<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Actually no, Steve, we
sorted this out a few months ago....Andrew Sullivan explained
all of this patiently and in great detail, as I recall. I
tried to explain the difference between data elements
constituting PI, because of their association with an
individual, and the requirements to protect. I think I failed
dismally in that effort, because I see we are re-arguing those
issues.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Stephanie </font></font><br>
</p>
<div class="moz-cite-prefix">On 2018-02-20 11:50, Steve Crocker
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABf5zvKBiiqMTsWGEAdvG8LhZ29GYSkMZFoHg91UHCnTCF-Ehg@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div dir="ltr">I'm puzzled by the reference to name servers and A
records. These are necessarily public else the domain name
system won't function. Is there confusion or misunderstanding
about the role of these records?
<div><br>
</div>
<div>Steve</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 20, 2018 at 11:47 AM,
allison nixon <span dir="ltr"><<a
href="mailto:elsakoo@gmail.com" target="_blank"
moz-do-not-send="true">elsakoo@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">1,000,000% agreed. Registrars cannot
eliminate all their risk by masking WHOIS into oblivion.
The DPAs can still ask why they are exposing A records,
nameservers, etc, to anyone who asks for them, without
valid reasons or authentication. Why do they expose zone
files, etc. The DPAs can ask why customer support can
sometimes so easily be social engineered into handing over
accounts to account takeover scammers.
<div><br>
</div>
<div>Since most registrars are also hosting providers/mail
providers, would criminals storing stolen PII on your
servers be a GDPR issue? After all, the ultimate owner
of the server is also considered a "processor", which
has interesting implications if one's customers include
phishers, or sell stolen credit cards, and one's already
been notified. I have even seen miscreants putting doxes
in TXT records.
<div><br>
</div>
<div>I already know of quite a few incidents where
people would have had standing to file a GDPR
complaint against registrars/hosters, unrelated to
WHOIS.<br>
<div><br>
</div>
<div>Eventually the issue is going to impact the core
business model of registrars. This isn't going to
stop at WHOIS. An open dialog with the DPAs at an
early stage is of utmost importance for all parties
involved here.<br>
</div>
</div>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra">
<div>
<div class="h5"><br>
<div class="gmail_quote">On Mon, Feb 19, 2018 at 10:16
AM, Sam Lanfranco <span dir="ltr"><<a
href="mailto:sam@lanfranco.net" target="_blank"
moz-do-not-send="true">sam@lanfranco.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Benny,</p>
<p>This is why I support multi-venue
multi-stakholder dialogue with the DPA's so
that they are appraised of the issues on all
sides of the data protection issue. They are
then more likely to act in a judicious manner,
and less like an attack dog. Watch the new
movie "<b><i>The Post</i></b>" where when <i>Washington
Post</i> owner <span
class="m_4328131330306589257m_-8009525005773725673st">
Katharine Graham decided to publish the
Vietnam War Pentagon Papers, with the
downside risk that she could be jailed for
treason. The court ruled in favor of freedom
of the press. It is not what the DPA can do,
but what they are likely to do, and dialogue
goes a long way to mitigating risk and
shaping appropriate positions and behavior
(with integrity) on all sides. <br>
</span></p>
<p><span
class="m_4328131330306589257m_-8009525005773725673st">Sam
L.<br>
</span></p>
<span> <br>
<div
class="m_4328131330306589257m_-8009525005773725673moz-cite-prefix">On
2/19/2018 10:02 AM, <a
class="m_4328131330306589257m_-8009525005773725673moz-txt-link-abbreviated"
href="mailto:benny@nordreg.se"
target="_blank" moz-do-not-send="true">benny@nordreg.se</a>
wrote:<br>
</div>
</span>
<blockquote type="cite"><span> <ironi on>
Now I am relieved, we as registrars will not
be subject for anything… </ironi off>
<div><br>
</div>
</span>
<div>None of us know where and what they will
prioritise,<b><i> remember that it only take
1 complaint to a DPA to get the snowball
moving.</i></b> [emphasis added] I am
sure your statement have noe value then.</div>
<span>
<div><br>
</div>
<div>
<div>
<div><span
class="m_4328131330306589257m_-8009525005773725673Apple-style-span"
style="border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
<div>--</div>
<div>Med vänliga hälsningar / Kind
Regards / Med vennlig hilsen</div>
</div>
</span><span
class="m_4328131330306589257m_-8009525005773725673Apple-style-span"
style="text-align:-webkit-auto;border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word"> </div>
</span><span
class="m_4328131330306589257m_-8009525005773725673Apple-style-span"
style="text-align:-webkit-auto;border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
<div><br>
Benny Samuelsen<br>
Registry Manager - Domainexpert<br>
<br>
Nordreg AB - ICANN accredited
registrar</div>
<div>IANA-ID: 638</div>
</div>
</span><span
class="m_4328131330306589257m_-8009525005773725673Apple-style-span"
style="text-align:-webkit-auto;border-collapse:separate;border-spacing:0px">
<div style="word-wrap:break-word">
Phone: <a
href="tel:+46%2042%2019%2070%2000"
value="+4642197000"
target="_blank"
moz-do-not-send="true">+46.42197000</a><br>
Direct: <a
href="tel:+47%2032%2026%2002%2001"
value="+4732260201"
target="_blank"
moz-do-not-send="true">+47.32260201</a><br>
Mobile: <a
href="tel:+47%20404%2010%20200"
value="+4740410200"
target="_blank"
moz-do-not-send="true">+47.40410200</a></div>
</span></div>
</div>
<div><br>
<blockquote type="cite">
<div>On 19 Feb 2018, at 15:29, Sam
Lanfranco <<a
href="mailto:sam@lanfranco.net"
target="_blank"
moz-do-not-send="true">sam@lanfranco.net</a>>
wrote:</div>
<br
class="m_4328131330306589257m_-8009525005773725673Apple-interchange-newline">
<div>
<div text="#000000"
bgcolor="#FFFFFF">
<p>Hi Tim, <br>
</p>
<p>No, completely to the contrary.
