[CPWG] [SPAM] Re: [registration-issues-wg] [GTLD-WG] ALAC Statement regarding EPDP
Marita Moll
mmoll at ca.inter.net
Mon Aug 6 16:08:00 UTC 2018
I am in agreement with Tijani, Holly, Bastian and Michele. Perhaps it is
unintentional, but the language does send the message that we are
looking more carefully at security than privacy. I am also not convinced
that end-users would want us to do that.
Marita
On 8/3/2018 10:30 AM, Tijani BEN JEMAA wrote:
> Very interesting discussion. This issue has been discussed several
> times and the positions didn’t change.
> What bothers me is the presentation of the registrants interest
> as opposite to the remaining users ones. they are not since the
> registrants are also subject to the domain abuse.
> You are speaking about 4 billion users; these include all: contracted
> parties, business, registrants, governments, etc. We are about
> defending the interest of all of them as individual end users, not as
> registry, registrar, businessman, minister, etc….
> You included the cybersecurity researchers; you know how Cambridge
> Analytica got the American data from Facebook? They requested to have
> access to these data for research, and the result was the American
> election result impacted.
>
> So, I agree with Bastiaan that we need to be careful and care about
> the protection of personal data as well as the prevention of any
> harmful use of the domain names, both together.
> -----------------------------------------------------------------------------
> *Tijani BEN JEMAA*
> Executive Director
> Mediterranean Federation of Internet Associations (*FMAI*)
> Phone: +216 98 330 114
> +216 52 385 114
> -----------------------------------------------------------------------------
>
>
>> Le 3 août 2018 à 07:22, Bastiaan Goslings
>> <bastiaan.goslings at ams-ix.net <mailto:bastiaan.goslings at ams-ix.net>>
>> a écrit :
>>
>> Thanks for clarifying, Alan.
>>
>> As a matter of principle I agree with Holly - and Michele. While I
>> think I understand the good intent of what you are saying, your
>> earlier responses almost sound to me like a false ‘security versus
>> privacy’ dichotomy. Like, the number of people (users) that care
>> about security as opposed to those (registrants) that want their
>> privacy protected to the max is larger. Etc.
>>
>> Apologies if I am oversimplifying things here, I do not mean to.
>>
>> In this particular EPDP case though I am convinced that we can find a
>> common ground on what the ALAC members and alternates should bring to
>> the table. In terms of perceived registrants’ and general Internet
>> end-users’ interests. As you rightly state, it is about being GDPR
>> compliant. So we do not have to be philosophical about a rather broad
>> term like ‘privacy’ and argue about whether it is in conflict with
>> e.g. the interest of LEAs. Indeed, ‘Privacy is not absolute’.
>> However, ‘due process’ is a(nother) no brainer, not just because it
>> might be a legal requirement. From what I understand the work being
>> done on defining Access and Accreditation criteria is keeping that
>> principle in mind, and within in the MS context of the EPDP we can
>> together see to it that it does end up properly enshrined in policy
>> and contracts.
>>
>> -Bastiaan
>>
>>
>>
>>> On 3 Aug 2018, at 01:10, Alan Greenberg <alan.greenberg at mcgill.ca
>>> <mailto:alan.greenberg at mcgill.ca>> wrote:
>>>
>>> Holly, the original statement ends with "All within the constraints
>>> of GDPR of course."
>>>
>>> I don't know how to make that clearer. We would be absolutely
>>> FOOLISH to argue for anything else, since it will not be implementable.
>>>
>>> That being said, if through the EPDP or otherwise we can help make
>>> the legal argument for why good access for the folks we list at the
>>> end is within GDPR, more power to us.
>>>
>>> GDPR (and eventually similar legislation/regulation elsewhere) is
>>> the overall constraint. It is equivalent to the laws of physics
>>> which for the moment we need to consider inviolate.
>>>
>>> So my statement that "other issues trump privacy" is within that
>>> context. But just as proportionality governs what GDPR will decree
>>> as private in any given case, so it will govern what is not private.
>>> It all depends on making the legal argument and ultimately in needed
>>> convincing the courts. They are the arbiters, not me or anyone else
>>> in ICANN.
>>>
>>> In the US, there is the constitutional right to freedom of speech,
>>> but it is not unconstrained and there are limits to what you are
>>> allowed and not allowed to say. And from time to time, the courts
>>> and legislatures weigh in and decide where the line is.
>>>
>>> Alan
>>>
>>>
>>> At 02/08/2018 06:42 PM, Holly Raiche wrote:
>>>> Hi Alan
>>>>
>>>> I have concerns with your statement - and since your reply below,
>>>> with our statement of principles for the EPDP.
