[CPWG] [GTLD-WG] [SPAM] Re: [registration-issues-wg] ALAC Statement regarding EPDP
Marita Moll
mmoll at ca.inter.net
Tue Aug 7 17:30:08 UTC 2018
With respect Evan, saying I am missing the point is not really
respectful. No one is arguing for privacy without protections. I don't
have all the information I need to support this, but I have a feeling
the European Data Protection people might have thought about this. They
don't want to protect bad actors either. And I have heard that a
similiar law to GDPR is under consideration in California. So I don't
see any need to think we are only ones concerned with keeping bad actors
out of the ring.
Marita
On 8/7/2018 7:08 PM, Evan Leibovitch wrote:
> Hi Marita,
>
> I think you may be missing the point when you state that "keeping the
> private info of registrants out of the hands of bad actors protects
> both parties". The examples that exist in abundance come from
> registrants who /ARE themselves/ the bad actors, that hide behind
> either privacy regulations or inaccurate contact information to avoid
> being held to account for their harm.
>
> Just as the right to freedom of speech is not absolute -- even in
> America -- neither is the right to privacy a way to hide
> accountability for causing demonstrable harm. Augmenting privacy with
> tiered access is fine so long as it is accessible to victims and
> effective in execution; that is exactly the balance of which I speak.
> This won't be easy -- being physically threatened demands a different
> response to merely being insulted -- but it is vital. Without such
> checks and balances, absolute privacy is a sure source of far more
> harm than good. For every whistleblower protected, a dozen others will
> be scammed out of their life savings, and thousands more will live in
> fear for their lives because of death threats from those with
> unchecked anonymity. This is not theory, it is happening.
>
> In summary, it is both naive and against the global public interest to
> advocate for privacy without advocating just as strenuously for
> appropriate protections against bad actors who seek to exploit that
> privacy to cause harm. At-Large seeks both.
>
> - Evan
>
>
> PS: I absolutely reject the assertion that it is fear-mongering to
> simply want to prevent abuse of privacy by some registrants that is
> both clearly evidenced and ongoing.
>
>
> On Aug 7, 2018, at 11:55, Marita Moll <mmoll at ca.inter.net
> <mailto:mmoll at ca.inter.net>> wrote:
>
> Hello Evan and Allan. I agree with a number of those here how have
> suggested that the interests of registrants and end-users are not that
> different. Keeping the private info of registrants out of the hands of
> bad actors protects both parties. If crimes are committed, having tiered
> access to the info would release that info to validated authorities. As
> a registrant, I don't want my private information out there if it isn't
> necessary. And I don't see how shielding my private info on WhoIS will
> endanger my neighbour once tiered access is agreed upon. This is no
> different from the way the law usually works -- we don't all have to
> live in glass houses in order to be safe. We need well thought out
> procedures that protect all of us.
>
> It's just my opinion. I know others have good arguments. But I don't buy
> the scary scenarios being presented by some groups hoping to scuttle
> this whole thing. If the Europeans don't think the world will come to an
> end once GDPR is enforced, why is the boogey man being unleashed in
> North America?
>
> http://www.insidesources.com/fake-news-fake-pharmacies-whats-next/
>
> Marita
>
>
> On 8/7/2018 5:09 AM, Alan Greenberg wrote:
>
> Marita, you cannot take one phrase out of context. If you go
> back in the thread (which was not fully copied here) I believe
> that a major concern of Holly and Bastiaan was that my
> statement sounded like it was trying to get around GDPR, but
> in fact compliance with GDPR is (to use a Startrek expression)
> "the prime directive". It is not a simple matter of security
> vs privacy. If, for instance, we were talking about USER
> security vs USER privacy, we would have a real challenge in
> deciding which was more important and I am pretty sure we
> would not even try in the general case. But that is not what
> we are taking about here. We are talking about gTLD REGISTRANT
> privacy vs USER security. And the ALAC's position has
> previously been that although we care about registrants (and
> their privacy and their domains etc) and have put very
> significant resources into supporting gTLD registrants, the
> shear number of users makes their security and ability to use
> the Internet with relative safety and trust takes precedence
> over the privacy of the relative handful of gTLD registrants.
> That is why ICANN has (and continues to) support the existing
> WHOIS system to the extent possible. That is the entire gist
> of the Temporary Spec. - /"Consistent with ICANN’s stated
> objective to comply with the GDPR, while maintaining the
> existing WHOIS system to the greatest extent possible, the
> Temporary Specification maintains....." /And I note with some
> amusement that some filter along the way has flagged this
> entire thread as SPAM. Alan At 06/08/2018 12:08 PM, Marita
> Moll wrote:
>
> I am in agreement with Tijani, Holly, Bastian and Michele.
