<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>You are still looking at the wrong end of the horse. Privacy is
not the choice, it is the default. Divulging data is the choice.<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.02.2018 um 17:57 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite"
cite="mid:07b57b1a-0b47-4da2-6fac-0dd1b45c0e2a@bambenekconsulting.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Exactly right. As far as I'm concerned if we made privacy a
free choice, make the fields optional for all I care, and
whatever they do make is public... we have solved this problem.</p>
<p>People who ACTUALLY protect society against privacy threats
have the data to do their jobs, consumers who want privacy have
a free option for it, and registrars can be in compliance with
the law.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:54 AM, DANIEL
NANGHAKA wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAD4W+iOkUWZiVn_hrXXFxEpDS4ynP8LNh+aOt0Mbz1myLLe9gQ@mail.gmail.com">This
is just an example but there is a lot of damage that can be
caused with data being exposed. In our case we have phone
numbers, addresses, emails which is required to verification.
<div><br>
</div>
<div>This takes us to issue of consent.<br>
<br>
On Tuesday, February 13, 2018, John Bambenek via
gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Let's be honest here, we're talking about phone numbers
and email addresses. The threat model is RADICALLY
different with the data we are talking about.<br>
</p>
<br>
<div>On 2/13/2018 10:45 AM, Stephanie Perrin wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the fact that noone has responded to my
last post, I offer the following update to the Equifax
breach to further illustrate my point. As many
companies have found out, you don't find out what
you've got till it's gone.....a further reason for
data minimization and short retention periods.<br>
</p>
<div>
<table cellspacing="0" cellpadding="0" height="107"
width="787" border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New Roman"><font size="3"><a
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
target="_blank" moz-do-not-send="true">http://www.theregister.co.uk/<wbr>2018/02/13/equifax_security_<wbr>breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought: Biz
kissed goodbye to card expiry dates, tax IDs etc</b><br>
Pwned credit-score biz quietly admits more info
lost<br>
By Iain Thomson in San Francisco 13 Feb 2018 at
02:13<br>
<br>
Last year, Equifax admitted <br>
<a
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_<wbr>equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on 145
million Americans and hundreds of thousands in the
UK <br>
<a
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks "primarily"
took names, social security numbers, birth dates,
home addresses, credit-score dispute forms, and,
in some instances, credit card numbers and driver
license numbers. Now the credit-checking giant
reckons the intruders snatched even more
information from its databases.<br>
<br>
According to documents provided by Equifax to the
US Senate Banking Committee, <br>
and <u>revealed this month by Senator Elizabeth
Warren (D-MA)</u>, <br>
<a
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
target="_blank" moz-do-not-send="true">https://apnews.com/<wbr>2a51e3e5f9a945978df4ad96246b8e<wbr>cc</a><br>
the attackers also grabbed taxpayer identification
numbers, phone numbers, email addresses, and
credit card expiry dates belonging to some Equifax
customers.<br>
<br>
Like social security numbers, taxpayer ID numbers
are useful for fraudsters seeking to steal
people's identities or their tax rebates, and the
expiry dates are similarly useful for online
crooks when linked with credit card numbers and
other personal information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue incomplete,
confusing and contradictory statements and hide
information from Congress and the public, it is
clear that five months after the breach was
publicly announced, Equifax has yet to answer this
simple question in full: what was the precise
extent of the breach?" Warren fumed in a missive
late last week.<br>
<a
href="https://www.warren.senate.gov/?p=press_release&id=2317"
target="_blank" moz-do-not-send="true">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti stressed to
The Register today that the extra information
snatched by hackers, as revealed by Senator
Warren, belonged to "some" Equifax customers. In
other words, not everyone had their phone numbers,
email addresses, and so on, slurped by crooks just
some. How much is some? Equifax isn't saying,
hence Warren's (and everyone else's) growing
frustration.<br>
<br>
The senator is a cosponsor of the <u>proposed
Data Breach Prevention and Compensation Act, </u><br>
<a
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_<wbr>agencies_fines/</a><br>
which, if passed, would impose computer security
regulations on credit reporting agencies, with
mandatory fines that would have led to Equifax
coughing up $1.5bn for its IT blunder.<br>
<br>
Some regulation or punishment is obviously needed.<br>
<br>
No senior Equifax executives were fired over the
attack instead the CEO, CSO and CIO were all
allowed to retire with multi-million dollar golden
parachutes. The US government's Consumer Financial
Protection Bureau promised a full investigation
into the Equifax affair, and then gave up. On
February 7, an open letter [PDF] <br>
<a
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
target="_blank" moz-do-not-send="true">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%<wbr>20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the probe
was dropped, and the gang has yet to receive a
response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> <br>
Regards <br>
Nanghaka Daniel K.<br>
<span style="font-size:small">Executive
Director - ILICIT Africa / Chair -
FOSSFA / Community Lead - ISOC Uganda
Chapter / Geo4Africa Lead / Organising
Team - FOSS4G2018</span><br>
Mobile +256 772 898298 (Uganda)<br>
</div>
<div>Skype: daniel.nanghaka<br>
</div>
<div><br>
</div>
<div>-----------------------------------------
<i><span>"Working for Africa" </span></i>-----------------------------------------<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>