<div dir="ltr"><div>>> So, I can see a day that if privacy advocates and/or EU legislation fears prevent such a Best Practice as proper WHOIS records, the service providers will simply choose practices, such as 'you cannot access our service unless you have public whois information available'.<br></div><div><br></div><div>It's already happening. Try sending an e-mail using a domain behind WHOIS privacy. Some anti-spam systems drop it straight in the garbage because WHOIS privacy is already a negative reputation point. If WHOIS gets shut down, I fully expect groups like Spamhaus, M3AAWG, APWG, etc, to publish a set of guidelines that registrants need to abide by in order to send mail, or be accessible by people behind corporate firewalls that block based on reputation. ICANN must understand that they are at risk of losing relevancy if they want to take this hardline approach, because if a law breaks the continued functioning of a network, the network will route around it.</div><div><br></div><div>Look at the "cookies" EU law. Did that actually stop any websites from using cookies? No, it just created a popup that no one reads but everyone clicks through to visit the website. Because breaking cookies breaks websites. </div><div><br></div><div><br></div><div>>>Some of us have real jobs too..</div><div><br></div><div>which is the main reason why i can't spend 8 hours every day watching this group, unlike some people here who have been active in this group for years now. </div><div><br></div><div><br></div><div><br></div><div>My response to Chuck's email earlier, I bolded the responses and tagged the start and end of my replies for clarity:</div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">"independent answers to the same questions we asked the European data protection experts earlier in the year"<br>[Chuck Gomes] That was a request from WG members who felt that the DP experts might be biased. The questions were developed by the WG. There were two primary reasons for using the same questions: 1) both groups would be responding to the same questions and therefore make it easy to compare; 2) the questions were approved by the WG.</blockquote><div><br></div><div><b><allison>I don't think anyone accused the DP experts of being biased. The objection was that the questions themselves were biased. The words "phishing" and "spam" and "malware" never once appeared in this entire document, despite being major core issues. The only abuse issues that were focused on were in relation to intellectual property violation and harassment of women, both of which are not the major issues most of us deal with on a daily basis(not to belittle them but they are generally not the reason why we are here today). The word "fraud" was mentioned once in a question and then never directly addressed in the response.</b></div><div><b><br></b></div><div><b>Additionally, my entire industry was grossly misrepresented in question #6. None of us operate with police powers, and none of us pretend to have any. When we submit a complaint to a registrar about one of their customers breaking the law, the illegality of the act provides necessary justification for the registrar to drop the customer without a refund. This is not prosecution of a crime, and claiming it is such is a lie. Evidence of breaking the law is necessary because registrars aren't just going to take down any customer we say we don't like. I wholly object to the entire line they continued on about cybersecurity companies and "quasi-police powers", because the question never differentiated between civil and criminal actions and it was therefore misleading. </b></div><div><b><br></b></div><div><b>None of the questions addressed the issues that registrants have where their WHOIS and other reputation points affect the de-facto functionality of a domain, for example a domain's functionality is hampered when it is on blocklists. Or if someone sends a complaint against the domain and has no tools to differentiate the registrant from the criminal (as registrar accounts are often hacked), then the incorrect accusation can also affect the operability of the domain as it is mistakenly taken down in confusion. None of the questions ask about conflicts between GDPR and basic network-level-functionality of domains.</b></div><div><b><br></b></div><div><b>Also, none of the questions ask if a free no-obligation alternative (whois privacy protect) enhances the validity of consent given for making WHOIS records public. </allison></b></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">So we weren't allowed to ask questions of these legal experts? You know, they can't magically divine all legitimate use cases. The session with the EU data protection experts earlier this year is the exact same one we objected to because anti abuse use cases got exactly zero representation. So why choose that exact set of questions again especially since an entire group of people have joined the group afterwards(actually, due to this specific problem of lack of representation)? And then label it "final", really.<br>[Chuck Gomes] We didn’t ask them to consider use cases except as they were relevant to the questions we asked; that is our job and we prepared a list of those a long time ago. We asked them to focus on their understanding of European Data Protection law. Our WG has a good mix of people that use RDS data for different uses.</blockquote><div> </div><div><b><allison>And his answers are borderline useless. The scenarios presented were extremely poor, and not reflecting today's Internet and the problems network operators face. For example, when he writes "This means that the term 'vital interest' is to be interpreted as referring to an individual’s life, health, safety, or other such interest that is essential to their physical wellbeing", he goes on to talk about IP violations, the rights of a child, the economic interests of a search engine, finally concluding "we believe that the </b><b>conditions for using the 'legitimate interests' legal basis would not be satisfied".