[CPWG] [GTLD-WG] [SPAM] Re: [registration-issues-wg] ALAC Statement regarding EPDP

Tue Aug 7 03:09:30 UTC 2018

Marita, you cannot take one phrase out of 
context. If you go back in the thread (which was 
not fully copied here) I believe that a major 
concern of Holly and Bastiaan was that my 
statement sounded like it was trying to get 
around GDPR, but in fact compliance with GDPR is 
(to use a Startrek expression) "the prime directive".

It is not a simple matter of security vs privacy. 
If, for instance, we were talking about USER 
security vs USER privacy, we would have a real 
challenge in deciding which was more important 
and I am pretty sure we would not even try in the general case.

But that is not what we are taking about here. We 
are talking about gTLD REGISTRANT privacy vs USER 
security. And the ALAC's position has previously 
been that although we care about registrants (and 
their privacy and their domains etc) and have put 
very significant resources into supporting gTLD 
registrants, the shear number of users makes 
their security and ability to use the Internet 
with relative safety and trust takes precedence 
over the privacy of the relative handful of gTLD 
registrants. That is why ICANN has (and continues 
to) support the existing WHOIS system to the extent possible.

That is the entire gist of the Temporary Spec. - 
"Consistent with ICANN’s stated objective to 
comply with the GDPR, while maintaining the 
existing WHOIS system to the greatest extent 
possible, the Temporary Specification maintains....."

And I note with some amusement that some filter 
along the way has flagged this entire thread as SPAM.

Alan

At 06/08/2018 12:08 PM, Marita Moll wrote:
>I am in agreement with Tijani, Holly, Bastian 
>and Michele. Perhaps it is unintentional, but 
>the language does send the message that we are 
>looking more carefully at security than privacy. 
>I am also not convinced that end-users would want us to do that.
>
>Marita
>
>
>On 8/3/2018 10:30 AM, Tijani BEN JEMAA wrote:
>>Very interesting discussion. This issue has 
>>been discussed several times and the positions didnâ€™t change.
>>What bothers me is the presentation of the 
>>registrants interest asÂ oppositeÂ to the 
>>remaining users ones. they are not since the 
>>registrants are also subject to the domain abuse.
>>You are speaking about 4 billion users; these 
>>include all: contracted parties, business, 
>>registrants, governments, etc. We are about 
>>defending the interest of all of them as 
>>individual end users, not as registry, registrar, businessman, minister, etc
.
> > You included theÂ cybersecurity researchers; you know how Cambridge
>>Analytica got the American data from Facebook? 
>>They requested to have access to these data for 
>>research, and the result was the American election result impacted.
>>
>>So, I agree with Bastiaan that we need to be 
>>careful and care about the protection of 
>>personal data as well as the prevention of any 
>>harmful use of the domain names, both together.
>>-----------------------------------------------------------------------------
>>*Tijani BEN JEMAA*
>>Executive Director
>>Mediterranean Federation of Internet Associations (*FMAI*)
>>Phone: +216 98 330 114
>>+216 52 385 114
>>-----------------------------------------------------------------------------
>>
>>
>>>Le 3 aoÃ»t 2018 Ã  07:22, Bastiaan Goslings 
>>><bastiaan.goslings at ams-ix.net <mailto:bastiaan.goslings at ams-ix.net>> a Ã©crit :
>>>
>>>Thanks for clarifying, Alan.
>>>
>>>As a matter of principle I agree with Holly - 
>>>and Michele. While I think I understand the 
>>>good intent of what you are saying, your 
>>>earlier responses almost sound to me like a 
>>>false â€˜security versus privacyâ€™ dichotomy. 
>>>Like, the number of people (users) that care 
>>>about security as opposed to those 
>>>(registrants) that want their privacy protected to the max is larger. Etc.
>>>
>>>Apologies if I am oversimplifying things here, I do not mean to.