> Perhaps it is unintentional, but the language does send
> the message that we are looking more carefully at security
> than privacy. I am also not convinced that end-users would
> want us to do that. Marita On 8/3/2018 10:30 AM, Tijani
> BEN JEMAA wrote:
>
> Very interesting discussion. This issue has been
> discussed several times and the positions didn’t
> change. What bothers me is the presentation of the
> registrants interest as opposite to the remaining
> users ones. they are not since the registrants are
> also subject to the domain abuse. You are speaking
> about 4 billion users; these include all: contracted
> parties, business, registrants, governments, etc. We
> are about defending the interest of all of them as
> individual end users, not as registry, registrar,
> businessman, minister, etc…. You included theÂ
> cybersecurity researchers; you know how Cambridge
> Analytica got the American data from Facebook? They
> requested to have access to these data for research,
> and the result was the American election result
> impacted. So, I agree with Bastiaan that we need to be
> careful and care about the protection of personal data
> as well as the prevention of any harmful use of the
> domain names, both together.
> ------------------------------------------------------------------------
> *Tijani BEN JEMAA* Executive Director Mediterranean
> Federation of Internet Associations (*FMAI*) Phone:
> +216 98 330 114 +216 52 385 114
> ------------------------------------------------------------------------
>
> Le 3 août 2018 à 07:22, Bastiaan Goslings
> <bastiaan.goslings at ams-ix.net
> <mailto:bastiaan.goslings at ams-ix.net
> <mailto:bastiaan.goslings at ams-ix.net>>> a écrit :
> Thanks for clarifying, Alan. As a matter of
> principle I agree with Holly - and Michele. While
> I think I understand the good intent of what you
> are saying, your earlier responses almost sound to
> me like a false ‘security versus privacy’
> dichotomy. Like, the number of people (users) that
> care about security as opposed to those
> (registrants) that want their privacy protected to
> the max is larger. Etc. Apologies if I am
> oversimplifying things here, I do not mean to. In
> this particular EPDP case though I am convinced
> that we can find a common ground on what the ALAC
> members and alternates should bring to the table.
> In terms of perceived registrants’ and general
> Internet end-users’ interests. As you rightly
> state, it is about being GDPR compliant. So we do
> not have to be philosophical about a rather broad
> term like ‘privacy’ and argue about whether it
> is in conflict with e.g. the interest of LEAs.
> Indeed, ‘Privacy is not absolute’. However,
> ‘due process’ is a(nother) no brainer, not
> just because it might be a legal requirement. From
> what I understand the work being done on defining
> Access and Accreditation criteria is keeping that
> principle in mind, and within in the MS context of
> the EPDP we can together see to it that it does
> end up properly enshrined in policy and contracts.
> -Bastiaan
>
> On 3 Aug 2018, at 01:10, Alan Greenberg
> <alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca>>> wrote:
> Holly, the original statement ends with "All
> within the constraints of GDPR of course." I
> don't know how to make that clearer. We would
> be absolutely FOOLISH to argue for anything
> else, since it will not be implementable. That
> being said, if through the EPDP or otherwise
> we can help make the legal argument for why
> good access for the folks we list at the end
> is within GDPR, more power to us. GDPR (and
> eventually similar legislation/regulation
> elsewhere) is the overall constraint. It is
> equivalent to the laws of physics which for
> the moment we need to consider inviolate. So
> my statement that "other issues trump privacy"
> is within that context. But just as
> proportionality governs what GDPR will decree
> as private in any given case, so it will
> govern what is not private. It all depends on
> making the legal argument and ultimately in
> needed convincing the courts. They are the
> arbiters, not me or anyone else in ICANN. In
> the US, there is the constitutional right to
> freedom of speech, but it is not unconstrained
> and there are limits to what you are allowed
> and not allowed to say. And from time to time,
> the courts and legislatures weigh in and
> decide where the line is. Alan At 02/08/2018
> 06:42 PM, Holly Raiche wrote:
>
> Hi Alan I have concerns with your
