<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Ok, so you agree with my in principle and we're just haggling
over the details now. Flip a coin for all I care, opt-in/opt-out
and move forward.</p>
<p>So let's do that. When can we implement?<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:58 AM, Volker Greimann
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:5ea765db-5ad2-c1e0-2962-de352f68b028@key-systems.net">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>You are still looking at the wrong end of the horse. Privacy is
not the choice, it is the default. Divulging data is the choice.<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.02.2018 um 17:57 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite"
cite="mid:07b57b1a-0b47-4da2-6fac-0dd1b45c0e2a@bambenekconsulting.com">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<p>Exactly right. As far as I'm concerned if we made privacy a
free choice, make the fields optional for all I care, and
whatever they do make is public... we have solved this
problem.</p>
<p>People who ACTUALLY protect society against privacy threats
have the data to do their jobs, consumers who want privacy
have a free option for it, and registrars can be in compliance
with the law.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:54 AM, DANIEL
NANGHAKA wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAD4W+iOkUWZiVn_hrXXFxEpDS4ynP8LNh+aOt0Mbz1myLLe9gQ@mail.gmail.com">This
is just an example but there is a lot of damage that can be
caused with data being exposed. In our case we have phone
numbers, addresses, emails which is required to verification.
<div><br>
</div>
<div>This takes us to issue of consent.<br>
<br>
On Tuesday, February 13, 2018, John Bambenek via
gnso-rds-pdp-wg <<a
href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Let's be honest here, we're talking about phone
numbers and email addresses. The threat model is
RADICALLY different with the data we are talking
about.<br>
</p>
<br>
<div>On 2/13/2018 10:45 AM, Stephanie Perrin wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the fact that noone has responded to
my last post, I offer the following update to the
Equifax breach to further illustrate my point. As
many companies have found out, you don't find out
what you've got till it's gone.....a further reason
for data minimization and short retention periods.<br>
</p>
<div>
<table cellspacing="0" cellpadding="0" height="107"
width="787" border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New Roman"><font size="3"><a
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
target="_blank" moz-do-not-send="true">http://www.theregister.co.uk/<wbr>2018/02/13/equifax_security_<wbr>breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought:
Biz kissed goodbye to card expiry dates, tax
IDs etc</b><br>
Pwned credit-score biz quietly admits more info
lost<br>
By Iain Thomson in San Francisco 13 Feb 2018 at
02:13<br>
<br>
Last year, Equifax admitted <br>
<a
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_<wbr>equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on 145
million Americans and hundreds of thousands in
the UK <br>
<a
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks "primarily"
took names, social security numbers, birth
dates, home addresses, credit-score dispute
forms, and, in some instances, credit card
numbers and driver license numbers. Now the
credit-checking giant reckons the intruders
snatched even more information from its
databases.<br>
<br>
According to documents provided by Equifax to
the US Senate Banking Committee, <br>
and <u>revealed this month by Senator Elizabeth
Warren (D-MA)</u>, <br>
<a
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
target="_blank" moz-do-not-send="true">https://apnews.com/<wbr>2a51e3e5f9a945978df4ad96246b8e<wbr>cc</a><br>
the attackers also grabbed taxpayer
identification numbers, phone numbers, email
addresses, and credit card expiry dates
belonging to some Equifax customers.<br>
<br>
Like social security numbers, taxpayer ID
numbers are useful for fraudsters seeking to
steal people's identities or their tax rebates,
and the expiry dates are similarly useful for
online crooks when linked with credit card
numbers and other personal information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue incomplete,
confusing and contradictory statements and hide
information from Congress and the public, it is
clear that five months after the breach was
publicly announced, Equifax has yet to answer
this simple question in full: what was the
precise extent of the breach?" Warren fumed in a
missive late last week.<br>
<a
href="https://www.warren.senate.gov/?p=press_release&id=2317"
target="_blank" moz-do-not-send="true">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti stressed
to The Register today that the extra information
snatched by hackers, as revealed by Senator
Warren, belonged to "some" Equifax customers. In
other words, not everyone had their phone
numbers, email addresses, and so on, slurped by
crooks just some. How much is some? Equifax
isn't saying, hence Warren's (and everyone
else's) growing frustration.<br>
<br>
The senator is a cosponsor of the <u>proposed
Data Breach Prevention and Compensation Act, </u><br>
<a
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_<wbr>agencies_fines/</a><br>
which, if passed, would impose computer security
regulations on credit reporting agencies, with
mandatory fines that would have led to Equifax
coughing up $1.5bn for its IT blunder.<br>
<br>
Some regulation or punishment is obviously
needed.<br>
<br>
No senior Equifax executives were fired over the
attack instead the CEO, CSO and CIO were all
allowed to retire with multi-million dollar
golden parachutes. The US government's Consumer
Financial Protection Bureau promised a full
investigation into the Equifax affair, and then
gave up. On February 7, an open letter [PDF] <br>
<a
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
target="_blank" moz-do-not-send="true">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%<wbr>20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the
probe was dropped, and the gang has yet to
receive a response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> <br>
Regards <br>
Nanghaka Daniel K.<br>
<span style="font-size:small">Executive
Director - ILICIT Africa / Chair -
FOSSFA / Community Lead - ISOC
Uganda Chapter / Geo4Africa Lead /
Organising Team - FOSS4G2018</span><br>
Mobile +256 772 898298 (Uganda)<br>
</div>
<div>Skype: daniel.nanghaka<br>
</div>
<div><br>
</div>
<div>-----------------------------------------
<i><span>"Working for Africa" </span></i>-----------------------------------------<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
</body>
</html>