<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Domain names, hostnames, and IP addresses in so far as they are personally identifiable are PII. Courts have ruled on IP addresses already and DPAs have said much the same. <div><br></div><div>So the same logic on why we can’t have a system that lets people advertise who owns the domain is the same argument why DNS must be gated. </div><div><br></div><div>Has any registrar done a PIA on publishing my nameservers? How do I control who gets that information? How do we enforce its for authorized purposes only?<br><br><div id="AppleMailSignature">--<div>John Bambenek</div></div><div><br>On Feb 20, 2018, at 10:50, Steve Crocker <<a href="mailto:steve@shinkuro.com">steve@shinkuro.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">I'm puzzled by the reference to name servers and A records. These are necessarily public else the domain name system won't function. Is there confusion or misunderstanding about the role of these records?<div><br></div><div>Steve</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 20, 2018 at 11:47 AM, allison nixon <span dir="ltr"><<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">1,000,000% agreed. Registrars cannot eliminate all their risk by masking WHOIS into oblivion. The DPAs can still ask why they are exposing A records, nameservers, etc, to anyone who asks for them, without valid reasons or authentication. Why do they expose zone files, etc. The DPAs can ask why customer support can sometimes so easily be social engineered into handing over accounts to account takeover scammers. <div><br></div><div>Since most registrars are also hosting providers/mail providers, would criminals storing stolen PII on your servers be a GDPR issue? After all, the ultimate owner of the server is also considered a "processor", which has interesting implications if one's customers include phishers, or sell stolen credit cards, and one's already been notified. I have even seen miscreants putting doxes in TXT records.<div><br></div><div>I already know of quite a few incidents where people would have had standing to file a GDPR complaint against registrars/hosters, unrelated to WHOIS.<br><div><br></div><div>Eventually the issue is going to impact the core business model of registrars. This isn't going to stop at WHOIS. An open dialog with the DPAs at an early stage is of utmost importance for all parties involved here.<br></div></div></div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Mon, Feb 19, 2018 at 10:16 AM, Sam Lanfranco <span dir="ltr"><<a href="mailto:sam@lanfranco.net" target="_blank">sam@lanfranco.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Benny,</p>
<p>This is why I support multi-venue multi-stakholder dialogue with
the DPA's so that they are appraised of the issues on all sides of
the data protection issue. They are then more likely to act in a
judicious manner, and less like an attack dog. Watch the new movie
"<b><i>The Post</i></b>" where when <i>Washington Post</i> owner
<span class="m_4328131330306589257m_-8009525005773725673st"> Katharine Graham decided to publish the Vietnam
War Pentagon Papers, with the downside risk that she could be
jailed for treason. The court ruled in favor of freedom of the
press. It is not what the DPA can do, but what they are likely
to do, and dialogue goes a long way to mitigating risk and
shaping appropriate positions and behavior (with integrity) on
all sides. <br>
</span></p>
<p><span class="m_4328131330306589257m_-8009525005773725673st">Sam L.<br>
</span></p><span>
<br>
<div class="m_4328131330306589257m_-8009525005773725673moz-cite-prefix">On 2/19/2018 10:02 AM, <a class="m_4328131330306589257m_-8009525005773725673moz-txt-link-abbreviated" href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>
wrote:<br>
</div>
</span><blockquote type="cite"><span>
<ironi on> Now I am relieved, we as registrars will not be
subject for anything… </ironi off>
<div><br>
</div>
</span><div>None of us know where and what they will prioritise,<b><i>
remember that it only take 1 complaint to a DPA to get the
snowball moving.</i></b> [emphasis added] I am sure your
statement have noe value then.</div><span>
<div><br>
</div>
<div>
<div>
<div><span class="m_4328131330306589257m_-8009525005773725673Apple-style-span" style="border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
<div>--</div>
<div>Med vänliga hälsningar / Kind Regards
/ Med vennlig hilsen</div>
</div>
</span><span class="m_4328131330306589257m_-8009525005773725673Apple-style-span" style="text-align:-webkit-auto;border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
</div>
</span><span class="m_4328131330306589257m_-8009525005773725673Apple-style-span" style="text-align:-webkit-auto;border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
