[registration-issues-wg] [CPWG] Urgent EPDP question

theo geurts gtheo at xs4all.nl
Mon Oct 15 19:50:10 UTC 2018


Who is going to pay to sort out millions of records? We talking 3 
decades of data.  If we can exclude legacy data we might get somewhere.

Theo


On 15-10-2018 21:45, Alan Greenberg wrote:
> Anyone else from the ALAC?  One more and we have a majority.
>
> Alan
>
> At 15/10/2018 05:14 AM, Tijani BEN JEMAA wrote:
>> I agree that Legal persons should be treated differently as required 
>> by the GDPR: Only natural persons are concerned.
>>
>> - 
>> ----------------------------------------------------------------------------
>> *Tijani BEN JEMAA
>> *Executive Director
>> Mediterranean Federation of Internet Associations (*FMAI*)
>> Phone: +216 98 330 114
>>           +216 52 385 114
>> -----------------------------------------------------------------------------
>>
>>
>>> Le 15 oct. 2018 Ã 10:01, Michele Neylon - Blacknight 
>>> <michele at blacknight.com <mailto:michele at blacknight.com> > a écrit :
>>>
>>> Derek
>>>
>>> You can see exactly which version of the RAA registrars are signed 
>>> onto here:
>>>
>>> https://www.icann.org/registrar-reports/accredited-list.html 
>>> <https://www.icann.org/registrar-reports/accredited-list.html>
>>>
>>> While there might have been one or two left on the 2009 contract up 
>>> until relatively recently I cannot find any on the list now.
>>>
>>> Regards
>>>
>>> Michele
>>>
>>>
>>>
>>> --
>>> Mr Michele Neylon
>>> Blacknight Solutions
>>> Hosting, Colocation & Domains
>>> https://www.blacknight.com/ <https://www.blacknight.com/>
>>> https://blacknight.blog/ <https://blacknight.blog/>
>>> Intl. +353 (0) 59  9183072
>>> Direct Dial: +353 (0)59 9183090
>>> Personal blog: https://michele.blog/
>>> Some thoughts: https://ceo.hosting/
>>> -------------------------------
>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business 
>>> Park,Sleaty
>>> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>>>
>>> On 15/10/2018, 08:17, "registration-issues-wg on behalf of Derek 
>>> Smythe" <registration-issues-wg-bounces at atlarge-lists.icann.org on 
>>> behalf of derek at aa419.org> wrote:
>>>
>>>    Yes, agreed 100%.
>>>
>>>    Contracted parties should treat Legal Persons differently from 
>>> Natural
>>>    Persons.
>>>
>>>    We are essentially asking consumers to sign a blank check/cheque when
>>>    they try and deal with a new business that's GDPR protected as they
>>>    can't do any form of due diligence in reality. This makes any 
>>> consumer
>>>    a potential target to loss of privacy, fraud and more.
>>>
>>>    The only argument should really be as to whether this extends to all
>>>    Natural Persons or just those of the EU.
>>>
>>>    We need to consider a major concern here is the abuse of domains. How
>>>    do we protect or mitigate? This is what keeps us all safer. Law
>>>    enforcement simply cannot do it all as is a matter of record. Nor 
>>> will
>>>    litigation for numerous reasons.
>>>
>>>    We also need to ask what happens is a domain claims to be a natural
>>>    person, but is used for a company? We most certainly have malicious
>>>    "Interpol", "United Nations" clone domains out there registered to
>>>    natural persons. And fictitious companies. Even a registrant name 
>>> "Bar
>>>    Clay" used for a fake bank. This needs to be addressed as well as we
>>>    are guaranteed to see abuse of the definitions here.
>>>
>>>> (As you may note if you looked at the RDS-WHOIS2 report, registrars 
>>>> under the 2013 RAA must do some validation of contact information 
>>>> for new an transfered domains, but none to simple renewal. so there 
>>>> are currently 140,000,000 domains without verified information (5 
>>>> years after the 2013 RAA came into force) and there is no 
>>>> requirement to ever validate their information - so unspecified 
>>>> time frames can last a LONG time.)
>>>
>>>    I believe we see the most abuse at the start of the domain's life
>>>    cycle and the chance of abuse declines over time. This has most
>>>    certainly been my experience in advance fee fraud. So we can be