>>>
>>>In this particular EPDP case though I am 
>>>convinced that we can find a common ground on 
>>>what the ALAC members and alternates should 
>>>bring to the table. In terms of perceived 
>>>registrantsâ€™ and general Internet 
>>>end-usersâ€™ interests. As you rightly state, 
>>>it is about being GDPR compliant. So we do not 
>>>have to be philosophical about a rather broad 
>>>term like â€˜privacyâ€™ and argue about 
>>>whether it is in conflict with e.g. the 
>>>interest of LEAs. Indeed, â€˜Privacy is not 
>>>absoluteâ€™. However, â€˜due processâ€™ is 
>>>a(nother) no brainer, not just because it 
>>>might be a legal requirement. From what I 
>>>understand the work being done on defining 
>>>Access and Accreditation criteria is keeping 
>>>that principle in mind, and within in the MS 
>>>context of the EPDP we can together see to it 
>>>that it does end up properly enshrined in policy and contracts.
>>>
>>>-Bastiaan
>>>
>>>
>>>
>>>>On 3 Aug 2018, at 01:10, Alan Greenberg 
>>>><alan.greenberg at mcgill.ca <mailto:alan.greenberg at mcgill.ca>> wrote:
>>>>
>>>>Holly, the original statement ends with "All 
>>>>within the constraints of GDPR of course."
>>>>
>>>>I don't know how to make that clearer. We 
>>>>would be absolutely FOOLISH to argue for 
>>>>anything else, since it will not be implementable.
>>>>
>>>>That being said, if through the EPDP or 
>>>>otherwise we can help make the legal argument 
>>>>for why good access for the folks we list at 
>>>>the end is within GDPR, more power to us.
>>>>
>>>>GDPR (and eventually similar 
>>>>legislation/regulation elsewhere) is the 
>>>>overall constraint. It is equivalent to the 
>>>>laws of physics which for the moment we need to consider inviolate.
>>>>
>>>>So my statement that "other issues trump 
>>>>privacy" is within that context. But just as 
>>>>proportionality governs what GDPR will decree 
>>>>as private in any given case, so it will 
>>>>govern what is not private. It all depends on 
>>>>making the legal argument and ultimately in 
>>>>needed convincing the courts. They are the 
>>>>arbiters, not me or anyone else in ICANN.
>>>>
>>>>In the US, there is the constitutional right 
>>>>to freedom of speech, but it is not 
>>>>unconstrained and there are limits to what 
>>>>you are allowed and not allowed to say. And 
>>>>from time to time, the courts and 
>>>>legislatures weigh in and decide where the line is.
>>>>
>>>>Alan
>>>>
>>>>
>>>>At 02/08/2018 06:42 PM, Holly Raiche wrote:
>>>>>Hi Alan
>>>>>
>>>>>I have concerns with your statement - and 
>>>>>since your reply below, with our statement of principles for the EPDP.
>>>>>
>>>>>As I suggested in my email of 1 August, we 
>>>>>need to be VERY clear that we are NOT 
>>>>>arguing against implementation a policy that 
>>>>>is compliant with the GDPR. Â We are arguing 
>>>>>for other issues that impact on users - 
>>>>>WITHIN the umbrella of the GDPR. Â And if we 
>>>>>do not make that very clear, then we look as 
>>>>>if we are not prepared to operate within the 
>>>>>bounds of the EPDP - which is all about 
>>>>>developing a new policy to replace the RDS 
>>>>>requirements that will allow 
>>>>>registries/registrars to comply with their 
>>>>>ICANN contracts and operate within the GDPR framework.
>>>>>
>>>>>So your statement below that Â‘yes, other 
>>>>>issues trump privacyÂ’ - misstates that. Â 
>>>>>What we are (or should be) arguing for is a 
>>>>>balance of rights of access that - to the 
>>>>>greatest extend possible - recognises the 
>>>>>value of RDS to some constituencies with 
>>>>>legitimate purposes - WITHIN the GDPR 
>>>>>framework. That implicitly accepts that 
>>>>>people/organisations that once had free and 
>>>>>unrestricted access to the data will no longer have that open access.
