<div dir="ltr"><div><div>Stephanie,<br><br></div>I agree that civility should be maintained but I take exception to your assertion that your privacy perspective is "the privacy perspective". <br><br>It is reasonable to say that you speak on behalf of the privacy perspective of your employer. If a participant in the group is an official representative of a government, it is reasonable for them to assert that they speak on behalf of that government. It is absolutely unreasonable to represent that there is a single privacy perspective. I would be just as remiss if I were to claim I represent THE security and anti-abuse perspective. As with privacy, there are a range of perspectives within the security and anti-abuse communities.<br><br></div>I have chosen to participate in this group on my own behalf (statement of interest) rather than on behalf of my employer because I am bringing my perspective of roughly 40 years of being on the internet, participating in standards efforts as well as dealing with privacy and abuse issues.<br><div><div><div><div class="gmail_extra"><br></div><div class="gmail_extra">Michael Hammer<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 1, 2017 at 10:23 AM, Stephanie Perrin <span dir="ltr"><<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">This is not a personal
"demand", it is a request that we maintain more civility in
this discourse. The allegation that those of us who are trying
to explain the privacy perspective on this matter do not
understand your work is simply untrue. Some of us have worked
on the issues for years. Please, all I am asking for is that
we tone the rhetoric down and treat each other with respect,
as is required by ICANN standards of behaviour on working
groups.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">With respect to your
other comments, I have been clarifying in all the calls that I
attend, that when I raise an objection it is often on
principle because we need caveats or derogations on some of
the agreements we reach. I have clarified several times my
position on the technical definition of personal information,
and the fact that this in no way means that because
information is personal, it cannot be disclosed (eg thin
data). I believe my response to Andrew's latest excellent
summary yesterday pretty well encapsulates that so I am not
going to respond point by point to what you have said below.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Thanks.</font></font></p><span class="gmail-HOEnZb"><font color="#888888">
<p><font size="+1"><font face="Lucida Grande">Stephanie Perrin<br>
</font></font></p></font></span><div><div class="gmail-h5">
<br>
<div class="gmail-m_-6522177578646284561moz-cite-prefix">On 2017-05-31 19:04, allison nixon
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Your e-mail stated:<br>
>>Data that is gleaned from a file related to an
individual, ie in this case their registration data, even if it
is nameservers and the like, is their personal data.
<div><br>
</div>
<div>And it was stated in support of restricting public access
to this information. </div>
<div><br>
</div>
<div>Eliminating the other data elements may make
troubleshooting harder, but eliminating nameservers on the
basis of privacy means the registrars won't be able to
disseminate it at all, and it will literally break the
Internet. Were you thinking of the absurd possibilities when
you wrote it?</div>
<div><br>
</div>
<div>Your references don't change the fact of how DNS resolution
works. If you're going to object to that characterization,
then I formally object to this one, which is similar to the
sentiment that has underpinned this group since the beginning:<br>
</div>
<div><br>
</div>
<div>>>At a time when increasing imbalance in
‘informational power’, when governments and business
organizations alike amass hitherto unprecedented amounts of
data about individuals, and are increasingly in the position
to compile detailed profiles that will predict their behavior
(reinforcing informational imbalance and reducing their
autonomy), it is ever more important to ensure that the
interests of the individuals to preserve their privacy and
autonomy be protected.</div>
<div><br>
</div>
<div>In the context of WHOIS, it's ridiculous borderline
conspiracy theory. A tiny percent of the population owns any
domains, and an even smaller percent disclose anything in the
WHOIS. This isn't intrusive like ad tracking or companies
selling health data. This is information that people enter
when they stake a claim in a public space. Blinding defenders
from being able to judge if we want to interact with inbound
traffic reduces our autonomy and only empowers the massive
problem of abuse. Mischaracterizing public WHOIS info, which
has been public for decades, as some sort of scandalous leak
of data is ridiculous. It also falsely shades the motivations
of the people who are asking for it to remain open. The truth
is that this data is useless for what is insinuated, and we
aren't asking to keep the data open so we can snoop on some
dissident by knowing what their junk email and domain creation
date is. </div>
<div><br>
</div>
<div>And just because someone in the world is(and they certainly
are), it doesn't mean we must shut down the whole system.</div>
<div><br>
</div>
<div>On top of that, no one is forced to disclose damaging info.