>>>    somewhat flexible on older established domains.
>>>
>>>    A bigger danger is registrars that have not signed the RAA 2013 and
>>>    still bound under older versions of the RAA. I discovered one
>>>    recently, much abused.
>>>
>>>    A potential loophole is in private domain resales. We encounter
>>>    situations where the new owner simply changes the emails and not the
>>>    other details, then starts abusing that domain. This is also used 
>>> as a
>>>    stepping stone to purchase new domains at the original registrar.
>>>
>>>
>>>    Something to chew on, three years old but still as valid as ever:
>>>
>>> http://www.securityskeptic.com/2015/07/how-to-register-a-gtld-domain-name-without-disclosing-personal-data.html 
>>>
>>>
>>>    Obviously there is a risk in displaying Legal Persons details. But if
>>>    they can't protect themselves, how can they be expected to protect
>>>    those they deal with? A simple explanation page to each registrant
>>>    email would be simpler than trying to fix later where we're 
>>> heading to.
>>>
>>>    Derek Smythe
>>>    Artists Against 419
>>> http://www.aa419.org <http://www.aa419.org/>
>>>
>>>
>>>    On 2018/10/15 03:12, Alan Greenberg wrote:
>>>> Here is a question that we need an answer on no later than Tuesday
>>>> morning.
>>>>
>>>> GDPR requires the information related to Natural Persons be protected
>>>> (for those resident in Europe) be protected. GDPR does not apply to
>>>> Legal Persons (ie companies).
>>>>
>>>> ICANN's Temporary Spec allows contracted parties to treat all
>>>> registrant alike and subject to GDPR.
>>>>
>>>> The EPDP Charter includes questions about whether contracted parties
>>>> may or must treat Legal Persons differently from Natural Persons.
>>>>
>>>> The GAC, BC and IPC have made strong statements about the need to
>>>> restrict GDPS to Natural Persons. The contracted parties are pushing
>>>> back - strongly. The words vary, but in essence what they are saying
>>>> ranges from there should be no constraint on them to yes, they may
>>>> differentiate but with an unspecified time-frame.  (As you may note if
>>>> you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA
>>>> must do some validation of contact information for new an transfered
>>>> domains, but none to simple renewal. so there are currently
>>>> 140,000,000 domains without verified information (5 years after the
>>>> 2013 RAA came into force) and there is no requirement to ever validate
>>>> their information - so unspecified time frames can last a LONG time.)
>>>>
>>>> I personally feel that it is essential that we should differentiate
>>>> between legal persons and natural persons, just as GDPR and other
>>>> privacy legislation does.
>>>>
>>>> Comments?
>>>>
>>>> Alan
>>>>
>>>> _______________________________________________
>>>> CPWG mailing list
>>>> CPWG at icann.org
>>>> https://mm.icann.org/mailman/listinfo/cpwg 
>>>> <https://mm.icann.org/mailman/listinfo/cpwg>
>>>> _______________________________________________
>>>> registration-issues-wg mailing list
>>>> registration-issues-wg at atlarge-lists.icann.org
>>>> https://mm.icann.org/mailman/listinfo/registration-issues-wg 
>>> _______________________________________________
>>>    registration-issues-wg mailing list
>>>    registration-issues-wg at atlarge-lists.icann.org
>>> https://mm.icann.org/mailman/listinfo/registration-issues-wg 
>>> <https://mm.icann.org/mailman/listinfo/registration-issues-wg>
>>>
>>>
>>> _______________________________________________
>>> registration-issues-wg mailing list
>>> registration-issues-wg at atlarge-lists.icann.org
>>> https://mm.icann.org/mailman/listinfo/registration-issues-wg 
>>> <https://mm.icann.org/mailman/listinfo/registration-issues-wg> 
>>
>> _______________________________________________
>> registration-issues-wg mailing list
>> registration-issues-wg at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/registration-issues-wg 
>> <https://mm.icann.org/mailman/listinfo/registration-issues-wg> 
>
>
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20181015/6a65de18/attachment.html>


More information about the registration-issues-wg mailing list