>>>>>
>>>>>And for ALAC generally, I will repeat what I 
>>>>>said in my 1 August email - our statement of 
>>>>>principles must be VERY clear that we are 
>>>>>NOT arguing for a new RDS policy that goes outside of the GDPR.
>>>>>
>>>>>Holly
>>>>>
>>>>>
>>>>>On 3 Aug 2018, at 1:29 am, Alan Greenberg 
>>>>><alan.greenberg at mcgill.ca <mailto:alan.greenberg at mcgill.ca> > wrote:
>>>>>
>>>>>>At 02/08/2018 10:37 AM, Michele Neylon - Blacknight wrote:
>>>>>>>Jonathan / Alan
>>>>>>>
>>>>>>>Thanks for the clarifications.
>>>>>>>
>>>>>>>3 - I don't know how you can know what the 
>>>>>>>interests of a user are. The assumption 
>>>>>>>you seem to be making is that due process 
>>>>>>>and privacy should take a backseat to access to data
>>>>>>
>>>>>>Privacy is not absolute but based on 
>>>>>>various other issues. So yes, we are saying 
>>>>>>that in some cases, the other issues trump 
>>>>>>privacy. Perhaps we differ on where the dividing line is.
>>>>>>
>>>>>>
>>>>>>>4 - Same as 3. Plenty of ccTLDs never 
>>>>>>>offered PII in their public whois and 
>>>>>>>there weren't any issues with security or stability.
>>>>>>>
>>>>>>>Skipping due process for "ease of access" 
>>>>>>>is a very slippery and dangerous slope.
>>>>>>
>>>>>>Both here and in reply to #3, the term "due 
>>>>>>process" tends to be used in reference to 
>>>>>>legal constraints associated with law 
>>>>>>enforcement actions as sanctioned by laws 
>>>>>>and courts. That is one path to unlocking 
>>>>>>otherwise private information. A major 
>>>>>>aspect of the GDPR implementation will be 
>>>>>>identifying other less cumbersome and 
>>>>>>restricted processes for accessing WHOIS 
>>>>>>data by a variety of partners. It will not 
>>>>>>be unconstrained nor will it be as cumbersome as going to court (hopefully).
>>>>>>
>>>>>>Alan
>>>>>>
>>>>>>
>>>>>>>Regards
>>>>>>>
>>>>>>>Michele
>>>>>>>
>>>>>>>
>>>>>>>--
>>>>>>>Mr Michele Neylon
>>>>>>>Blacknight Solutions
>>>>>>>Hosting, Colocation & Domains
>>>>>>>https://www.blacknight.com/
>>>>>>>https://blacknight.blog/
>>>>>>>Intl. +353 (0) 59 Â 9183072
>>>>>>>Direct Dial: +353 (0)59 9183090
>>>>>>>Personal blog: https://michele.blog/
>>>>>>>Some thoughts: https://ceo.hosting/
>>>>>>>-------------------------------
>>>>>>>Blacknight Internet Solutions Ltd, Unit 
>>>>>>>12A,Barrowside Business Park,Sleaty
>>>>>>>Road,Graiguecullen,Carlow,R93 X265,Ireland Â Company No.: 370845
>>>>>>>
>>>>>>>Ã¯Â»Â¿On 02/08/2018, 15:03, "Jonathan 
>>>>>>>Zuck" <JZuck at innovatorsnetwork.org> wrote:
>>>>>>>
>>>>>>>Â Â Thanks Michele!
>>>>>>>Â Â 3. Where there appears to be a 
>>>>>>>conflict of interest between a registrant 
>>>>>>>and non-registrant end user, we'll be 
>>>>>>>endeavoring to represent the interests of the non-registrant end user.
>>>>>>>Â Â 4. Related to 3. This is simply an 
>>>>>>>affirmation of the interests of end users 
>>>>>>>in a stable and secure internet and it is 
>>>>>>>those interests we'll be representing. 
>>>>>>>We've included law enforcement because 
>>>>>>>efficiencies regarding their access may 
>>>>>>>come up. Just because there's always a way 
>>>>>>>for them to get to data doesn't mean it's the best way.
>>>>>>>
>>>>>>>Â Â Make sense?
