<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">In response to Maxim's remarks, I don't think we need to define primary or secondary purpose by considering the "third party's" relationship to the EU. What we need to do is come to a worldwide and generic determination as to the purposes of RDS.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Greg Shatan</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 4, 2017 at 10:06 AM, allison nixon <span dir="ltr"><<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span class="">>>Allison – I have one clarifying question for you: Do you support keeping personal information public in jurisdictions where that would be illegal? I assume not and, if I am correct in assuming that, then I think that we need to focus on how to deal with that. Your suggestions for informed consent could help in that regard.<div><br></div></span><div>What a complicated question. First, obviously, I don't support breaking the law, but laws in different countries are going to conflict, so we ARE going to contractually obligate someone to break the law somewhere.</div><div><br></div><div>Second, it's still not clear that this breaks the law. As has been said time and time again, data collection is not legal but only if there is no worthy purpose behind it. When the data protection commissioners, and outside counsel were both asked about WHOIS, they were not supplied with any of the many many worthy purposes that were discussed on this list, and no realistic conversation was actually had about the anti-abuse use of WHOIS. This is why I objected so much to the re-use of those questions. Apparently others asked to give input in the questions asked of outside counsel and they were not given the opportunity to either.</div><div><br></div><div>Third, a number of people on this list who want nothing more than to remove WHOIS entirely have declared it illegal, but from the overall patterns on this list, it appears that many making that argument are happy to ignore and misinterpret facts and even basic English sentences so long as it allows them to declare that removing WHOIS is what needs to be done. So their legal opinions are highly suspect, and I do not believe they are the actual legal opinions of the EU regulators. </div><div><br></div><div>Fourth, I know a number of exemptions exist within the GDPR that allows companies to retain data to protect themselves, and for national security, criminal investigations, public safety, etc. Despite WHOIS fulfilling a critical role in all of those issues, this has never been seriously discussed here, and certainly wouldn't have been acknowledged by the people who only use their legal knowledge to find reasons to declare WHOIS illegal. I don't know how ICANN can seek or obtain an exemption, but I'm hoping someone with legal knowledge and less bias could illuminate this. If an exemption can be issued, many legal concerns become moot.</div><div><br></div><div><br></div><div><br></div><div>and re: Paul Keating's email:</div><span class=""><div><br></div><div>>> <span style="font-size:12.8px">Is there a purpose that could support the public display of PID such that consent could be requested and provided?</span></div><div><span style="font-size:12.8px"><br></span></div></span><div><span style="font-size:12.8px">I don't know what PID stands for</span></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 4, 2017 at 8:45 AM, Chuck <span dir="ltr"><<a href="mailto:consult@cgomes.com" target="_blank">consult@cgomes.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div class="m_3571567255301224589m_8796637446256460280WordSection1"><p class="MsoNormal">I have similar views to Allison’s with regard to primary versus secondary purposes. It is not at all clear to me that it matters. One of the clarifying questions we have asked WSGR relates to this. I hope they will respond because I think it would help us as we deliberate further on users and purposes.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Allison – I have one clarifying question for you: Do you support keeping personal information public in jurisdictions where that would be illegal? I assume not and, if I am correct in assuming that, then I think that we need to focus on how to deal with that. Your suggestions for informed consent could help in that regard.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Chuck<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><b>From:</b> <a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.<wbr>org</a> [mailto:<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>] <b>On Behalf Of </b>allison nixon<br><b>Sent:</b> Tuesday, October 03, 2017 3:32 PM<br><b>To:</b> Jeremy Malcolm <<a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a>><br><b>Cc:</b> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a> >> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a> <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>><span><br><b>Subject:</b> Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Thank you for the additional clarification Jeremy as I think I understand youall's position better. Those of us from the anti-abuse side are pretty happy with the imperfect, redacted, and fake info we currently have access to. We aren't interested in coercing reluctant people into disclosing things they don't want to. We want to keep the available information public, not gated, for the same reasons why you described a "vetting" process as prone to problems. We don't want the collected information reduced, and we are very adamant about this. We agree on informed consent and really anything that can help people keep themselves safer online.<u></u><u></u></p><div><div class="m_3571567255301224589h5"><div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">The distinction between "primary" and "secondary" purpose seems less important to me since no one here is seriously pushing for an expansion of collected information. We just don't want it reduced to uselessness which is what this group is still in danger of doing, since this working group has for the most part treated anti-abuse as completely irrelevant. I am fine with anti-abuse being listed as a secondary purpose. So long as it is listed as a purpose.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div><div><div class="m_3571567255301224589h5"><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">On Tue, Oct 3, 2017 at 6:04 PM, Jeremy Malcolm <<a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a>> wrote:<u></u><u></u></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in"><p class="MsoNormal">On 3/10/17 2:56 pm, allison nixon wrote:<br>> Those and others are currently listed on ICANN's website as uses for<br>> WHOIS data. To reject anti-abuse as a purpose would be to shift away<br>> from the currently accepted purposes of WHOIS.<br><br>I'm arguing that it's a secondary purpose, not the primary purpose. A<br>secondary purpose is a purpose for which information, that was gathered<br>for a primary purpose, can also legitimately be used. So for ICANN to<br>call these uses of WHOIS data "legitimate" does not imply for purposes<br>of data protection law that they are the primary purpose for collection<br>of that data.<br><br>The distinction is that if anti-abuse is a primary purpose, we would be<br>collecting a lot more information than if it is a secondary purpose. (I<br>accept you're not arguing for the collection of additional information,<br>but my opposition to anti-abuse as a primary purpose is to counter such<br>arguments.)<u></u><u></u></p><div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>--<br>Jeremy Malcolm<br>Senior Global Policy Analyst<br>Electronic Frontier Foundation<br><a href="https://eff.org" target="_blank">https://eff.org</a><br><a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a><br><br>Tel: <a href="tel:415.436.9333%20ext%20161" target="_blank">415.436.9333 ext 161</a><br><br>:: Defending Your Rights in the Digital World ::<br><br>Public key: <a href="https://www.eff.org/files/2016/11/27/key_jmalcolm.txt" target="_blank">https://www.eff.org/files/2016<wbr>/11/27/key_jmalcolm.txt</a><br>PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122<br><br><u></u><u></u></p></div></div></blockquote></div><p class="MsoNormal"><br><br clear="all"><u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><p class="MsoNormal">-- <u></u><u></u></p><div><p class="MsoNormal">______________________________<wbr>___<br>Note to self: Pillage BEFORE burning.<u></u><u></u></p></div></div></div></div></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_3571567255301224589gmail_signature" data-smartmail="gmail_signature">______________________________<wbr>___<br>Note to self: Pillage BEFORE burning.</div>
</div>
</div></div><br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>