<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I am not sure you want that, because that means completely dark
whois. <br>
</p>
<p>I'd prefer an approach where we do not need to rely on consent
(but can still offer it as an option). The hard bit is finding the
right principles of who gets access to what and how even when
there is no consent. <br>
</p>
<p>Consent is not the solution.<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.02.2018 um 18:00 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite"
cite="mid:8f161433-545e-7c0b-acaa-d382f4129a81@bambenekconsulting.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Ok, so you agree with my in principle and we're just haggling
over the details now. Flip a coin for all I care, opt-in/opt-out
and move forward.</p>
<p>So let's do that. When can we implement?<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:58 AM, Volker
Greimann wrote:<br>
</div>
<blockquote type="cite"
cite="mid:5ea765db-5ad2-c1e0-2962-de352f68b028@key-systems.net">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p>You are still looking at the wrong end of the horse. Privacy
is not the choice, it is the default. Divulging data is the
choice.<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.02.2018 um 17:57 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite"
cite="mid:07b57b1a-0b47-4da2-6fac-0dd1b45c0e2a@bambenekconsulting.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p>Exactly right. As far as I'm concerned if we made privacy a
free choice, make the fields optional for all I care, and
whatever they do make is public... we have solved this
problem.</p>
<p>People who ACTUALLY protect society against privacy threats
have the data to do their jobs, consumers who want privacy
have a free option for it, and registrars can be in
compliance with the law.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:54 AM, DANIEL
NANGHAKA wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAD4W+iOkUWZiVn_hrXXFxEpDS4ynP8LNh+aOt0Mbz1myLLe9gQ@mail.gmail.com">This
is just an example but there is a lot of damage that can be
caused with data being exposed. In our case we have phone
numbers, addresses, emails which is required to
verification.
<div><br>
</div>
<div>This takes us to issue of consent.<br>
<br>
On Tuesday, February 13, 2018, John Bambenek via
gnso-rds-pdp-wg <<a
href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Let's be honest here, we're talking about phone
numbers and email addresses. The threat model is
RADICALLY different with the data we are talking
about.<br>
</p>
<br>
<div>On 2/13/2018 10:45 AM, Stephanie Perrin wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the fact that noone has responded
to my last post, I offer the following update to
the Equifax breach to further illustrate my
point. As many companies have found out, you
don't find out what you've got till it's
gone.....a further reason for data minimization
and short retention periods.<br>
</p>
<div>
<table cellspacing="0" cellpadding="0"
height="107" width="787" border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New Roman"><font size="3"><a
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
target="_blank" moz-do-not-send="true">http://www.theregister.co.uk/<wbr>2018/02/13/equifax_security_<wbr>breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought:
Biz kissed goodbye to card expiry dates, tax
IDs etc</b><br>
Pwned credit-score biz quietly admits more
info lost<br>
By Iain Thomson in San Francisco 13 Feb 2018
at 02:13<br>
<br>
Last year, Equifax admitted <br>
<a
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_<wbr>equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on
145 million Americans and hundreds of
thousands in the UK <br>
<a
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks
"primarily" took names, social security
numbers, birth dates, home addresses,
credit-score dispute forms, and, in some
instances, credit card numbers and driver
license numbers. Now the credit-checking giant
reckons the intruders snatched even more
information from its databases.<br>
<br>
According to documents provided by Equifax to
the US Senate Banking Committee, <br>
and <u>revealed this month by Senator
Elizabeth Warren (D-MA)</u>, <br>
<a
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
target="_blank" moz-do-not-send="true">https://apnews.com/<wbr>2a51e3e5f9a945978df4ad96246b8e<wbr>cc</a><br>
the attackers also grabbed taxpayer
identification numbers, phone numbers, email
addresses, and credit card expiry dates
belonging to some Equifax customers.<br>
<br>
Like social security numbers, taxpayer ID
numbers are useful for fraudsters seeking to
steal people's identities or their tax
rebates, and the expiry dates are similarly
useful for online crooks when linked with
credit card numbers and other personal
information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue
incomplete, confusing and contradictory
statements and hide information from Congress
and the public, it is clear that five months
after the breach was publicly announced,
Equifax has yet to answer this simple question
in full: what was the precise extent of the
breach?" Warren fumed in a missive late last
week.<br>
<a
href="https://www.warren.senate.gov/?p=press_release&id=2317"
target="_blank" moz-do-not-send="true">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti
stressed to The Register today that the extra
information snatched by hackers, as revealed
by Senator Warren, belonged to "some" Equifax
customers. In other words, not everyone had
their phone numbers, email addresses, and so
on, slurped by crooks just some. How much is
some? Equifax isn't saying, hence Warren's
(and everyone else's) growing frustration.<br>
<br>
The senator is a cosponsor of the <u>proposed
Data Breach Prevention and Compensation Act,
</u><br>
<a
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_<wbr>agencies_fines/</a><br>
which, if passed, would impose computer
security regulations on credit reporting
agencies, with mandatory fines that would have
led to Equifax coughing up $1.5bn for its IT
blunder.<br>
<br>
Some regulation or punishment is obviously
needed.<br>
<br>
No senior Equifax executives were fired over
the attack instead the CEO, CSO and CIO were
all allowed to retire with multi-million
dollar golden parachutes. The US government's
Consumer Financial Protection Bureau promised
a full investigation into the Equifax affair,
and then gave up. On February 7, an open
letter [PDF] <br>
<a
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
target="_blank" moz-do-not-send="true">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%<wbr>20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the
probe was dropped, and the gang has yet to
receive a response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> <br>
Regards <br>
Nanghaka Daniel K.<br>
<span style="font-size:small">Executive
Director - ILICIT Africa / Chair -
FOSSFA / Community Lead - ISOC
Uganda Chapter / Geo4Africa Lead /
Organising Team - FOSS4G2018</span><br>
Mobile +256 772 898298 (Uganda)<br>
</div>
<div>Skype: daniel.nanghaka<br>
</div>
<div><br>
</div>
<div>-----------------------------------------
<i><span>"Working for Africa" </span></i>-----------------------------------------<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>