<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hmm, not sure why that's happening but fair enough request.</p>
<p>John Bambenek<br>
</p>
<br>
<div class="moz-cite-prefix">On 6/1/2017 11:58 AM, Ayden Férdeline
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9k_GMG487ekmbvFoVDcY3Wcmrd5fKcLa1emkQTGV93SwO7MehwQ5q_jMXnsSWgWh00I0IgICsC7pq1TPWkg_-moulOtLlRllYIDVIAg5Io4=@ferdeline.com">
<div>Can you please sign off your emails with your name or
initials? For some reason, many of the messages I receive from
this list come from "RDS PDP WG" and do not affix the sender's
name. Thank you.<br>
</div>
<div><br>
</div>
<div class="protonmail_signature_block ">
<div class="protonmail_signature_block-user ">
<div>Ayden Férdeline<br>
</div>
<div><a href="http://www.linkedin.com/in/ferdeline"
title="http://www.linkedin.com/in/ferdeline"
moz-do-not-send="true">linkedin.com/in/ferdeline</a><br>
</div>
</div>
<div class="protonmail_signature_block-proton
protonmail_signature_block-empty"><br>
</div>
</div>
<div><br>
</div>
<blockquote class="protonmail_quote" type="cite">
<div>-------- Original Message --------<br>
</div>
<div>Subject: Re: [gnso-rds-pdp-wg] The principle for thin data
(was Re: Principle on Proportionality for "Thin Data"access)<br>
</div>
<div>Local Time: June 1, 2017 5:52 PM<br>
</div>
<div>UTC Time: June 1, 2017 4:52 PM<br>
</div>
<div>From: <a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
</div>
<div>To: <a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
</div>
<div><br>
</div>
<div> <br>
</div>
<p>So you agree that you can educate your customers to make
consent possible? Good.<br>
</p>
<p>Now can we move on?<br>
</p>
<div><br>
</div>
<div class="moz-cite-prefix">On 6/1/2017 11:46 AM, Ayden
Férdeline wrote:<br>
</div>
<blockquote type="cite">
<div>+1 Stephanie. The vast majority of people, if given the
appropriate information and time, are perfectly capable of
understanding a complex or technical issue. <br>
</div>
<div><br>
</div>
<div class="protonmail_signature_block ">
<div class="protonmail_signature_block-user ">
<div>Ayden Férdeline<br>
</div>
<div><a href="http://www.linkedin.com/in/ferdeline"
title="http://www.linkedin.com/in/ferdeline"
rel="noreferrer nofollow noopener"
moz-do-not-send="true">linkedin.com/in/ferdeline</a><br>
</div>
</div>
<div class="protonmail_signature_block-proton
protonmail_signature_block-empty"><br>
</div>
</div>
<div><br>
</div>
<blockquote class="protonmail_quote" type="cite">
<div>-------- Original Message --------<br>
</div>
<div>Subject: Re: [gnso-rds-pdp-wg] The principle for thin
data (was Re: Principle on Proportionality for "Thin
Data"access)<br>
</div>
<div>Local Time: June 1, 2017 3:40 PM<br>
</div>
<div>UTC Time: June 1, 2017 2:40 PM<br>
</div>
<div>From: <a
href="mailto:stephanie.perrin@mail.utoronto.ca"
class="moz-txt-link-abbreviated" rel="noreferrer
nofollow noopener" moz-do-not-send="true">stephanie.perrin@mail.utoronto.ca</a><br>
</div>
<div>To: jonathan matkowsky <a
href="mailto:jonathan.matkowsky@riskiq.net"
class="moz-txt-link-rfc2396E" rel="noreferrer nofollow
noopener" moz-do-not-send="true"><jonathan.matkowsky@riskiq.net></a><br>
</div>
<div>RDS PDP WG <a href="mailto:gnso-rds-pdp-wg@icann.org"
class="moz-txt-link-rfc2396E" rel="noreferrer nofollow
noopener" moz-do-not-send="true"><gnso-rds-pdp-wg@icann.org></a><br>
</div>
<div><br>
</div>
<div><br>
</div>
<p><span class="size" style="font-size:undefinedpx"><span
class="font" style="font-family:'Lucida Grande'">I
certainly agree that if people enter personal
information as part of their DNS registration or their
motor vehicle licence registration, it is done with
implied consent... as long as there is sufficient
information to permit them to understand just how the
data is being used and where it is going. However, as
I tried to say with respect to registering a domain
name, I really don't think the average non-expert
citizen who might want to register a domain name would
get enough information to truly understand how far
his/her information goes, and how difficult it is to
get it removed once it has appeared in the public
record. We should build this system so that everyone
understands it, not just the experts.</span></span><br>
</p>
<p><span class="size" style="font-size:undefinedpx"><span