>>>>>>>Â Â Jonathan
>>>>>>>
>>>>>>>
>>>>>>>Â Â -----Original Message-----
>>>>>>>Â Â From: GTLD-WG 
>>>>>>><gtld-wg-bounces at atlarge-lists.icann.org> 
>>>>>>>On Behalf Of Michele Neylon - Blacknight
>>>>>>>Â Â Sent: Wednesday, August 1, 2018 12:34 PM
>>>>>>>Â Â To: Alan Greenberg <alan.greenberg at mcgill.ca>; CPWG <cpwg at icann.org>
>>>>>>>Â Â Subject: Re: [GTLD-WG] [CPWG] 
>>>>>>>[registration-issues-wg] ALAC Statement regarding EPDP
>>>>>>>
>>>>>>>Â Â Alan
>>>>>>>
>>>>>>>Â Â 1 - good
>>>>>>>Â Â 2 - good
>>>>>>>Â Â 3 - I don't understand what that means
>>>>>>>Â Â 4 - Why are you combining law 
>>>>>>>enforcement and private parties? Law 
>>>>>>>enforcement can always get access to data when they follow due process.
>>>>>>>
>>>>>>>Â Â Regards
>>>>>>>
>>>>>>>Â Â Michele
>>>>>>>
>>>>>>>
>>>>>>>Â Â --
>>>>>>>Â Â Mr Michele Neylon
>>>>>>>Â Â Blacknight Solutions
>>>>>>>Â Â Hosting, Colocation & Domains
>>>>>>>Â Â https://www.blacknight.com/
>>>>>>>Â Â https://blacknight.blog/
>>>>>>>Â Â Intl. +353 (0) 59 Â 9183072
>>>>>>>Â Â Direct Dial: +353 (0)59 9183090
>>>>>>>Â Â Personal blog: https://michele.blog/
>>>>>>>Â Â Some thoughts: https://ceo.hosting/
>>>>>>>Â Â -------------------------------
>>>>>>>Â Â Blacknight Internet Solutions Ltd, 
>>>>>>>Unit 12A,Barrowside Business Park,Sleaty
>>>>>>>Â Â Road,Graiguecullen,Carlow,R93 X265,Ireland Â Company No.: 370845
>>>>>>>
>>>>>>>Â Â On 01/08/2018, 17:27, 
>>>>>>>"registration-issues-wg on behalf of Alan 
>>>>>>>Greenberg" 
>>>>>>><registration-issues-wg-bounces at atlarge-lists.icann.org 
>>>>>>>on behalf of alan.greenberg at mcgill.ca> wrote:
>>>>>>>
>>>>>>>Â Â Â Â Â Â Yesterday, the EPDP Members 
>>>>>>>were asked to present a 1-3 minute
>>>>>>>Â Â Â Â Â Â summary of their groups 
>>>>>>>position in regard to the EPDP. The following
>>>>>>>Â Â Â Â Â Â is the statement agreed to by me, Hadia, Holly and Seun.
>>>>>>>
>>>>>>>Â Â Â Â Â Â 1. Â Â The ALAC believes that 
>>>>>>>the EPDP MUST succeed and will be working
>>>>>>>Â Â Â Â Â Â toward that end.
>>>>>>>
>>>>>>>Â Â Â Â Â Â 2. Â Â We have a support 
>>>>>>>structure that we are organizing to ensure
>>>>>>>Â Â Â Â Â Â that what we present here is 
>>>>>>>understood by our community and has
>>>>>>>Â Â Â Â Â Â their input and support.
>>>>>>>
>>>>>>>Â Â Â Â Â Â 3. Â Â The ALAC believes that 
>>>>>>>individual registrants are users and we
>>>>>>>Â Â Â Â Â Â have regularly worked on their behalf (as in the PDP that we
>>>>>>>Â Â Â Â Â Â initiated to protect 
>>>>>>>registrant rights when their domains expire), if
>>>>>>>Â Â Â Â Â Â registrant needs differ from 
>>>>>>>those of the 4 billion Internet users
>>>>>>>Â Â Â Â Â Â who are not registrants, those 
>>>>>>>latter needs take precedence. We
>>>>>>>Â Â Â Â Â Â believe that GDPR and this EPDP are such a situation.
