[CPWG] [registration-issues-wg] [GTLD-WG] [SPAM] Re: ALAC Statement regarding EPDP
Greg Shatan
gregshatanisoc at gmail.com
Thu Aug 9 00:51:51 UTC 2018
A great deal of the work in both the EWG and the RDS PDP consisted of
identifying these parties and use cases. I invite you to peruse both for
answers. It's not hard to find -- no begging needed.
Best regards,
Greg
On Wed, Aug 8, 2018 at 6:30 AM wilkinson christopher <
cw at christopherwilkinson.eu> wrote:
> > 3. WHOIS/RDS exists in order to be accessed by third parties (i.e.,
> folks other than the registrant and the registrar). There are many, many
> legitimate use cases for access.
>
> This argument begs the questions as to who are the 'third parties', what
> are the 'use cases' and what happens to the data after it has been used.
>
> Regards
>
> CW
>
>
> > El 7 de agosto de 2018 a las 22:17 Greg Shatan <greg at isoc-ny.org>
> escribió:
> >
> >
> > I’ve been watching this conversation unfold for awhile. A few
> observations:
> >
> > 1. Nobody suggested that ALAC support an outcome that would violate GDPR.
> > Compliance with GDPR is a given. Thankfully, that misunderstanding seems
> to
> > have been cleared up.
> >
> > 2. No one is arguing in favor of putting the “private info of
> registrants”
> > into “the hands of bad actors.” Indeed, GDPR is not primarily aimed at
> > preventing access by bad actors. Rather it is aimed at regulating the use
> > of personal data by any actor. I haven’t really thought about it, but
> GDPR
> > is probably not going to be a major deterrent against real bad actors.
> >
> > 3. WHOIS/RDS exists in order to be accessed by third parties (i.e., folks
> > other than the registrant and the registrar). There are many, many
> > legitimate use cases for access. Of course, there are “mis-use cases”
> > involving bad actors, and one of the obvious challenges for the EPDP is
> > dealing with those. From the point of view of the end-user, that needs to
> > be dealt with in a way that does not hinder timely, straight-forward
> > legitimate access to Whois data.
> >
> > 4. I have seen no evidence that the European Data Protection people have
> > thought about how WHOIS/RDS can function under GDPR. More broadly, GDPR
> is
> > a law about access, in very large part. GDPR provides a road map for data
> > controllers and processors to get and “process” (use, store, provide
> access
> > to, transfer, delete, etc.) data. Much of GDPR is concerned with how data
> > is used (I’d rather use that term than “processed” for these
> discussions),
> > the purposes for which it is used, how it is stored, how it is
> transferred,
> > who is responsible for any use, the circumstances when a data subject
> does
> > (and does not) have control over how their data is used. GDPR assumes
> that
> > data will be “processed” and creates a set of rules of the road for that
> > processing.
> >
> > 5. It is true that end-users and registrants benefit from both privacy
> and
> > security. End-users benefit directly and indirectly from access to
> > WHOIS/RDS data, for non-security related reasons as well as
> > security-related reasons. Registrants also benefit from access to
> > WHOIS/RDS, both by themselves and by third parties in a variety of ways.
> > Registrants benefit from data privacy, at least with regard to their own
> > data (though they may lose some of the benefits that come from third
> party
> > access to their data, such as receiving offers to purchase domain names).
> > However, I struggling to see how end-users (as end-users) benefit from
> > barriers to accessing registrant WHOIS/RDS data.
> >
> > 6. How Cambridge Analytica got Facebook data is not particularly
> relevant.
> > But if it is going to be used as a “cautionary tale”, we need to be
> > accurate, so that the right lessons can be learned. Cambridge Analytica
> did
> > NOT get the data by making a request to Facebook “to have access to these
> > data for research.” In fact, they didn’t get the data directly from
> > Facebook at all. The data was gathered through a personality quiz app,
> > which was (as Facebook was configured at that time and with the consent
> of
> > the participants) able to harvest data about friends and
> friends-of-friends
> > of the participants, as well as the participants. It may have been used
> for
> > legitimate research purposes. However, the data was then sold to
> Cambridge
> > Analytica, without Facebook’s knowledge and in violation of their terms
> of
> > service.
