?</i></b></div>
<div class="yiv0291693560MsoNormal">and a third would be to select the purpose or a default purpose would be selected for him (maybe no purpose could also be possible). </div>
<div class="yiv0291693560MsoNormal"><b><i>[Gomes, Chuck] For thin data the WG has tentatively agreed that access would be granted without identifying a purpose so it appears that you disagree with that conclusion. I confess to being confused.</i></b></div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal">Consumers don't need all the thin data to be published for their simple queries, since - in my mind - they want to make sure the website is legitimate or they want to identify the author in case of abuse (such as defamation, abuse or threats). </div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal">If the principle of proportionality doesn't apply to most other cases, that's fine. But I think it does apply for simple consumer queries. </div>
<div class="yiv0291693560MsoNormal"><b><i>[Gomes, Chuck] What is a ‘simple consumer query’? How does the ‘principle of proportionality’ apply to a simple consumer query? What is your understanding of what ‘proportionality’ means?</i></b></div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal">This is an interesting debate, but I never thought it would lead to people actually proposing to drop vital data for the functioning of the Internet.</div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal">I had in mind the other principle that you do not volunteer data when it is not required. It should be useful. Not because it is PPI, but out of caution.</div>
<div class="yiv0291693560MsoNormal"><b><i>[Gomes, Chuck] It sounds like you are suggesting that RDS requestors should have to identify a purpose for thin data elements. Am I missing something?</i></b></div><div class="yiv0291693560yqt3482844681" id="yiv0291693560yqtfd75271"></div><div class="yiv0291693560yqt3482844681" id="yiv0291693560yqtfd61896">
</div></div><div class="yiv0291693560yqt3482844681" id="yiv0291693560yqtfd73119">
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal"> </div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal"> </div>
</div>
<div id="yiv0291693560AppleMailSignature">
<div class="yiv0291693560MsoNormal"><br clear="none">
Sent from my iPhone</div>
</div>
<div>
<div class="yiv0291693560MsoNormal" style="margin-bottom:12.0pt;"><br clear="none">
On May 31, 2017, at 2:21 PM, Gomes, Chuck <<a rel="nofollow" shape="rect" ymailto="mailto:cgomes@verisign.com" target="_blank" href="mailto:cgomes@verisign.com">cgomes@verisign.com</a>> wrote:</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt;">
<div>
<div class="yiv0291693560MsoNormal">Nathalie,</div>
<div class="yiv0291693560MsoNormal"> </div>
<div class="yiv0291693560MsoNormal">Thank you for your suggestion that the principle of proportionality be added. That has generated a very lively discussion.</div>
<div class="yiv0291693560MsoNormal"> </div>
<div class="yiv0291693560MsoNormal">As I am sure you have seen, a lot of WG members have stated that they do not believe that the principle of proportionality applies to thin data and have provided what I think is pretty good rationale in support of their position. As the
originator of the suggestion, do you still maintain that the principle applies to thin data? If so, how would you counter the arguments that have been made to the contrary?</div>
<div class="yiv0291693560MsoNormal"> </div>
<div class="yiv0291693560MsoNormal">All – If anyone else thinks that the principle of proportionality applies to think data, please speak up and provide your counters to the arguments that have been made to the contrary.</div>
<div class="yiv0291693560MsoNormal"> </div>
<div class="yiv0291693560MsoNormal">Chuck</div>
</div>
</blockquote>
</div></div><div class="yiv0291693560yqt3482844681" id="yiv0291693560yqtfd00708">
</div></div></div><br><br></div> </div> </div> </div></div></body></html>