<div><br>
Benny Samuelsen<br>
Registry Manager - Domainexpert<br>
<br>
Nordreg AB - ICANN accredited registrar</div>
<div>IANA-ID: 638</div>
</div>
</span><span class="m_4328131330306589257m_-8009525005773725673Apple-style-span" style="text-align:-webkit-auto;border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
Phone: <a href="tel:+46%2042%2019%2070%2000" value="+4642197000" target="_blank">+46.42197000</a><br>
Direct: <a href="tel:+47%2032%2026%2002%2001" value="+4732260201" target="_blank">+47.32260201</a><br>
Mobile: <a href="tel:+47%20404%2010%20200" value="+4740410200" target="_blank">+47.40410200</a></div>
</span></div>
</div>
<div><br>
<blockquote type="cite">
<div>On 19 Feb 2018, at 15:29, Sam Lanfranco <<a href="mailto:sam@lanfranco.net" target="_blank">sam@lanfranco.net</a>> wrote:</div>
<br class="m_4328131330306589257m_-8009525005773725673Apple-interchange-newline">
<div>
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Tim, <br>
</p>
<p>No, completely to the contrary. My point
with that dollars reference was that in some cases
litigation is the preferred business response, rather
than compliance and paying fines. Also, the big
revenues in mining big data are outside the DNS
sphere, and outside the abuses and "bad things" that
websites do to people. The big EU fines are more
likely to hit social media than Registrars, although
they are risks there as well. The revenues, and
privacy violations, will come from profiling users by
mining big data for scraps of personal date to
individualize target marketing. <br>
</p>
<p><b><i>As a brief aside:</i></b>
This goes well beyond the remit of ICANN and is
actually worse than just being inundated by adverts
base on personal online behavior. Artificial
Intelligence mining apps are increasingly customizing
the "news" one gets from news feeds, to help "glue the
eyeballs" to the adverts, creating a news silo of
one. (That is amusing for me since I virtually live
in two towns in two countries). Even more worrisome is
the growing practice for A.I. companies where A.I.
"writes" the news releases, now mainly in sports and
finance, for thousands of print and online news
outlets. I know all of this is outside the ICANN remit
so I will stop there.
<br>
</p>
<p>Sam L. <br>
</p>
<br>
<div class="m_4328131330306589257m_-8009525005773725673moz-cite-prefix">On 2/18/2018 5:43 PM, Chen,
Tim wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Sam,
<div><br>
</div>
<div>When you say these are hundred million
dollar issues for "the companies",which companies
are you talking about? Large Registrars?</div>
<div><br>
</div>
<div>I hope you are not comparing
cybersecurity professionals and the good work they
are trying to enable, to a completely separate
privacy issue around data used for ad tracking or
behavior tracking across websites. If I spent my
days trying to protect people on the internet from
bad things, I would certainly not appreciate any
allusion that I was engaged on the whois data
issue 'for the money'.</div>
<div><br>
</div>
<div>Tim</div>
<div><br>
</div>
</div>
</blockquote>
<br>
</div>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a class="m_4328131330306589257m_-8009525005773725673moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></div>
</blockquote>
</div>
<br>
</div>
</span></blockquote><span class="m_4328131330306589257HOEnZb"><font color="#888888">
<br>
<pre class="m_4328131330306589257m_-8009525005773725673moz-signature" cols="72">--
------------------------------<wbr>------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
------------------------------<wbr>------------------
Visiting Prof, Xi'an Jaiotong-Liverpool Univ, Suzhou, China
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: <a class="m_4328131330306589257m_-8009525005773725673moz-txt-link-abbreviated" href="mailto:sam@lanfranco.net" target="_blank">sam@lanfranco.net</a> Skype: slanfranco
blog: <a class="m_4328131330306589257m_-8009525005773725673moz-txt-link-freetext" href="https://samlanfranco.blogspot.com" target="_blank">https://samlanfranco.blogspot.<wbr>com</a>
Phone: <a href="tel:(613)%20476-0429" value="+16134760429" target="_blank">+1 613-476-0429</a> cell: <a href="tel:(416)%20816-2852" value="+14168162852" target="_blank">+1 416-816-2852</a></pre>
</font></span></div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br></div></div><div class="m_4328131330306589257gmail_signature" data-smartmail="gmail_signature">______________________________<wbr>___<br>Note to self: Pillage BEFORE burning.</div>
</div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>gnso-rds-pdp-wg mailing list</span><br><span><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a></span><br><span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span></div></blockquote></div></body></html>