class="font" style="font-family:'Lucida Grande'">cheers
Stephanie</span></span><br>
</p>
<div><br>
</div>
<div class="moz-cite-prefix">On 2017-06-01 05:18, jonathan
matkowsky wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Stephanie,<br>
</div>
<div><br>
</div>
<div><span class="font" style="font-family:tahoma,
sans-serif"></span><br>
</div>
<div><span class="font" style="font-family:tahoma,
sans-serif">
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default">I agree with you that we
should not conflate collection limitation
principles with openness principles.<br>
</div>
</span></div>
<div><span class="font" style="font-family:tahoma,
sans-serif">
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default"><br>
</div>
</span></div>
<div><span class="font" style="font-family:tahoma,
sans-serif">
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default">I respectfully disagree with
most of what you wrote in the first paragraph of
your post script. <br>
</div>
</span><span class="font" style="font-family:tahoma,
sans-serif">
<div style="display:inline" class="gmail_default">Here
we are talking about users potentially entering
personal or pseudonymous information when they are
not being asked for it (nor is it required) to
begin with, and it is not required for purposes of
which it's being collected. That is the<br>
</div>
</span>
<div> <br>
</div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default">scope<br>
</div>
<div> of what needs to be assessed <br>
</div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default">if at all and how the scope
needs to be<br>
</div>
<div> defined from the beginning<br>
</div>
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default">if you were to conduct a PIA<br>
</div>
<div>.<br>
</div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default"><br>
</div>
</div>
<div><span class="font" style="font-family:tahoma,
sans-serif">
<div style="display:inline" class="gmail_default"><br>
</div>
</span></div>
<div><span class="font" style="font-family:tahoma,
sans-serif">
<div style="display:inline" class="gmail_default"><br>
</div>
</span><span class="font" style="font-family:tahoma,
sans-serif">
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default"> <br>
</div>
</span><span class="font" style="font-family:tahoma,
sans-serif">
<div style="display:inline" class="gmail_default">Personal
information is not being used or intended to be
used just because a person decides to enter
personal information into a field. <br>
</div>
</span>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default"><br>
</div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default">The example of how you can
combine databases to re-identify a person based on
the SOA record is the equivalent of protecting
domain names as personal information because a
person <br>
</div>
<span class="font" style="font-family:tahoma,
sans-serif">
<div>can register their driver's license <br>
</div>
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default">or name and date of birth<br>
</div>
<div>as a domain name.<br>
</div>
</span>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default"> <br>
</div>
<div><span class="font" style="font-family:tahoma,
sans-serif">I would argue no PIA should be
required </span> <br>
</div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default">as a result <br>
</div>
<div><span class="font" style="font-family:tahoma,
sans-serif">even in accordance even with best
practices.</span> <br>
</div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default"> <br>
</div>
<div>A PIA needs to be conducted in a manner that is
commensurate with the level of privacy risk
identified<br>
</div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default">. <br>
</div>
</div>
<div><span class="font" style="font-family:tahoma,
sans-serif"> </span><br>
</div>
<div>
<div>
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default">I respectfully disagree with
you that thin data is personal. We are talking
about identifiers (codes or strings that represent
an individual or device). Many labels can be used
to point to individuals. Some are precise and
most, imprecise or vague. There's no question that
an IP address is a device identifier. Device IDs,
MAC addresses can be a source for user tracking.