> >
> > 7. The California Consumer Privacy Act is already here, though it won’t
> be
> > enforced until 2020. While it bears a resemblance to GDPR, it has many
> > differences as well, and some of its goals are quite different. Like GDPR
> > it is not primarily aimed at keeping data out of the hands of bad
> actors. I
> > have not yet considered the impact of the CCPA on WHOIS/RDS, and how it
> is
> > similar or different to the impact of GDPR. Its primary goals seem to be
> to
> > control data monetization, and to give consumers greater access to their
> > data, with data subject rights similar to those in GDPR.
> >
> > 8. Overall, I agree with those who believe that appropriate and timely
> > access to WHOIS/RDS data benefits end-users. Whether GDPR is good or bad
> > for end-users is moot. GDPR exists, and how it is dealt with will show
> how
> > good or bad it is for end-users. Our goal should be to have GDPR
> > implemented in the WHOIS/RDS context in a way that maximizes the benefit
> > and minimizes the harm to end-users.
> >
> > Best regards,
> >
> > Greg Shatan
> >
> > On Tue, Aug 7, 2018 at 1:58 PM Evan Leibovitch <evanleibovitch at gmail.com
> >
> > wrote:
> >
> > > I don't know about the Europeans or the California government. I do
> have
> > > more than a decade's experience in ICANN, however, and have observed
> that
> > > its track record in both decent privacy and decent accessibility is
> > > abysmal.
> > >
> > > ___________________
> > > Evan Leibovitch, Toronto
> > > @evanleibovitch/@el56
> > >
> > > On Tue, Aug 7, 2018, 1:30 PM Marita Moll, <mmoll at ca.inter.net> wrote:
> > >
> > > > With respect Evan, saying I am missing the point is not really
> > > > respectful. No one is arguing for privacy without protections. I
> don't
> > > > have all the information I need to support this, but I have a feeling
> > > > the European Data Protection people might have thought about this.
> They
> > > > don't want to protect bad actors either. And I have heard that a
> > > > similiar law to GDPR is under consideration in California. So I don't
> > > > see any need to think we are only ones concerned with keeping bad
> actors
> > > > out of the ring.
> > > >
> > > > Marita
> > > >
> > > >
> > > > On 8/7/2018 7:08 PM, Evan Leibovitch wrote:
> > > > > Hi Marita,
> > > > >
> > > > > I think you may be missing the point when you state that "keeping
> the
> > > > > private info of registrants out of the hands of bad actors protects
> > > > > both parties". The examples that exist in abundance come from
> > > > > registrants who /ARE themselves/ the bad actors, that hide behind
> > > > > either privacy regulations or inaccurate contact information to
> avoid
> > > > > being held to account for their harm.
> > > > >
> > > > > Just as the right to freedom of speech is not absolute -- even in
> > > > > America -- neither is the right to privacy a way to hide
> > > > > accountability for causing demonstrable harm. Augmenting privacy
> with
> > > > > tiered access is fine so long as it is accessible to victims and
> > > > > effective in execution; that is exactly the balance of which I
> speak.
> > > > > This won't be easy -- being physically threatened demands a
> different
> > > > > response to merely being insulted -- but it is vital. Without such
> > > > > checks and balances, absolute privacy is a sure source of far more
> > > > > harm than good. For every whistleblower protected, a dozen others
> will
> > > > > be scammed out of their life savings, and thousands more will live
> in
> > > > > fear for their lives because of death threats from those with
> > > > > unchecked anonymity. This is not theory, it is happening.
