<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Exactly right. As far as I'm concerned if we made privacy a free
choice, make the fields optional for all I care, and whatever they
do make is public... we have solved this problem.</p>
<p>People who ACTUALLY protect society against privacy threats have
the data to do their jobs, consumers who want privacy have a free
option for it, and registrars can be in compliance with the law.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:54 AM, DANIEL NANGHAKA
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAD4W+iOkUWZiVn_hrXXFxEpDS4ynP8LNh+aOt0Mbz1myLLe9gQ@mail.gmail.com">This
is just an example but there is a lot of damage that can be caused
with data being exposed. In our case we have phone numbers,
addresses, emails which is required to verification.
<div><br>
</div>
<div>This takes us to issue of consent.<br>
<br>
On Tuesday, February 13, 2018, John Bambenek via gnso-rds-pdp-wg
<<a href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Let's be honest here, we're talking about phone numbers
and email addresses. The threat model is RADICALLY
different with the data we are talking about.<br>
</p>
<br>
<div>On 2/13/2018 10:45 AM, Stephanie Perrin wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the fact that noone has responded to my
last post, I offer the following update to the Equifax
breach to further illustrate my point. As many
companies have found out, you don't find out what you've
got till it's gone.....a further reason for data
minimization and short retention periods.<br>
</p>
<div>
<table cellspacing="0" cellpadding="0" height="107"
width="787" border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE"
align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New Roman"><font size="3"><a
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
target="_blank" moz-do-not-send="true">http://www.theregister.co.uk/<wbr>2018/02/13/equifax_security_<wbr>breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought: Biz
kissed goodbye to card expiry dates, tax IDs etc</b><br>
Pwned credit-score biz quietly admits more info lost<br>
By Iain Thomson in San Francisco 13 Feb 2018 at
02:13<br>
<br>
Last year, Equifax admitted <br>
<a
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_<wbr>equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on 145
million Americans and hundreds of thousands in the
UK <br>
<a
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks "primarily"
took names, social security numbers, birth dates,
home addresses, credit-score dispute forms, and, in
some instances, credit card numbers and driver
license numbers. Now the credit-checking giant
reckons the intruders snatched even more information
from its databases.<br>
<br>
According to documents provided by Equifax to the US
Senate Banking Committee, <br>
and <u>revealed this month by Senator Elizabeth
Warren (D-MA)</u>, <br>
<a
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
target="_blank" moz-do-not-send="true">https://apnews.com/<wbr>2a51e3e5f9a945978df4ad96246b8e<wbr>cc</a><br>
the attackers also grabbed taxpayer identification
numbers, phone numbers, email addresses, and credit
card expiry dates belonging to some Equifax
customers.<br>
<br>
Like social security numbers, taxpayer ID numbers
are useful for fraudsters seeking to steal people's
identities or their tax rebates, and the expiry
dates are similarly useful for online crooks when
linked with credit card numbers and other personal
information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue incomplete,
confusing and contradictory statements and hide
information from Congress and the public, it is
clear that five months after the breach was publicly
announced, Equifax has yet to answer this simple
question in full: what was the precise extent of the
breach?" Warren fumed in a missive late last week.<br>
<a
href="https://www.warren.senate.gov/?p=press_release&id=2317"
target="_blank" moz-do-not-send="true">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti stressed to
The Register today that the extra information
snatched by hackers, as revealed by Senator Warren,
belonged to "some" Equifax customers. In other
words, not everyone had their phone numbers, email
addresses, and so on, slurped by crooks just some.
How much is some? Equifax isn't saying, hence
Warren's (and everyone else's) growing frustration.<br>
<br>
The senator is a cosponsor of the <u>proposed Data
Breach Prevention and Compensation Act, </u><br>
<a
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_<wbr>agencies_fines/</a><br>
which, if passed, would impose computer security
regulations on credit reporting agencies, with
mandatory fines that would have led to Equifax
coughing up $1.5bn for its IT blunder.<br>
<br>
Some regulation or punishment is obviously needed.<br>
<br>
No senior Equifax executives were fired over the
attack instead the CEO, CSO and CIO were all allowed
to retire with multi-million dollar golden
parachutes. The US government's Consumer Financial
Protection Bureau promised a full investigation into
the Equifax affair, and then gave up. On February 7,
an open letter [PDF] <br>
<a
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
target="_blank" moz-do-not-send="true">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%<wbr>20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the probe
was dropped, and the gang has yet to receive a
response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> <br>
Regards <br>
Nanghaka Daniel K.<br>
<span style="font-size:small">Executive
Director - ILICIT Africa / Chair -
FOSSFA / Community Lead - ISOC Uganda
Chapter / Geo4Africa Lead / Organising
Team - FOSS4G2018</span><br>
Mobile +256 772 898298 (Uganda)<br>
</div>
<div>Skype: daniel.nanghaka<br>
</div>
<div><br>
</div>
<div>-----------------------------------------
<i><span>"Working for Africa" </span></i>-----------------------------------------<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
</body>
</html>