>>>>
>>>> As I suggested in my email of 1 August, we need to be VERY clear
>>>> that we are NOT arguing against implementation a policy that is
>>>> compliant with the GDPR. We are arguing for other issues that
>>>> impact on users - WITHIN the umbrella of the GDPR. And if we do
>>>> not make that very clear, then we look as if we are not prepared to
>>>> operate within the bounds of the EPDP - which is all about
>>>> developing a new policy to replace the RDS requirements that will
>>>> allow registries/registrars to comply with their ICANN contracts
>>>> and operate within the GDPR framework.
>>>>
>>>> So your statement below that ‘yes, other issues trump privacy’ -
>>>> misstates that. What we are (or should be) arguing for is a
>>>> balance of rights of access that - to the greatest extend possible
>>>> - recognises the value of RDS to some constituencies with
>>>> legitimate purposes - WITHIN the GDPR framework. That implicitly
>>>> accepts that people/organisations that once had free and
>>>> unrestricted access to the data will no longer have that open access.
>>>>
>>>> And for ALAC generally, I will repeat what I said in my 1 August
>>>> email - our statement of principles must be VERY clear that we are
>>>> NOT arguing for a new RDS policy that goes outside of the GDPR.
>>>>
>>>> Holly
>>>>
>>>>
>>>> On 3 Aug 2018, at 1:29 am, Alan Greenberg <alan.greenberg at mcgill.ca
>>>> <mailto:alan.greenberg at mcgill.ca> > wrote:
>>>>
>>>>> At 02/08/2018 10:37 AM, Michele Neylon - Blacknight wrote:
>>>>>> Jonathan / Alan
>>>>>>
>>>>>> Thanks for the clarifications.
>>>>>>
>>>>>> 3 - I don't know how you can know what the interests of a user
>>>>>> are. The assumption you seem to be making is that due process and
>>>>>> privacy should take a backseat to access to data
>>>>>
>>>>> Privacy is not absolute but based on various other issues. So yes,
>>>>> we are saying that in some cases, the other issues trump privacy.
>>>>> Perhaps we differ on where the dividing line is.
>>>>>
>>>>>
>>>>>> 4 - Same as 3. Plenty of ccTLDs never offered PII in their public
>>>>>> whois and there weren't any issues with security or stability.
>>>>>>
>>>>>> Skipping due process for "ease of access" is a very slippery and
>>>>>> dangerous slope.
>>>>>
>>>>> Both here and in reply to #3, the term "due process" tends to be
>>>>> used in reference to legal constraints associated with law
>>>>> enforcement actions as sanctioned by laws and courts. That is one
>>>>> path to unlocking otherwise private information. A major aspect of
>>>>> the GDPR implementation will be identifying other less cumbersome
>>>>> and restricted processes for accessing WHOIS data by a variety of
>>>>> partners. It will not be unconstrained nor will it be as
>>>>> cumbersome as going to court (hopefully).
>>>>>
>>>>> Alan
>>>>>
>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Michele
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Mr Michele Neylon
>>>>>> Blacknight Solutions
>>>>>> Hosting, Colocation & Domains
>>>>>> https://www.blacknight.com/
>>>>>> https://blacknight.blog/
>>>>>> Intl. +353 (0) 59 9183072
>>>>>> Direct Dial: +353 (0)59 9183090
>>>>>> Personal blog: https://michele.blog/
>>>>>> Some thoughts: https://ceo.hosting/
>>>>>> -------------------------------
>>>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>>>>>> Park,Sleaty
>>>>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>>>>>
>>>>>> On 02/08/2018, 15:03, "Jonathan Zuck"
>>>>>> <JZuck at innovatorsnetwork.org> wrote:
>>>>>>
>>>>>> Thanks Michele!
>>>>>> 3. Where there appears to be a conflict of interest between a
>>>>>> registrant and non-registrant end user, we'll be endeavoring to
>>>>>> represent the interests of the non-registrant end user.
>>>>>> 4. Related to 3. This is simply an affirmation of the interests
>>>>>> of end users in a stable and secure internet and it is those
>>>>>> interests we'll be representing. We've included law enforcement
>>>>>> because efficiencies regarding their access may come up. Just
>>>>>> because there's always a way for them to get to data doesn't mean
>>>>>> it's the best way.
>>>>>>
>>>>>> Make sense?