> statement - and since your reply below,
> with our statement of principles for the
> EPDP. As I suggested in my email of 1
> August, we need to be VERY clear that we
> are NOT arguing against implementation a
> policy that is compliant with the GDPR. Â
> We are arguing for other issues that
> impact on users - WITHIN the umbrella of
> the GDPR. Â And if we do not make that
> very clear, then we look as if we are not
> prepared to operate within the bounds of
> the EPDP - which is all about developing a
> new policy to replace the RDS requirements
> that will allow registries/registrars to
> comply with their ICANN contracts and
> operate within the GDPR framework. So your
> statement below that ‘yes, other issues
> trump privacyÂ’ - misstates that. Â What
> we are (or should be) arguing for is a
> balance of rights of access that - to the
> greatest extend possible - recognises the
> value of RDS to some constituencies with
> legitimate purposes - WITHIN the GDPR
> framework. That implicitly accepts that
> people/organisations that once had free
> and unrestricted access to the data will
> no longer have that open access. And for
> ALAC generally, I will repeat what I said
> in my 1 August email - our statement of
> principles must be VERY clear that we are
> NOT arguing for a new RDS policy that goes
> outside of the GDPR. Holly On 3 Aug 2018,
> at 1:29 am, Alan Greenberg
> <alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca>> > wrote:
>
> At 02/08/2018 10:37 AM, Michele Neylon
> - Blacknight wrote:
>
> Jonathan / Alan Thanks for the
> clarifications. 3 - I don't know
> how you can know what the
> interests of a user are. The
> assumption you seem to be making
> is that due process and privacy
> should take a backseat to access
> to data
>
> Privacy is not absolute but based on
> various other issues. So yes, we are
> saying that in some cases, the other
> issues trump privacy. Perhaps we
> differ on where the dividing line is.
>
> 4 - Same as 3. Plenty of ccTLDs
> never offered PII in their public
> whois and there weren't any issues
> with security or stability.
> Skipping due process for "ease of
> access" is a very slippery and
> dangerous slope.
>
> Both here and in reply to #3, the term
> "due process" tends to be used in
> reference to legal constraints
> associated with law enforcement
> actions as sanctioned by laws and
> courts. That is one path to unlocking
> otherwise private information. A major
> aspect of the GDPR implementation will
> be identifying other less cumbersome
> and restricted processes for accessing
> WHOIS data by a variety of partners.
> It will not be unconstrained nor will
> it be as cumbersome as going to court
> (hopefully). Alan
>
> Regards Michele -- Mr Michele
> Neylon Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> <https://www.blacknight.com/>
> https://blacknight.blog/
> <https://blacknight.blog/> Intl.
> +353 (0) 59 Â 9183072 Direct Dial:
> +353 (0)59 9183090 Personal blog:
> https://michele.blog/ Some
> thoughts: https://ceo.hosting/
> ------------------------------------------------------------------------
> Blacknight Internet Solutions Ltd,
> Unit 12A,Barrowside Business
> Park,Sleaty
> Road,Graiguecullen,Carlow,R93
> X265,Ireland  Company No.: 370845
> On 02/08/2018, 15:03,
> "Jonathan Zuck"
> <JZuck at innovatorsnetwork.org>
> wrote: Â Â Thanks Michele! Â Â 3.
> Where there appears to be a
> conflict of interest between a
> registrant and non-registrant end
> user, we'll be endeavoring to
> represent the interests of the
> non-registrant end user. Â Â 4.
> Related to 3. This is simply an
> affirmation of the interests of
> end users in a stable and secure
> internet and it is those interests
> we'll be representing. We've
> included law enforcement because
> efficiencies regarding their
> access may come up. Just because
> there's always a way for them to
> get to data doesn't mean it's the
> best way. Â Â Make sense? Â Â
> Jonathan   -----Original
> Message----- Â Â From: GTLD-WG
> <gtld-wg-bounces at atlarge-lists.icann.org>
> On Behalf Of Michele Neylon -
> Blacknight   Sent: Wednesday,
> August 1, 2018 12:34 PM Â Â To:
> Alan Greenberg
> <alan.greenberg at mcgill.ca>; CPWG
> <cpwg at icann.org> Â Â Subject: Re:
> [GTLD-WG] [CPWG]
> [registration-issues-wg] ALAC
> Statement regarding EPDP Â Â Alan
>   1 - good   2 - good   3 -
> I don't understand what that means
> Â Â 4 - Why are you combining law
> enforcement and private parties?