If you want to use an ICANN domain, fill out the form. If you
don't want to, get an .onion, get a dynamic domain, go
somewhere else. Or use WHOIS privacy. Or use junk info.</div>
<div><br>
</div>
<div>You can demand respect, but many arguments in this group do
not inspire respect. </div>
<div>
<ul>
<li>When people claim to be concerned about spam as a
motivation for eliminating WHOIS, and then don't listen
when actual anti-spam people tell them it will destroy a
major tool in the fight against spam, that does not
inspire respect. </li>
<li>When people propose to put basic functionality on the
chopping block, that does not inspire respect. <br>
</li>
<li>When theoretical edge cases are dreamed up as rebuttals
to real and frequent issues, that does not inspire
respect.</li>
<li>When anti-abuse is judged as anathema to privacy and are
disrespected, that does not inspire respect.</li>
</ul>
<div>I along with many other security professionals here are
not opposed to following the law. Collectively much of our
work involves ensuring compliance with the law, including
privacy laws, HIPAA, data breach laws, et cetera. Despite
frequently being mischaracterized as wannabe cops by list
members, we are not cops. We actually implement the
protection of privacy, including the need to prevent data
breaches- which can incur massive fines thanks to some
privacy laws. Yet here we are, butting heads with "privacy
experts", who by and large don't want to hear about
operational issues or the wider impact of their narrow
agenda.</div>
</div>
<div><br>
</div>
<div>This observation isn't solely about you personally, and
your work history is irrelevant here. It is an observation
about the group as a whole since I became active. This isn't
privacy versus security. This is quite literally, privacy
versus privacy. And one side of the argument has operational
experience. Security in the Internet sense involves-
confidentiality, integrity, and availability. And most efforts
are focused on the first item. We are not the NSA hunting
terrorists or tapping phones or whatever youall imagine we
are. We are trying to prevent data breaches and identity theft
and phishing and quite literally everything that privacy laws
are written to address. That's why these arguments are so
ridiculous.</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 31, 2017 at 3:42 PM,
Stephanie Perrin <span dir="ltr"><<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.<wbr>utoronto.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">I would like
to formally object to this kind of characterization
of the people who are working in good faith on this
working group: "self-proclaimed privacy
advocates". I can only speak for myself, so I will
do only that.....I am not a self-proclaimed privacy
advocate. I have been working as a privacy
professional since 1984, when I became one of the
first privacy coordinators for the Department of
Communications of Canada. I was the first president
in 1986 of CAPA, the privacy professionals
association which we formed and which collaborated
for many years with ASAP, the US equivalent. I
could go on and on and if you require references as
to whether or not our views should be accepted as
having merit, regardless of whether you agree with
them or not, I am happy to provide them. But
please, let us treat one another with a bit more
respect.</font></font></p>
<span class="gmail-m_-6522177578646284561HOEnZb"><font color="#888888">
<p><font size="+1"><font face="Lucida Grande">Stephanie
Perrin</font></font><br>
</p>
</font></span>
<div>
<div class="gmail-m_-6522177578646284561h5"> <br>
<div class="gmail-m_-6522177578646284561m_-3414513183451100299moz-cite-prefix">On
2017-05-31 13:39, allison nixon wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Good faith does not excuse ignorance.
Such a mistake reveals the extreme tunnel vision
by many self proclaimed privacy advocates here. It
shows why they butt heads with people who work
every day in the trenches to actually protect
privacy of real- not theoretical- victims. </div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 31, 2017 at
1:30 PM, Jeremy Malcolm <span dir="ltr"><<a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> Again,
I really think we need to dial down the
level of sarcasm here. The proportionality
proposal was made in good faith.<br>
<br>
However, I'm from a privacy advocacy
organization and even I have agreed that
there are operational problems with any
proposal to limit unauthenticated access to
thin WHOIS data. I agree that while privacy
is an absolutely key principle to be upheld,
so is the generativity of the Internet, and
that unauthenticated access to thin WHOIS
data, much of which just replicates the
information that end users make available
through their own nameservers, is part of
the permissionless innovation that underpins
many real world Internet applications.
