<div dir="ltr">Hi, Benny, Theo et al., <div><br></div><div>I am sorry either/both of you took offense from what I published on CircleID, but I don't see why my personal opinions outside this working group should really matter for the substantive discussion I tried to have below on March 30. I don't think I have pointed fingers at anyone specifically in this group from contracted parties or the registry/registrar community, so please have a little thicker skin and let's re-engage in the discussion of the merits of what I was proposing.</div><div><br></div><div>I don't think it's productive to say that because I didn't bring these ideas up in the working group earlier, therefore "gotcha, it's too late" and doesn't merit discussion. We are trying to balance privacy with security. And in this working group, pointing fingers or blaming one another is totally unproductive. I have not done it to you. And I ask that you please argue the merits instead of questioning my intent based on my personal opinions on how or why we got where we are generally speaking. It's irrelevant. And I didn't bring it up. I hope to hear from you whether in the group or outside of it.<br><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div>All the best,</div><div dir="ltr">Jonathan Matkowsky</div><div dir="ltr"><br><br></div></div></div></div></div>
<br><div class="gmail_quote">On Sat, Mar 31, 2018 at 1:20 PM, theo geurts <span dir="ltr"><<a href="mailto:gtheo@xs4all.nl" target="_blank">gtheo@xs4all.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Really?<br>
<br>
Shame on you all. SHAME!<br>
<br>
Theo<br>
<div class="m_-3740303589014173518moz-cite-prefix">On 31-3-2018 22:08, allison nixon
wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">Sorry for being late to the party, but- registrars
dominate these icann working groups and they dominated this
working group too before the rest of us showed up. The fact that
ICANN makes its money from domain fees collected by registrars
is also not even debatable. So yes, registrars will be blamed,
even if that fact offends you. Even if the appearance of
regulatory capture is unfair (which i am not the judge of and so
cannot say), that is the appearance at this point.
<div dir="auto"><br>
</div>
<div dir="auto">Its amusing to see the first comment on his blog
is from someone claiming that the author is not able to use
whois for security purposes. The same wrong argument made many
times on this list by many registrars here. The author of the
blog post is the vice president of RiskIQ. Maybe he knows a
thing or two about using whois for security purposes. Just
maybe. Hahahahahaha.</div>
<div dir="auto"><br>
</div>
<div dir="auto">If you google search for any other news coverage
on this situation, most of it is pretty critical about the
loss of security we are looking forward to, and critical of
ICANN's procrastination, and so far none are heralding this as
any kind of great victory for the tiny percentage of
registrants who will receive a slightly smaller volume of one
particular kind of spam. You might not like it, but that's how
it is. We were warning about this for a year now.</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mar 31, 2018 3:06 AM, "<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>"
<<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I find it
highly offending that registrars are blamed for this mess. <a href="http://www.circleid.com/posts/20180330_icann_cannot_expect_the_dpas_to_re_design_whois/" rel="noreferrer" target="_blank">http://www.circleid.com/posts/<wbr>20180330_icann_cannot_expect_t<wbr>he_dpas_to_re_design_whois/</a><br>
It’s a bit late to come up with solutions for something
which have been known to happen for nearly two years,
especially from a part of the industry who have work hard to
stop any changes.<br>
<br>
I as one of many requested you and others to come up with
solutions which would work for all but all forces was used
to fight that and fight for the status quo.<br>
<br>
I fully understand and acknowledge that security need data
to work with and these suggestions should have been brought
to the table loooooong time ago.<br>
<br>
--<br>
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen<br>
<br>
Benny Samuelsen<br>
Registry Manager - Domainexpert<br>
<br>
Nordreg AB - ICANN accredited registrar<br>
IANA-ID: 638<br>
Phone: <a href="tel:%2B46.42197000" value="+4642197000" target="_blank">+46.42197000</a><br>
Direct: <a href="tel:%2B47.32260201" value="+4732260201" target="_blank">+47.32260201</a><br>
Mobile: <a href="tel:%2B47.40410200" value="+4740410200" target="_blank">+47.40410200</a><br>
<br>
> On 30 Mar 2018, at 18:08, jonathan m <<a href="mailto:jonathan.matkowsky@riskiq.net" target="_blank">jonathan.matkowsky@riskiq.net</a><wbr>>
wrote:<br>
><br>
> Hi Chuck—I’d like to get a discussion going if that’s