My point with that dollars
reference was that in some cases
litigation is the preferred
business response, rather than
compliance and paying fines.
Also, the big revenues in mining
big data are outside the DNS
sphere, and outside the abuses
and "bad things" that websites
do to people. The big EU fines
are more likely to hit social
media than Registrars, although
they are risks there as well.
The revenues, and privacy
violations, will come from
profiling users by mining big
data for scraps of personal date
to individualize target
marketing. <br>
</p>
<p><b><i>As a brief aside:</i></b>
This goes well beyond the remit
of ICANN and is actually worse
than just being inundated by
adverts base on personal online
behavior. Artificial
Intelligence mining apps are
increasingly customizing the
"news" one gets from news feeds,
to help "glue the eyeballs" to
the adverts, creating a news
silo of one. (That is amusing
for me since I virtually live in
two towns in two countries).
Even more worrisome is the
growing practice for A.I.
companies where A.I. "writes"
the news releases, now mainly in
sports and finance, for
thousands of print and online
news outlets. I know all of this
is outside the ICANN remit so I
will stop there. <br>
</p>
<p>Sam L. <br>
</p>
<br>
<div
class="m_4328131330306589257m_-8009525005773725673moz-cite-prefix">On
2/18/2018 5:43 PM, Chen, Tim
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Sam,
<div><br>
</div>
<div>When you say these are
hundred million dollar
issues for "the
companies",which companies
are you talking about?
Large Registrars?</div>
<div><br>
</div>
<div>I hope you are not
comparing cybersecurity
professionals and the good
work they are trying to
enable, to a completely
separate privacy issue
around data used for ad
tracking or behavior
tracking across websites.
If I spent my days trying to
protect people on the
internet from bad things, I
would certainly not
appreciate any allusion that
I was engaged on the whois
data issue 'for the money'.</div>
<div><br>
</div>
<div>Tim</div>
<div><br>
</div>
</div>
</blockquote>
<br>
</div>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
<a
class="m_4328131330306589257m_-8009525005773725673moz-txt-link-freetext"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank"
moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></div>
</blockquote>
</div>
<br>
</div>
</span></blockquote>
<span class="m_4328131330306589257HOEnZb"><font
color="#888888"> <br>
<pre class="m_4328131330306589257m_-8009525005773725673moz-signature" cols="72">--
------------------------------<wbr>------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
------------------------------<wbr>------------------
Visiting Prof, Xi'an Jaiotong-Liverpool Univ, Suzhou, China
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: <a class="m_4328131330306589257m_-8009525005773725673moz-txt-link-abbreviated" href="mailto:sam@lanfranco.net" target="_blank" moz-do-not-send="true">sam@lanfranco.net</a> Skype: slanfranco
blog: <a class="m_4328131330306589257m_-8009525005773725673moz-txt-link-freetext" href="https://samlanfranco.blogspot.com" target="_blank" moz-do-not-send="true">https://samlanfranco.blogspot.<wbr>com</a>
Phone: <a href="tel:(613)%20476-0429" value="+16134760429" target="_blank" moz-do-not-send="true">+1 613-476-0429</a> cell: <a href="tel:(416)%20816-2852" value="+14168162852" target="_blank" moz-do-not-send="true">+1 416-816-2852</a></pre>
</font></span></div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
<a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
</div>
</div>
<div class="m_4328131330306589257gmail_signature"
data-smartmail="gmail_signature">______________________________<wbr>___<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
<a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
</body>
</html>