> > > > >
> > > > > In summary, it is both naive and against the global public
> interest to
> > > > > advocate for privacy without advocating just as strenuously for
> > > > > appropriate protections against bad actors who seek to exploit that
> > > > > privacy to cause harm. At-Large seeks both.
> > > > >
> > > > > - Evan
> > > > >
> > > > >
> > > > > PS: I absolutely reject the assertion that it is fear-mongering to
> > > > > simply want to prevent abuse of privacy by some registrants that is
> > > > > both clearly evidenced and ongoing.
> > > > >
> > > > >
> > > > > On Aug 7, 2018, at 11:55, Marita Moll <mmoll at ca.inter.net
> > > > > <mailto:mmoll at ca.inter.net>> wrote:
> > > > >
> > > > > Hello Evan and Allan. I agree with a number of those here how
> have
> > > > > suggested that the interests of registrants and end-users are
> not
> > > > that
> > > > > different. Keeping the private info of registrants out of the
> hands
> > > > of
> > > > > bad actors protects both parties. If crimes are committed,
> having
> > > > tiered
> > > > > access to the info would release that info to validated
> > > authorities.
> > > > As
> > > > > a registrant, I don't want my private information out there if
> it
> > > > isn't
> > > > > necessary. And I don't see how shielding my private info on
> WhoIS
> > > > will
> > > > > endanger my neighbour once tiered access is agreed upon. This
> is no
> > > > > different from the way the law usually works -- we don't all
> have
> > > to
> > > > > live in glass houses in order to be safe. We need well thought
> out
> > > > > procedures that protect all of us.
> > > > >
> > > > > It's just my opinion. I know others have good arguments. But I
> > > don't
> > > > buy
> > > > > the scary scenarios being presented by some groups hoping to
> > > scuttle
> > > > > this whole thing. If the Europeans don't think the world will
> come
> > > > to an
> > > > > end once GDPR is enforced, why is the boogey man being
> unleashed in
> > > > > North America?
> > > > >
> > > > >
> http://www.insidesources.com/fake-news-fake-pharmacies-whats-next/
> > > > >
> > > > > Marita
> > > > >
> > > > >
> > > > > On 8/7/2018 5:09 AM, Alan Greenberg wrote:
> > > > >
> > > > > Marita, you cannot take one phrase out of context. If you
> go
> > > > > back in the thread (which was not fully copied here) I
> believe
> > > > > that a major concern of Holly and Bastiaan was that my
> > > > > statement sounded like it was trying to get around GDPR,
> but
> > > > > in fact compliance with GDPR is (to use a Startrek
> expression)
> > > > > "the prime directive". It is not a simple matter of
> security
> > > > > vs privacy. If, for instance, we were talking about USER
> > > > > security vs USER privacy, we would have a real challenge in
> > > > > deciding which was more important and I am pretty sure we
> > > > > would not even try in the general case. But that is not
> what
> > > > > we are taking about here. We are talking about gTLD
> REGISTRANT
> > > > > privacy vs USER security. And the ALAC's position has
> > > > > previously been that although we care about registrants
> (and
> > > > > their privacy and their domains etc) and have put very
> > > > > significant resources into supporting gTLD registrants, the
> > > > > shear number of users makes their security and ability to
> use
> > > > > the Internet with relative safety and trust takes
> precedence
> > > > > over the privacy of the relative handful of gTLD
> registrants.
> > > > > That is why ICANN has (and continues to) support the
> existing
> > > > > WHOIS system to the extent possible. That is the entire
> gist
> > > > > of the Temporary Spec. - /"Consistent with ICANN’s stated
> > > > > objective to comply with the GDPR, while maintaining the
> > > > > existing WHOIS system to the greatest extent possible, the
> > > > > Temporary Specification maintains....." /And I note with
> some
> > > > > amusement that some filter along the way has flagged this
> > > > > entire thread as SPAM. Alan At 06/08/2018 12:08 PM, Marita
> > > > > Moll wrote:
> > > > >
> > > > > I am in agreement with Tijani, Holly, Bastian and
> Michele.