But <br>
</div>
<span class="font" style="font-family:tahoma,
sans-serif">
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default">i<br>
</div>
</span>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default">dentifiers can be strong or
weak depending on how precise they are as well as
the context. It cannot be measured without taking
linkability into consideration. For that reason,
name servers are not the same as IP addresses or
MAC addresses any more so than the existence of a
domain name is an identifier. If a person chooses
to use identifiable information when it is not
being asked for or required for purposes of which
the data is being collected, that does that mean
we need to classify all the data according to that
unlikely scenario. Those setting up their own DNS
would be relatively speaking, sophisticated
Internet users that presumably know the basics of
how DNS operates in any case, so by entering the
information in that way, they are choosing to
customize their DNS in a personal way similar to a
person that chooses to show personal information
on their license plate number. <br>
</div>
</div>
<div>
<div
style="font-family:tahoma,sans-serif;display:inline"
class="gmail_default"><br>
</div>
</div>
<div>
<div
style="font-family:tahoma,sans-serif;font-size:small"
class="gmail_default">I know that the motor
vehicle registry is restricted now in most places
so that you would need a subpoena to get that kind
of personal information. This is also true of an
IP address though and IP providers. The fact is a
person can put their name and date of birth on a
license plate if they want to customize it. And
then they get on the road. That does not mean the
license plate numbers are all personal
information. It's pseudonymous data. It is true
that it is a stronger identifier than an IP
address insofar as if you subpoena the motor
vehicle registry operator, you will get the
personal information behind that license plate
number. If you subpoena the ISP, you MIGHT get the
personal information depending on the nature of
the IP address. It's still true that to drive a
car, you need to show your license plate number on
the vehicle. <br>
</div>
<div
style="font-family:tahoma,sans-serif;font-size:small"
class="gmail_default"><br>
</div>
<div
style="font-family:tahoma,sans-serif;font-size:small"
class="gmail_default">
<div>I would argue that thin Whois data is
pseudonymous or personal data to the same extent
that a person can choose to <u>customize</u> a
license plate if they want to, and put personal
or psuedonymous data into fields <br>
</div>
<div style="display:inline" class="gmail_default">for
which the data being collected does not ask for
or require them to do so. <br>
</div>
<div style="display:inline" class="gmail_default"><br>
</div>
</div>
<div
style="font-family:tahoma,sans-serif;font-size:small"
class="gmail_default">
<div style="display:inline" class="gmail_default"><br>
</div>
</div>
<div
style="font-family:tahoma,sans-serif;font-size:small"
class="gmail_default">
<div style="display:inline" class="gmail_default">A<br>
</div>
<div> person can register their driver's license
as a domain name.<br>
</div>
<div style="display:inline" class="gmail_default">They
can use a personal email in their SOA record, or
personal NS. <br>
</div>
<div>Just because it's theoretically possible for
someone to enter pseudonymous (or even personal)
data into multiple databases when they are not
being asked for it, and those combination of
choices make it possible to identify them, does
not mean one of the sets (Thin Whois) should be
classified as personal information subject to a
PIA. <br>
</div>
</div>
</div>
<div><br>
</div>
<div class="gmail_extra">
<div
style="font-family:tahoma,sans-serif;font-size:small;display:inline"
class="gmail_default"><br>
</div>
<div><br>
</div>
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div>Jonathan Matkowsky,<br>
</div>
<div>VP – IP & Brand Security<br>
</div>
<div>USA:: 1.347.467.1193 | Office::
+972-(0)8-926-2766<br>
</div>
<div>Emergency mobile:: +972-(0)54-924-0831<br>
</div>
<div>Company Reg. No. 514805332 <br>
</div>
<div>11/1 Nachal Chever, Modiin Israel<br>
</div>
<div><a href="http://www.riskiq.co.il"
rel="noreferrer nofollow noopener"
moz-do-not-send="true">Website</a><br>
</div>
<div>RiskIQ Technologies Ltd. (wholly-owned
by RiskIQ, Inc.)<br>
</div>
</div>
</div>
</div>
</div>
<div><br>
</div>
<div class="gmail_quote">
<div>On Thu, Jun 1, 2017 at 12:02 AM, Stephanie
Perrin <span dir="ltr"><<a
href="mailto:stephanie.perrin@mail.utoronto.ca"
rel="noreferrer nofollow noopener"
moz-do-not-send="true">stephanie.perrin@mail.utoronto.ca</a>></span>
wrote:<br>
</div>
<div><br>
</div>
<blockquote style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"
class="gmail_quote">
<div bgcolor="#FFFFFF">
<p><span class="size"
style="font-size:undefinedpx"><span
class="font" style="font-family:'Lucida
Grande'">Your summary today was great
Andrew.</span></span><br>
</p>
<p><span class="size"
style="font-size:undefinedpx"><span
class="font" style="font-family:'Lucida
Grande'">I am not arguing about the
disclosure of thin data. We already
voted on unauthenticated mandatory
disclosure, weeks ago (or at least it
feels like weeks ago). Lets please move
on. We are debating this yet again,
because people keep asking, is thin data
personal? <span class="size"
style="font-size:undefinedpx"><span
style="font-family:'Lucida Grande'"
class="font"> [lots of people missed
the last call]</span></span> The
answer is yes (IMHO). Does that mean it
cannot be disclosed? The answer is no.