<div>
<div class="gmail-m_-6522177578646284561m_-3414513183451100299h5"><br>
<br>
<div class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544moz-cite-prefix">On
31/5/17 10:14 am, allison nixon wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="gmail-m_-6522177578646284561m_-3414513183451100299h5">
<div dir="ltr">Which includes
nameservers, which are collected and
propagated by the registrars. If
this is deemed sensitive
information, then the registrars
should be careful sharing that data
via other outlets without tight
restrictions!</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May
31, 2017 at 1:09 PM, Michael
Peddemors <span dir="ltr"><<a href="mailto:michael@linuxmagic.com" target="_blank">michael@linuxmagic.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span>On
17-05-31 10:07 AM, allison
nixon wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> the
rest of it can't be. You
can't put a DNS query behind
a EULA. We<br>
can't pretend there are
restrictions on this data.<br>
<br>
</blockquote>
<br>
</span> We aren't discussing DNS
or any other places that data is
available as part of this
working group. Only the informed
consent of data held in whois
thin data.
<div class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544HOEnZb">
<div class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544h5"><br>
<br>
<br>
-- <br>
"Catch the Magic of
Linux..."<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
Michael Peddemors,
President/CEO LinuxMagic
Inc.<br>
Visit us at <a href="http://www.linuxmagic.com" rel="noreferrer" target="_blank">http://www.linuxmagic.com</a>
@linuxmagic<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
A Wizard IT Company - For
More Info <a href="http://www.wizard.ca" rel="noreferrer" target="_blank">http://www.wizard.ca</a><br>
"LinuxMagic" a Registered
TradeMark of Wizard Tower
TechnoServices Ltd.<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
<a href="tel:604-682-0300" value="+16046820300" target="_blank">604-682-0300</a> Beautiful
British Columbia, Canada<br>
<br>
This email and any
electronic data contained
are confidential and
intended<br>
solely for the use of the
individual or entity to
which they are addressed.<br>
Please note that any views
or opinions presented in
this email are solely<br>
those of the author and are
not intended to represent
those of the company.<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544gmail_signature">______________________________<wbr>___<br>
Note to self: Pillage BEFORE
burning.</div>
</div>
<br>
<fieldset class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<span>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</span></blockquote>
<pre class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544moz-signature" cols="72">--
Jeremy Malcolm
Senior Global Policy Analyst
Electronic Frontier Foundation
<a class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544moz-txt-link-freetext" href="https://eff.org" target="_blank">https://eff.org</a>
<a class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544moz-txt-link-abbreviated" href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a>
Tel: <a href="tel:%28415%29%20436-9333" value="+14154369333" target="_blank">415.436.9333 ext 161</a>
:: Defending Your Rights in the Digital World ::
Public key: <a class="gmail-m_-6522177578646284561m_-3414513183451100299m_-4927271185857328544moz-txt-link-freetext" href="https://www.eff.org/files/2016/11/27/key_jmalcolm.txt" target="_blank">https://www.eff.org/files/2016<wbr>/11/27/key_jmalcolm.txt</a>
PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122</pre>
</div>
______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a>
</blockquote></div>
<div>
</div>--
<div class="gmail-m_-6522177578646284561m_-3414513183451100299gmail_signature">______________________________<wbr>___
Note to self: Pillage BEFORE burning.</div>
</div>
<fieldset class="gmail-m_-6522177578646284561m_-3414513183451100299mimeAttachmentHeader"></fieldset>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="gmail-m_-6522177578646284561m_-3414513183451100299moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="gmail-m_-6522177578646284561m_-3414513183451100299moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
</div></div></div>
______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a>
</blockquote></div>
<div>
</div>--
<div class="gmail-m_-6522177578646284561gmail_signature">______________________________<wbr>___
Note to self: Pillage BEFORE burning.</div>
</div>
</blockquote>
</div></div></div><br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div></div></div></div></div>