<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>I think that we should explore that. In the case of personal data in jurisdictions with restrictive laws about displaying it publicly, I think that consent is an approach that has some possibilities. As WSGR points out, it is not a trivial process, but it could be one way of dealing with this.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Chuck<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Paul Keating [mailto:paul@law.es] <br><b>Sent:</b> Wednesday, October 04, 2017 6:10 AM<br><b>To:</b> Chuck <consult@cgomes.com><br><b>Cc:</b> allison nixon <elsakoo@gmail.com>; Jeremy Malcolm <jmalcolm@eff.org>; gnso-rds-pdp-wg@icann.org<br><b>Subject:</b> Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Chuck and alison<o:p></o:p></p></div><div id=AppleMailSignature><p class=MsoNormal><o:p> </o:p></p></div><div id=AppleMailSignature><p class=MsoNormal>Is there a purpose that could support the public display of PID such that consent could be requested and provided?<br><br>Sincerely,<o:p></o:p></p><div><p class=MsoNormal>Paul Keating, Esq.<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>On Oct 4, 2017, at 2:46 PM, Chuck <<a href="mailto:consult@cgomes.com">consult@cgomes.com</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>I have similar views to Allison’s with regard to primary versus secondary purposes. It is not at all clear to me that it matters. One of the clarifying questions we have asked WSGR relates to this. I hope they will respond because I think it would help us as we deliberate further on users and purposes.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Allison – I have one clarifying question for you: Do you support keeping personal information public in jurisdictions where that would be illegal? I assume not and, if I am correct in assuming that, then I think that we need to focus on how to deal with that. Your suggestions for informed consent could help in that regard.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Chuck<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><b>From:</b> <a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a> [<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">mailto:gnso-rds-pdp-wg-bounces@icann.org</a>] <b>On Behalf Of </b>allison nixon<br><b>Sent:</b> Tuesday, October 03, 2017 3:32 PM<br><b>To:</b> Jeremy Malcolm <<a href="mailto:jmalcolm@eff.org">jmalcolm@eff.org</a>><br><b>Cc:</b> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a> >> <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a> <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>><br><b>Subject:</b> Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal>Thank you for the additional clarification Jeremy as I think I understand youall's position better. Those of us from the anti-abuse side are pretty happy with the imperfect, redacted, and fake info we currently have access to. We aren't interested in coercing reluctant people into disclosing things they don't want to. We want to keep the available information public, not gated, for the same reasons why you described a "vetting" process as prone to problems. We don't want the collected information reduced, and we are very adamant about this. We agree on informed consent and really anything that can help people keep themselves safer online.<o:p></o:p></p><div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>The distinction between "primary" and "secondary" purpose seems less important to me since no one here is seriously pushing for an expansion of collected information. We just don't want it reduced to uselessness which is what this group is still in danger of doing, since this working group has for the most part treated anti-abuse as completely irrelevant. I am fine with anti-abuse being listed as a secondary purpose. So long as it is listed as a purpose.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div></div></div><div><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal>On Tue, Oct 3, 2017 at 6:04 PM, Jeremy Malcolm <<a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><p class=MsoNormal>On 3/10/17 2:56 pm, allison nixon wrote:<br>> Those and others are currently listed on ICANN's website as uses for<br>> WHOIS data. To reject anti-abuse as a purpose would be to shift away<br>> from the currently accepted purposes of WHOIS.<br><br>I'm arguing that it's a secondary purpose, not the primary purpose. A<br>secondary purpose is a purpose for which information, that was gathered<br>for a primary purpose, can also legitimately be used. So for ICANN to<br>call these uses of WHOIS data "legitimate" does not imply for purposes<br>of data protection law that they are the primary purpose for collection<br>of that data.<br><br>The distinction is that if anti-abuse is a primary purpose, we would be<br>collecting a lot more information than if it is a secondary purpose. (I<br>accept you're not arguing for the collection of additional information,<br>but my opposition to anti-abuse as a primary purpose is to counter such<br>arguments.)<o:p></o:p></p><div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>--<br>Jeremy Malcolm<br>Senior Global Policy Analyst<br>Electronic Frontier Foundation<br><a href="https://eff.org" target="_blank">https://eff.org</a><br><a href="mailto:jmalcolm@eff.org">jmalcolm@eff.org</a><br><br>Tel: <a href="tel:415.436.9333%20ext%20161">415.436.9333 ext 161</a><br><br>:: Defending Your Rights in the Digital World ::<br><br>Public key: <a href="https://www.eff.org/files/2016/11/27/key_jmalcolm.txt" target="_blank">https://www.eff.org/files/2016/11/27/key_jmalcolm.txt</a><br>PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122<br><br><br><o:p></o:p></p></div></div></blockquote></div><p class=MsoNormal><br><br clear=all><o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div><p class=MsoNormal>-- <o:p></o:p></p><div><p class=MsoNormal>_________________________________<br>Note to self: Pillage BEFORE burning.<o:p></o:p></p></div></div></div></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></p></div></blockquote></div></body></html>