> Law enforcement can always get
> access to data when they follow
> due process.   Regards  Â
> Michele   --   Mr Michele
> Neylon   Blacknight Solutions Â
> Â Hosting, Colocation & Domains Â
> Â https://www.blacknight.com/
> <https://www.blacknight.com/> Â Â
> https://blacknight.blog/
> <https://blacknight.blog/> Â Â
> Intl. +353 (0) 59 Â 9183072 Â Â
> Direct Dial: +353 (0)59 9183090 Â
> Â Personal blog:
> https://michele.blog/ Â Â Some
> thoughts: https://ceo.hosting/ Â Â
> ------------------------------------------------------------------------
> Â Â Blacknight Internet Solutions
> Ltd, Unit 12A,Barrowside Business
> Park,Sleaty  Â
> Road,Graiguecullen,Carlow,R93
> X265,Ireland  Company No.: 370845
> Â Â On 01/08/2018, 17:27,
> "registration-issues-wg on behalf
> of Alan Greenberg"
> <registration-issues-wg-bounces at atlarge-lists.icann.org
> on behalf of
> alan.greenberg at mcgill.ca> wrote: Â
> Â Â Â Â Â Yesterday, the EPDP
> Members were asked to present a
> 1-3 minute       summary of
> their groups position in regard to
> the EPDP. The following     Â
> Â is the statement agreed to by
> me, Hadia, Holly and Seun. Â Â Â Â
> Â Â 1. Â Â The ALAC believes that
> the EPDP MUST succeed and will be
> working       toward that
> end. Â Â Â Â Â Â 2. Â Â We have a
> support structure that we are
> organizing to ensure      Â
> that what we present here is
> understood by our community and
> has       their input and
> support. Â Â Â Â Â Â 3. Â Â The
> ALAC believes that individual
> registrants are users and we   Â
> Â Â Â have regularly worked on
> their behalf (as in the PDP that
> we       initiated to
> protect registrant rights when
> their domains expire), if    Â
> Â Â registrant needs differ from
> those of the 4 billion Internet
> users       who are not
> registrants, those latter needs
> take precedence. We      Â
> believe that GDPR and this EPDP
> are such a situation. Â Â Â Â Â Â
> 4. Â Â Although some Internet
> users consult WHOIS and will not
> be able       to do so in
> some cases going forward, our main
> concern is access for      Â
> those third parties who work to
> ensure that the Internet is a safe
> Â Â Â Â Â Â and secure place for
> users and that means that law
> enforcement, Â Â Â Â Â Â
> cybersecurity researchers, those
> combatting fraud in domain names,
> Â Â Â Â Â Â and others who help
> protect users from phishing,
> malware, spam, Â Â Â Â Â Â fraud,
> DDoS attacks and such can work
> with minimal reduction in    Â
> Â Â access to WHOIS data. All
> within the constraints of GDPR of
> course. Â Â Â Â Â Â
> ------------------------------------------------------------------------
>       CPWG mailing list  Â
>     CPWG at icann.org      Â
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
> Â Â Â Â Â Â
> ------------------------------------------------------------------------
> Â Â Â Â Â Â registration-issues-wg
> mailing list      Â
> registration-issues-wg at atlarge-lists.icann.org
> Â Â Â Â Â Â
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
> Â Â
> ------------------------------------------------------------------------
>   CPWG mailing list  Â
> CPWG at icann.org  Â
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
> Â Â
> ------------------------------------------------------------------------
>   GTLD-WG mailing list  Â
> GTLD-WG at atlarge-lists.icann.org Â
> Â
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> Â Â Working Group direct URL:
> https://community.icann.org/display/atlarge/New+GTLDs
>
>
> ------------------------------------------------------------------------
> CPWG mailing list CPWG at icann.org
> <mailto:CPWG at icann.org
> <mailto:CPWG at icann.org>>
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
>
> ------------------------------------------------------------------------
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
>
> ------------------------------------------------------------------------
> CPWG mailing list CPWG at icann.org
> <mailto:CPWG at icann.org
> <mailto:CPWG at icann.org>>
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
>
> ------------------------------------------------------------------------
> CPWG mailing list CPWG at icann.org
> <mailto:CPWG at icann.org <mailto:CPWG at icann.org>>
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
>
> ------------------------------------------------------------------------
> CPWG mailing list CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
>
> ------------------------------------------------------------------------
> CPWG mailing list CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
> ------------------------------------------------------------------------
> GTLD-WG mailing list GTLD-WG at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> <https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg>
> Working Group direct URL:
> https://community.icann.org/display/atlarge/New+GTLDs
> <https://community.icann.org/display/atlarge/New+GTLDs>
>
>
> ------------------------------------------------------------------------
>
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
>
> ------------------------------------------------------------------------
>
> GTLD-WG mailing list
> GTLD-WG at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>
> Working Group direct URL:https://community.icann.org/display/atlarge/New+GTLDs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180807/f96ff633/attachment-0001.html>
More information about the CPWG
mailing list