[Accred-Model] Version 1.6 of the Accreditation and Access Model

Tue Jun 19 18:26:57 UTC 2018

This would be an enforcement nightmare.

Multiple enforcement mechanisms for ICANN Whois accreditation policy including govt agencies - potentially many govts around the world.

*	Could we implement standardized penalties?  Or would it vary govt-to-govt?
*	Would there also be private, for-profit enforcement entities?
*	Would each entity be able to charge whatever they want?
*	What would happen if a govt wasn’t following the rules themselves - would they have provider contracts w/ ICANN?

Unfortunately, this proposition sounds like an unmanageable, expensive & fragmented mess to me.

Cyntia King

O:  +1 816.633.7647

C:  +1 818.209.6088

From: Rubens Kuhl <rubensk at nic.br> 
Sent: Tuesday, June 19, 2018 1:03 PM
To: Cyntia King <cking at modernip.com>
Cc: John R. Levine <johnl at iecc.com>; accred-model at icann.org
Subject: Re: [Accred-Model] Version 1.6 of the Accreditation and Access Model

Cyntia,

Just to be clear, the initial suggestion by Michael Palage incorporated in itself a mechanism, instead of relying on Privacy Shield. Perhaps Privacy Shield certification could be use to achieve some of its requirements in order to save for organizations already subscribed for it, instead of being the only option. 

Rubens

Em 19 de jun de 2018, à(s) 14:58:000, Cyntia King <cking at modernip.com <mailto:cking at modernip.com> > escreveu:

Easy for whom?
I'm a small business owner & this is daunting, to say the least.
And there are multiple fees involved.

Are we suggesting that this should be ICANN’s enforcement mechanism for accessing Whois data?  This would be on top of the accreditation & fees we’re already discussing, right?

What about ‘foreign’ companies - are we asking non-US companies to self-certify w/ the Us govt?

I don’t see how this solves much of anything, but it would certainly make accreditation more difficult & expensive.

Cyntia King

O:  +1 816.633.7647

C:  +1 818.209.6088

<image001.jpg>

-----Original Message-----
From: Accred-Model < <mailto:accred-model-bounces at icann.org> accred-model-bounces at icann.org> On Behalf Of Rubens Kuhl
Sent: Tuesday, June 19, 2018 12:48 PM
To: John R. Levine < <mailto:johnl at iecc.com> johnl at iecc.com>
Cc:  <mailto:accred-model at icann.org> accred-model at icann.org
Subject: Re: [Accred-Model] Version 1.6 of the Accreditation and Access Model

> Em 19 de jun de 2018, à(s) 14:32:000, John R. Levine < <mailto:johnl at iecc.com> johnl at iecc.com> escreveu:

> 

>> It's great when there is actually an easy solution.  At least for the many US companies, law firms, cybersecurity firms, and others (and this a huge part of the group seeking access), they should "self-certify" to the EU-US Privacy Shield, via procedures set up by the US Department of Commerce and Federal Trade Commission.

> 

> Well, at least until the EU courts kill privacy shield like they did Safe Harbor.

> 

> Banks and non-profits such as CAUCE are not eligible for Privacy Shield (they're not regulated by the FTC or DOT.)  For small organizations the PS rules are extremely conplex and there's a mandatory annual payment to cover potential arbitration costs.

> 

> Can we back up and explain what problem this overcomplex "solution" is supposed to be solving here?

Having redress mechanisms for data subjects that have their data privacy rights violated. With great power, there must also come great responsibility.

Rubens

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180619/67fd3413/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 5366 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180619/67fd3413/image001.jpg>