okay with you. I’d like to know whether for the public data
set, it is feasible to have the following solution for the
registrant email. It’s based in part on both technical
implications and policy requirements.<br>
><br>
> 1) Registrar required to notify registrants that
starting on x date, the registrant org field will be relied
on for purposes of treating the Whois record as an
organizational domain rather than as belonging to a natural
person. Check your record for accuracy because it may have
implications for your privacy if you do not already have or
subscribe to proxy or privacy services. A few reminders go
out. Educate registrants they may want to update to “Domain
Admin” instead of having their first and last name for
organizational domains because starting on x date, existing
organizational records will otherwise obfuscate or mask the
local part of the registrant email in public Whois<br>
><br>
> 2) For organizational domains, ICANN will prohibit
masking the organizational domain name in the registrant
email address. Registrars are free to mask the local part of
the registrant email address in accordance with applicable
law in the public Whois.<br>
><br>
> 3) for natural persons, registrars will be required to
use the same encrypted hash algorith so there is parity
across databases even though there is no centralized
database to manage the encryption. The policy will be
enforced by ICANN and subject to auditing. They can warn
registrants of the associated risks of compromise to give
them a chance to take added precautions and purchase proxy
or privacy services.<br>
><br>
> This would be the minimum requirements for modifying
public Whois registrant email address to avoid damaging the
security and stability of the unique identifiers and DNS. If
the downside of doing this is prohibitive, than ICANN should
seek guidance in the April meeting on whether the public
interest in not damaging security and stability outweighs
the privacy interference of having email addresses remain in
the phone books given its not a particularly strong personal
indicator to begin with as privacy and proxy services are
available to those that mind as long as they are notified.<br>
><br>
> This would result in emails in Whois of natural data
subjects being uniformly hashed so that you can freely see
which hash owns what, and Whois of organizations being
freely listed with any local part of such organizational
emails being masked if required by applible law.<br>
><br>
> I would like to hear a discussion on this from the
group this week. Not on the legality of it under GDPR as the
Article 29 working group can weigh in but first we need to
discuss the architectural and policy issues.<br>
><br>
> Thanks<br>
> Jonathan<br>
><br>
> On Fri, Mar 30, 2018 at 11:27 AM Chuck <<a href="mailto:consult@cgomes.com" target="_blank">consult@cgomes.com</a>>
wrote:<br>
> For any of you who have not seen it, the ICANN Blog re
the Session with European DPAs that occurred yesterday, here
is the link:<br>
><br>
><br>
><br>
> <a href="https://www.icann.org/news/blog/data-protection-privacy-issues-update-discussion-with-article-29-en" rel="noreferrer" target="_blank">https://www.icann.org/news/blo<wbr>g/data-protection-privacy-issu<wbr>es-update-discussion-with-arti<wbr>cle-29-en</a><br>
><br>
><br>
><br>
> Chuck<br>
><br>
> ______________________________<wbr>_________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
> --<br>
> Jonathan Matkowsky<br>
><br>
> ******************************<wbr>******************************<wbr>*******<br>
> This message was sent from RiskIQ, and is intended only
for the designated recipient(s). It may contain confidential
or proprietary information and may be subject to
confidentiality protections. If you are not a designated
recipient, you may not review, copy or distribute this
message. If you receive this in error, please notify the
sender by reply e-mail and delete this message. Thank you.<br>
><br>
> ******************************<wbr>******************************<wbr>*******_______________________<wbr>________________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></blockquote>
</div>
</div>
<br>
<fieldset class="m_-3740303589014173518mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_-3740303589014173518moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_-3740303589014173518moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div></div></div>
<br>
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)">******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>*******<br></span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)">This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.</span><p style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"></p><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)">******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>*******</span>