</b></div><div><b><br></b></div><div><b>That's a complete misrepresentation of the interests at stake here. The issue at hand is not the economic interests of one company nor about mere copyright infringement. The WHOIS data resource is used to combat all types of fraud, international espionage, rigging of elections, and so many hostile attacks. Some of these attacks, especially DDOS, frequently threaten basic functionality of the Internet. It has an international strategic value and promotes lawful behavior far more than it hurts. It's used to create cleaner, safer networks. There are countless documented instances where WHOIS played a key role and where the replacement system would have allowed the malicious behavior to continue. All of these facts have been conveniently left out of the question, and since the lawyer can't be expected to know all this, he has no choice but to conclude that the legitimate interests provided are too weak. </allison></b></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Havent gone through it yet, will do so as i get time. Expecting to see the same result one can expect when one doesn't represent entire groups of constituencies.<br>[Chuck Gomes] What do you mean by representing ‘entire groups of constituencies’? Do you represent an entire constituency? Are you aware of any constituencies who are not represented in the WG? If so, please encourage them to participate.</blockquote></div><div><br></div><div><b><allison>Dozens of people joined this mailing list after numerous events demonstrated that this working group did not consider the overall well being of the Internet, and had a completely skewed idea of the problems the Internet faces today. People were outraged that this group was going in the direction it was going, ignoring how the Internet actually works. The fact that these questions were chosen- and the fact that the new membership(especially those that joined after the questions were initially asked) were not given any opportunity to provide input on questions to the lawyer- does not reflect well on the leadership of this working group. Even when the original questions were created, as far as I can tell, only people physically present at that meeting had any chance to provide input. For those of us with jobs in operations, being ever-present for this working group is impossible, and none of us have the stamina that some of the people here have, because we are busy working. </b></div><div><b><br></b></div><div><b>At its most charitable interpretation, the choice of these specific questions could be an innocent oversight or miscommunication. At its least charitable, it looks like ICANN's money was wasted on a procedural trick to keep facts out of the conversation and continue to push a narrow agenda.</b></div><div><b><br></b></div><div><b>People from numerous unrelated Internet companies and law firms flooded this group earlier this year once sunshine was shed on this group's activities. Maybe that's important. Please take it seriously. </allison></b></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 27, 2017 at 6:22 PM, Michael Peddemors <span dir="ltr"><<a href="mailto:michael@linuxmagic.com" target="_blank">michael@linuxmagic.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">IMHO, If ICANN cannot figure out how to make a proper functioning WHOIS policy, we have to remember that the community at large will, and then simply, ICANN will loose relevance on this issue.<br>
<br>
No one passed a law that a mail server had to have a functioning PTR record, (well yes, some international spam legislations clearly spelled out the need for clearly specifying the operator) but if you want to send email today, functionally you need a PTR record.<br>
<br>
Only problem is, that often it is the biggest players that set those standards, and it is the role of organizations like ICANN to level the field, and make sure that directions aren't dictated by the biggest players on the block, and never more so in a world of consolidation and cloud providers.<br>
<br>
I think it was Yahoo that was one of the first big players to simply not accept connections from IP(s) with no PTR, and I know we were one of the early adopters to that strategy..<br>
<br>
So, I can see a day that if privacy advocates and/or EU legislation fears prevent such a Best Practice as proper WHOIS records, the service providers will simply choose practices, such as 'you cannot access our service unless you have public whois information available'.<br>
<br>
It would be far better if ICANN can understand the importance of that need, and make a statement that everyone can get behind and point to, that levels that field, in 'spite' of possible contradictory privacy information.<br>
<br>
Let's just simple keep these two conversations separate, one should NOT affect the other, this isn't a privacy vs information publishing standards issue, we can have both.<br>
<br>
(And again, I assert that simply 'informed consent' can always deal with any situations where they conflict)<br>
<br>
-- Michael --<br>
<br>
PS, my concern is that this lengthy wrangling prevents real work from getting done, and the participants who are integral to this conversation will fall by the way side, and the lobbyist's will simply wear them down ..<br>
<br>
Some of us have real jobs too..<span class=""><br>
<br>
<br>
On 17-09-27 02:58 PM, John Bambenek via gnso-rds-pdp-wg wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
