[Accred-Model] Letter from FIRST to ICANN regarding GDPR impact on WHOIS

Rubens Kuhl rubensk at nic.br
Fri Apr 20 21:32:09 UTC 2018 

Marteen,

I will address one specific part of the FIRST comment:
"Therefore, we specifically recommend that the ICANN org create a special task force of security experts to sketch out how the IP­based access could be implemented in a manner that mitigates the WP29 concerns while still protecting the security of the unique identifiers during any interim period to avoid a blackout in May. "

The problem is there is none that would address the concerns regarding having a basis for accessing all data. That is independent of how users or organizations are identified; GDPR puts a high standard on how one justifies access to specific data, similar to the principle of least privilege that is very dear to all information security practitioners.

It would be of real benefit if FIRST and WP29 came up together with legal basis for accessing whole data repositories in doing threat intelligence, anti-abuse and incident response, instead of pushing ICANN and contracted parties that can only follow the law to break it. If we need to commit crimes to combat crimes, we might be doing something wrong; some would call that vigilantism.



Rubens
Disclaimer: my employer is a FIRST member but this comment is done from the POV of a gTLD registry operator






> Em 19 de abr de 2018, à(s) 19:50:000, Maarten Van Horenbeeck via Accred-Model <accred-model at icann.org> escreveu:
> 
> Dear ICANN,
> 
> Please find attached a letter from the Forum of Incident Response and Security Teams regarding the recent GDPR impact on the WHOIS system. Please do not hesitate to let us know should you have any further questions.
> 
> Best regards,
> Maarten
> 
> 
> Maarten Van Horenbeeck
> Director, Forum of Incident Response and Security Teams (FIRST)
> Phone +1 206 499 4028 | maarten at first.org <mailto:maarten at first.org> | https://www.first.org <https://www.first.org/>
> 
> <FIRST Letter to ICANN on WHOIS 2018-04-19.pdf>_______________________________________________
> Accred-Model mailing list
> Accred-Model at icann.org
> https://mm.icann.org/mailman/listinfo/accred-model

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180420/d06effe3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180420/d06effe3/signature.asc>

More information about the Accred-Model mailing list