>>>>>>>
>>>>>>>Â Â Â Â Â Â 4. Â Â Although some Internet 
>>>>>>>users consult WHOIS and will not be able
>>>>>>>Â Â Â Â Â Â to do so in some cases going 
>>>>>>>forward, our main concern is access for
>>>>>>>Â Â Â Â Â Â those third parties who work 
>>>>>>>to ensure that the Internet is a safe
>>>>>>>Â Â Â Â Â Â and secure place for users and 
>>>>>>>that means that law enforcement,
>>>>>>>Â Â Â Â Â Â cybersecurity researchers, 
>>>>>>>those combatting fraud in domain names,
>>>>>>>Â Â Â Â Â Â and others who help protect 
>>>>>>>users from phishing, malware, spam,
>>>>>>>Â Â Â Â Â Â fraud, DDoS attacks and such 
>>>>>>>can work with minimal reduction in
>>>>>>>Â Â Â Â Â Â access to WHOIS data. All 
>>>>>>>within the constraints of GDPR of course.
>>>>>>>
>>>>>>>Â Â Â Â Â Â _______________________________________________
>>>>>>>Â Â Â Â Â Â CPWG mailing list
>>>>>>>Â Â Â Â Â Â CPWG at icann.org
>>>>>>>Â Â Â Â Â Â https://mm.icann.org/mailman/listinfo/cpwg
>>>>>>>Â Â Â Â Â Â _______________________________________________
>>>>>>>Â Â Â Â Â Â registration-issues-wg mailing list
>>>>>>>Â Â Â Â Â Â registration-issues-wg at atlarge-lists.icann.org
>>>>>>>Â Â Â Â Â Â https://mm.icann.org/mailman/listinfo/registration-issues-wg
>>>>>>>
>>>>>>>
>>>>>>>Â Â _______________________________________________
>>>>>>>Â Â CPWG mailing list
>>>>>>>Â Â CPWG at icann.org
>>>>>>>Â Â https://mm.icann.org/mailman/listinfo/cpwg
>>>>>>>Â Â _______________________________________________
>>>>>>>Â Â GTLD-WG mailing list
>>>>>>>Â Â GTLD-WG at atlarge-lists.icann.org
>>>>>>>Â Â https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>>>>>>
>>>>>>>Â Â Working Group direct URL: 
>>>>>>>https://community.icann.org/display/atlarge/New+GTLDs
>>>>>>
>>>>>>_______________________________________________
>>>>>>CPWG mailing list
>>>>>>CPWG at icann.org <mailto:CPWG at icann.org>
>>>>>>https://mm.icann.org/mailman/listinfo/cpwg
>>>>>>_______________________________________________
>>>>>>registration-issues-wg mailing list
>>>>>>registration-issues-wg at atlarge-lists.icann.org
>>>>>>https://mm.icann.org/mailman/listinfo/registration-issues-wg
>>>>_______________________________________________
>>>>CPWG mailing list
>>>>CPWG at icann.org <mailto:CPWG at icann.org>
>>>>https://mm.icann.org/mailman/listinfo/cpwg
>>>
>>>_______________________________________________
>>>CPWG mailing list
>>>CPWG at icann.org <mailto:CPWG at icann.org>
>>>https://mm.icann.org/mailman/listinfo/cpwg
>>
>>
>>
>>_______________________________________________
>>CPWG mailing list
>>CPWG at icann.org
>>https://mm.icann.org/mailman/listinfo/cpwg
>
>
>
>_______________________________________________
>CPWG mailing list
>CPWG at icann.org
>https://mm.icann.org/mailman/listinfo/cpwg
>
>_______________________________________________
>GTLD-WG mailing list
>GTLD-WG at atlarge-lists.icann.org
>https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>
>Working Group direct URL: 
>https://community.icann.org/display/atlarge/New+GTLDs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180806/6a454729/attachment-0001.html>