[registration-issues-wg] [CPWG] Urgent EPDP question

Evan Leibovitch evanleibovitch at gmail.com
Tue Oct 16 18:35:37 UTC 2018


Doesn't matter. Cost it out and build it in. Domains are way underpriced,
so that circumstance is not unwelcome from an end user PoV.

___________________
Evan Leibovitch, Toronto
@evanleibovitch/@el56

On Tue, Oct 16, 2018, 3:52 AM Michele Neylon - Blacknight, <
michele at blacknight.com> wrote:

> Alan
>
> Please let us know what these “shortcuts and mechanisms” are.
>
> Simply stating they exist does not mean that they actually do.
>
> Regards
>
> Michele
>
> Mr Michele Neylon
> Blacknight Hosting & Domains
> http://www.blacknight.host/
> http://www.mneylon.social
> Sent from mobile so typos and brevity are normal
>
> On 16 Oct 2018, at 04:49, Alan Greenberg <alan.greenberg at mcgill.ca> wrote:
>
> There are all sorts of shortcuts and mechanisms to do this "sorting". But
> yes, ultimately there is a cost. And the only source of funds is
> registrants or other business if you chose to cross-subsidize. Just the
> same question as "who is paying for GDPR implementation?" or participation
> in the EPDP. No one forces you or anyone to be a registrar.
>
> Alan
>
>
> At 15/10/2018 03:50 PM, theo geurts wrote:
>
> Who is going to pay to sort out millions of records? We talking 3 decades
> of data.  If we can exclude legacy data we might get somewhere.
>
> Theo
>
> On 15-10-2018 21:45, Alan Greenberg wrote:
>
> Anyone else from the ALAC?  One more and we have a majority.
>
> Alan
>
> At 15/10/2018 05:14 AM, Tijani BEN JEMAA wrote:
>
> I agree that Legal persons should be treated differently as required by
> the GDPR: Only natural persons are concerned.
>
> -
> ----------------------------------------------------------------------------
>
> *Tijani BEN JEMAA *Executive Director
> Mediterranean Federation of Internet Associations (*FMAI*)
> Phone: +216 98 330 114
>           +216 52 385 114
>
> -----------------------------------------------------------------------------
>
>
> Le 15 oct. 2018 Ã  10:01, Michele Neylon - Blacknight <
> michele at blacknight.com > a écrit :
>
> Derek
>
> You can see exactly which version of the RAA registrars are signed onto
> here:
>
> https://www.icann.org/registrar-reports/accredited-list.html
>
> While there might have been one or two left on the 2009 contract up until
> relatively recently I cannot find any on the list now.
>
> Regards
>
> Michele
>
>
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> https://blacknight.blog/
> Intl. +353 (0) 59  9183072
> Direct Dial: +353 (0)59 9183090
> Personal blog: https://michele.blog/
> Some thoughts: https://ceo.hosting/
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>
> On 15/10/2018, 08:17, "registration-issues-wg on behalf of Derek
> Smythe" <registration-issues-wg-bounces at atlarge-lists.icann.org on behalf
> of derek at aa419.org>
> <registration-issues-wg-bounces at atlarge-lists.icann.orgonbehalfofderek@aa419.org>
> wrote:
>
>    Yes, agreed 100%.
>
>    Contracted parties should treat Legal Persons differently from Natural
>    Persons.
>
>    We are essentially asking consumers to sign a blank check/cheque when
>    they try and deal with a new business that's GDPR protected as they
>    can't do any form of due diligence in reality. This makes any consumer
>    a potential target to loss of privacy, fraud and more.
>
>    The only argument should really be as to whether this extends to all
>    Natural Persons or just those of the EU.
>
>    We need to consider a major concern here is the abuse of domains. How
>    do we protect or mitigate? This is what keeps us all safer. Law
>    enforcement simply cannot do it all as is a matter of record. Nor will
>    litigation for numerous reasons.
>
>    We also need to ask what happens is a domain claims to be a natural
>    person, but is used for a company? We most certainly have malicious
>    "Interpol", "United Nations" clone domains out there registered to
>    natural persons. And fictitious companies. Even a registrant name "Bar
>    Clay" used for a fake bank. This needs to be addressed as well as we
>    are guaranteed to see abuse of the definitions here.
>
> (As you may note if you looked at the RDS-WHOIS2 report, registrars under
> the 2013 RAA must do some validation of contact information for new an
> transfered domains, but none to simple renewal. so there are currently
> 140,000,000 domains without verified information (5 years after the 2013
> RAA came into force) and there is no requirement to ever validate their
> information - so unspecified time frames can last a LONG time.)
>
>
>    I believe we see the most abuse at the start of the domain's life
>    cycle and the chance of abuse declines over time. This has most
>    certainly been my experience in advance fee fraud. So we can be
>    somewhat flexible on older established domains.
>
>    A bigger danger is registrars that have not signed the RAA 2013 and
>    still bound under older versions of the RAA. I discovered one
>    recently, much abused.
>
>    A potential loophole is in private domain resales. We encounter
>    situations where the new owner simply changes the emails and not the
>    other details, then starts abusing that domain. This is also used as a
>    stepping stone to purchase new domains at the original registrar.
>
>
>    Something to chew on, three years old but still as valid as ever:
>
>
> http://www.securityskeptic.com/2015/07/how-to-register-a-gtld-domain-name-without-disclosing-personal-data.html
>
>    Obviously there is a risk in displaying Legal Persons details. But if
>    they can't protect themselves, how can they be expected to protect
>    those they deal with? A simple explanation page to each registrant
>    email would be simpler than trying to fix later where we're heading to.
>
>    Derek Smythe
>    Artists Against 419
>    http://www.aa419.org
>
>
>    On 2018/10/15 03:12, Alan Greenberg wrote:
>
> Here is a question that we need an answer on no later than Tuesday
> morning.
>
> GDPR requires the information related to Natural Persons be protected
> (for those resident in Europe) be protected. GDPR does not apply to
> Legal Persons (ie companies).
>
> ICANN's Temporary Spec allows contracted parties to treat all
> registrant alike and subject to GDPR.
>
> The EPDP Charter includes questions about whether contracted parties
> may or must treat Legal Persons differently from Natural Persons.
>
> The GAC, BC and IPC have made strong statements about the need to
> restrict GDPS to Natural Persons. The contracted parties are pushing
> back - strongly. The words vary, but in essence what they are saying
> ranges from there should be no constraint on them to yes, they may
> differentiate but with an unspecified time-frame.  (As you may note if
> you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA
> must do some validation of contact information for new an transfered
> domains, but none to simple renewal. so there are currently
> 140,000,000 domains without verified information (5 years after the
> 2013 RAA came into force) and there is no requirement to ever validate
> their information - so unspecified time frames can last a LONG time.)
>
> I personally feel that it is essential that we should differentiate
> between legal persons and natural persons, just as GDPR and other
> privacy legislation does.
>
> Comments?
>
> Alan
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
>    _______________________________________________
>    registration-issues-wg mailing list
>    registration-issues-wg at atlarge-lists.icann.org
>    https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
>
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
>
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
>
>
>
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20181016/5cd0523e/attachment.html>


More information about the registration-issues-wg mailing list