>>>>>> Jonathan
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: GTLD-WG <gtld-wg-bounces at atlarge-lists.icann.org> On
>>>>>> Behalf Of Michele Neylon - Blacknight
>>>>>> Sent: Wednesday, August 1, 2018 12:34 PM
>>>>>> To: Alan Greenberg <alan.greenberg at mcgill.ca>; CPWG
>>>>>> <cpwg at icann.org>
>>>>>> Subject: Re: [GTLD-WG] [CPWG] [registration-issues-wg] ALAC
>>>>>> Statement regarding EPDP
>>>>>>
>>>>>> Alan
>>>>>>
>>>>>> 1 - good
>>>>>> 2 - good
>>>>>> 3 - I don't understand what that means
>>>>>> 4 - Why are you combining law enforcement and private parties?
>>>>>> Law enforcement can always get access to data when they follow
>>>>>> due process.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Michele
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Mr Michele Neylon
>>>>>> Blacknight Solutions
>>>>>> Hosting, Colocation & Domains
>>>>>> https://www.blacknight.com/
>>>>>> https://blacknight.blog/
>>>>>> Intl. +353 (0) 59 9183072
>>>>>> Direct Dial: +353 (0)59 9183090
>>>>>> Personal blog: https://michele.blog/
>>>>>> Some thoughts: https://ceo.hosting/
>>>>>> -------------------------------
>>>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>>>>>> Park,Sleaty
>>>>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>>>>>
>>>>>> On 01/08/2018, 17:27, "registration-issues-wg on behalf of Alan
>>>>>> Greenberg"
>>>>>> <registration-issues-wg-bounces at atlarge-lists.icann.org on behalf
>>>>>> of alan.greenberg at mcgill.ca> wrote:
>>>>>>
>>>>>> Yesterday, the EPDP Members were asked to present a 1-3 minute
>>>>>> summary of their groups position in regard to the EPDP. The
>>>>>> following
>>>>>> is the statement agreed to by me, Hadia, Holly and Seun.
>>>>>>
>>>>>> 1. The ALAC believes that the EPDP MUST succeed and will
>>>>>> be working
>>>>>> toward that end.
>>>>>>
>>>>>> 2. We have a support structure that we are organizing to
>>>>>> ensure
>>>>>> that what we present here is understood by our community
>>>>>> and has
>>>>>> their input and support.
>>>>>>
>>>>>> 3. The ALAC believes that individual registrants are
>>>>>> users and we
>>>>>> have regularly worked on their behalf (as in the PDP that we
>>>>>> initiated to protect registrant rights when their domains
>>>>>> expire), if
>>>>>> registrant needs differ from those of the 4 billion
>>>>>> Internet users
>>>>>> who are not registrants, those latter needs take precedence. We
>>>>>> believe that GDPR and this EPDP are such a situation.
>>>>>>
>>>>>> 4. Although some Internet users consult WHOIS and will
>>>>>> not be able
>>>>>> to do so in some cases going forward, our main concern is
>>>>>> access for
>>>>>> those third parties who work to ensure that the Internet is
>>>>>> a safe
>>>>>> and secure place for users and that means that law enforcement,
>>>>>> cybersecurity researchers, those combatting fraud in domain
>>>>>> names,
>>>>>> and others who help protect users from phishing, malware, spam,
>>>>>> fraud, DDoS attacks and such can work with minimal reduction in
>>>>>> access to WHOIS data. All within the constraints of GDPR of
>>>>>> course.
>>>>>>
>>>>>> _______________________________________________
>>>>>> CPWG mailing list
>>>>>> CPWG at icann.org
>>>>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>>>> _______________________________________________
>>>>>> registration-issues-wg mailing list
>>>>>> registration-issues-wg at atlarge-lists.icann.org
>>>>>> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> CPWG mailing list
>>>>>> CPWG at icann.org
>>>>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>>>> _______________________________________________
>>>>>> GTLD-WG mailing list
>>>>>> GTLD-WG at atlarge-lists.icann.org
>>>>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>>>>>
>>>>>> Working Group direct URL:
>>>>>> https://community.icann.org/display/atlarge/New+GTLDs
>>>>>
>>>>> _______________________________________________
>>>>> CPWG mailing list
>>>>> CPWG at icann.org <mailto:CPWG at icann.org>
>>>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>>> _______________________________________________
>>>>> registration-issues-wg mailing list
>>>>> registration-issues-wg at atlarge-lists.icann.org
>>>>> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>>> _______________________________________________
>>> CPWG mailing list
>>> CPWG at icann.org <mailto:CPWG at icann.org>
>>> https://mm.icann.org/mailman/listinfo/cpwg
>>
>> _______________________________________________
>> CPWG mailing list
>> CPWG at icann.org <mailto:CPWG at icann.org>
>> https://mm.icann.org/mailman/listinfo/cpwg
>
>
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180806/30ab2d61/attachment-0001.html>
More information about the CPWG
mailing list