A simple policy proscription would be, for instance, to say under US law if you get a domain under the control of a US registrar, we need you to consent to full disclosure. Don't like it, pick a European ccTLD. I don't advocate that, mind you, but that's the kind of policy balkanization could produce.<br>
<br>
j<br>
<br>
<br>
On 09/27/2017 04:31 PM, Paul Keating wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
I am failing to understand how such a walled-garden approach will solve anything.<br>
<br>
</span><a href="http://1.EU" rel="noreferrer" target="_blank">1.EU</a> registrars/registries would still have to deal with GDPR.<br>
<br>
2.Registrars are not aided by the distinction since they would still end up with EU customers and EU registrant data.<br>
<br>
PRK<br>
<br>
From: <<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann<wbr>.org</a> <mailto:<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>>> on behalf of jonathan matkowsky <<a href="mailto:jonathan.matkowsky@riskiq.net" target="_blank">jonathan.matkowsky@riskiq.net</a> <mailto:<a href="mailto:jonathan.matkowsky@riskiq.net" target="_blank">jonathan.matkowsky@ris<wbr>kiq.net</a>>><span class=""><br>
Date: Wednesday, September 27, 2017 at 11:03 PM<br></span>
To: Rubens Kuhl <<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a> <mailto:<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a>>><br>
Cc: RDS PDP WG <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a> <mailto:<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.<wbr>org</a>>><span class=""><br>
Subject: Re: [gnso-rds-pdp-wg] WSGR Final Memorandum<br>
<br>
Assuming for argument's sake that's true without taking any<br>
position as I'm still catching up from a week ago, I'm not sure<br>
this should be dismissed without consideration as a possibility,<br>
although obviously not by any stretch of the imagination ideal --><br>
non-EU registrars block EU registrants, and registries contract<br>
with non-EU registrars.<br>
<br>
On Tue, Sep 26, 2017 at 8:25 PM, Rubens Kuhl <<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a><br></span>
<mailto:<a href="mailto:rubensk@nic.br" target="_blank">rubensk@nic.br</a>>> wrote:<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
On Sep 26, 2017, at 7:17 PM, John Horton<br>
<<a href="mailto:john.horton@legitscript.com" target="_blank">john.horton@legitscript.com</a><br></span><span class="">
<mailto:<a href="mailto:john.horton@legitscript.com" target="_blank">john.horton@legitscrip<wbr>t.com</a>>> wrote:<br>
<br>
Much of this problem goes away if we all agree that EU-based<br>
registrars should henceforth only be allowed to accept<br>
registrants in the EU. Aside from the effect on EU<br>
registrars' revenue, what's the logical argument against that<br>
from a policy perspective?<br>
<br></span>
After all, isn't the purpose of the GDPR to protect _EU<br>
residents_?<br>
</blockquote><span class="">
<br>
That's correct, but the conclusion is not. Non-EU registrars<br>
are also subject to GDPR if targeting EU customers, which<br>
could be as simple as providing services in EU languages and<br>
accepting registration transactions from the EU.<br>
So, for the problem to go away non-EU registrars would need to<br>
block EU registrants, and registries would only be able to<br>
enter contracts with non-EU registrars.<br>
<br>
So EU users would either be happy using numeric IP addresses,<br>
or develop a naming system of their own. Then we would have<br>
balkanisation, this time actually including the original balkans.<br>
<br>
<br>
Rubens<br>
<br>
<br>
<br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br></span>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a> <mailto:<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.<wbr>org</a>><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><span class=""><br>
<<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a>><br>
<br>
<br>
<br>
******************************<wbr>******************************<wbr>*******<br>
This message was sent from RiskIQ, and is intended only for the<br>
designated recipient(s). It may contain confidential or<br>
proprietary information and may be subject to confidentiality<br>
protections. If you are not a designated recipient, you may not<br>
review, copy or distribute this message. If you receive this in<br>
error, please notify the sender by reply e-mail and delete this<br>
message. Thank<br>
you.**************************<wbr>******************************<wbr>***********___________________<wbr>____________________________<br>
gnso-rds-pdp-wg mailing list <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br></span>
<mailto:<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.<wbr>org</a>><span class=""><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</span></blockquote>
<br>
<br>
<br><span class="">
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
<br>
</span></blockquote>
<br>
<br>
<br>
-- <br>
"Catch the Magic of Linux..."<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
Michael Peddemors, President/CEO LinuxMagic Inc.<br>
Visit us at <a href="http://www.linuxmagic.com" rel="noreferrer" target="_blank">http://www.linuxmagic.com</a> @linuxmagic<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
A Wizard IT Company - For More Info <a href="http://www.wizard.ca" rel="noreferrer" target="_blank">http://www.wizard.ca</a><br>
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
<a href="tel:604-682-0300" value="+16046820300" target="_blank">604-682-0300</a> Beautiful British Columbia, Canada<br>
<br>
This email and any electronic data contained are confidential and intended<br>
solely for the use of the individual or entity to which they are addressed.<br>
Please note that any views or opinions presented in this email are solely<br>
those of the author and are not intended to represent those of the company.<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>