Does the proportionality principle
apply? Yes. Have we already gone
through this? Yes. Can we come back to
it? Yes, but hopefully only if we have
to.....we will have to when we get to
data elements.</span></span><br>
</p>
<div>cheers Stephanie<br>
</div>
<div><span class="size"
style="font-size:undefinedpx">PS a
fundamental problem here is that people
try to categorize information that in
their view should be disclosed, as not
personal information. This fight has gone
on for years over IP address, for
instance. The important question is not
actually whether it is personal data or
not, it is "do you need to disclose it to
make things work?"....and if the answer is
yes then you try to mitigate the
disclosure and try to keep it minimized to
what is absolutely required. Hence the
PIA, which should employ both data
minimization and the test in the
proportionality principle as techniques to
evaluate data elements.<br>
A good and really simple example is a
phone number. IS it personal info? (the
telcos fought for years, trying to claim
they owned it and it was not personal).
Obviously it pertains to you, people feel
strongly that it is personal (culturally
relative of course but...) and yet if
noone ever learns your number your phone
won't ever receive a call. That does not
mean you have to disclose it
everywhere.....only where necessary. And
it should mean that it does not have to
follow you everywhere, but that is
becoming increasingly hard to manage....<br>
<br>
By the way, informed consent is not the
same as transparency requirements.
Transparency requirements are exactly
that....you have to be transparent about
what you are doing with data. Let us not
conflate that with consent.<br>
<br>
I will quit now and stop trying to answer
questions. I would like to humbly
suggest, however, that we have a real
shortage of basic understanding of how
data protection law works and is
interpreted. If there is a data
protection law expert that folks might
listen to, we should hire that person to
advise us. It might save a lot of time.<br>
</span></div>
<div
class="gmail-m_7395020479003268935moz-cite-prefix">On
2017-05-31 16:00, Andrew Sullivan wrote:<br>
</div>
<blockquote type="cite">
<pre>Hi,
On Wed, May 31, 2017 at 03:20:59PM -0400, Stephanie Perrin wrote:
</pre>
<blockquote type="cite">
<pre>That does not mean we need to protect it, it means we have to examine it in
terms of DP law. May I repeat the suggestion that Canatacci made in
Copenhagen in response to a question.....(I forget the precise question he
was asked, sorry). If you want to figure out whether you have to protect
something or not, do a privacy impact assessment.
</pre>
</blockquote>
<pre>As I think I've said more than once in this thread, I think we _have_
done that assessment and I think the answers are obvious and I think
therefore that there is nothing more to say about this principle in
respect of thin data:
- the data is either necessary for the operation of the system
itself or else necessary for distributed operation and
troubleshooting on the Internet.
- the data does not expose identifying information about anyone,
except in rather strained examples where the identifying
information is already completely available via other means.
What more is one supposed to do?
Best regards,
A
</pre>
</blockquote>
<div><br>
</div>
</div>
<div><br>
</div>
<div>______________________________<wbr>_________________<br>
</div>
<div>gnso-rds-pdp-wg mailing list<br>
</div>
<div><a href="mailto:gnso-rds-pdp-wg@icann.org"
rel="noreferrer nofollow noopener"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
</div>
<div><a rel="noreferrer nofollow noopener"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" class="moz-txt-link-abbreviated" rel="noreferrer nofollow noopener" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" class="moz-txt-link-freetext" rel="noreferrer nofollow noopener" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
</pre>
</blockquote>
</blockquote>
<div><br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
</body>
</html>