> > > > > Perhaps it is unintentional, but the language does send
> > > > > the message that we are looking more carefully at
> security
> > > > > than privacy. I am also not convinced that end-users
> would
> > > > > want us to do that. Marita On 8/3/2018 10:30 AM, Tijani
> > > > > BEN JEMAA wrote:
> > > > >
> > > > > Very interesting discussion. This issue has been
> > > > > discussed several times and the positions didn’t
> > > > > change. What bothers me is the presentation of the
> > > > > registrants interest as opposite to the remaining
> > > > > users ones. they are not since the registrants are
> > > > > also subject to the domain abuse. You are speaking
> > > > > about 4 billion users; these include all:
> contracted
> > > > > parties, business, registrants, governments, etc.
> We
> > > > > are about defending the interest of all of them as
> > > > > individual end users, not as registry, registrar,
> > > > > businessman, minister, etc…. You included theÂ
> > > > > cybersecurity researchers; you know how Cambridge
> > > > > Analytica got the American data from Facebook? They
> > > > > requested to have access to these data for
> research,
> > > > > and the result was the American election result
> > > > > impacted. So, I agree with Bastiaan that we need
> to be
> > > > > careful and care about the protection of personal
> data
> > > > > as well as the prevention of any harmful use of the
> > > > > domain names, both together.
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > *Tijani BEN JEMAA* Executive Director Mediterranean
> > > > > Federation of Internet Associations (*FMAI*) Phone:
> > > > > +216 98 330 114 +216 52 385 114
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > >
> > > > > Le 3 août 2018 à 07:22, Bastiaan Goslings
> > > > > <bastiaan.goslings at ams-ix.net
> > > > > <mailto:bastiaan.goslings at ams-ix.net
> > > > > <mailto:bastiaan.goslings at ams-ix.net>>> a
> écrit :
> > > > > Thanks for clarifying, Alan. As a matter of
> > > > > principle I agree with Holly - and Michele.
> While
> > > > > I think I understand the good intent of what
> you
> > > > > are saying, your earlier responses almost
> sound to
> > > > > me like a false ‘security versus privacy’
> > > > > dichotomy. Like, the number of people (users)
> that
> > > > > care about security as opposed to those
> > > > > (registrants) that want their privacy
> protected to
> > > > > the max is larger. Etc. Apologies if I am
> > > > > oversimplifying things here, I do not mean to.
> In
> > > > > this particular EPDP case though I am convinced
> > > > > that we can find a common ground on what the
> ALAC
> > > > > members and alternates should bring to the
> table.
> > > > > In terms of perceived registrants’ and
> general
> > > > > Internet end-users’ interests. As you rightly
> > > > > state, it is about being GDPR compliant. So we
> do
> > > > > not have to be philosophical about a rather
> broad
> > > > > term like ‘privacy’ and argue about
> whether it
> > > > > is in conflict with e.g. the interest of LEAs.
> > > > > Indeed, ‘Privacy is not absolute’. However,
> > > > > ‘due process’ is a(nother) no brainer, not
> > > > > just because it might be a legal requirement.
> From
> > > > > what I understand the work being done on
> defining
> > > > > Access and Accreditation criteria is keeping
> that
> > > > > principle in mind, and within in the MS
> context of
> > > > > the EPDP we can together see to it that it does
> > > > > end up properly enshrined in policy and
> contracts.
> > > > > -Bastiaan
> > > > >
> > > > > On 3 Aug 2018, at 01:10, Alan Greenberg
> > > > > <alan.greenberg at mcgill.ca
> > > > > <mailto:alan.greenberg at mcgill.ca
> > > > > <mailto:alan.greenberg at mcgill.ca>>> wrote:
> > > > > Holly, the original statement ends with
> "All
> > > > > within the constraints of GDPR of course."
> I
> > > > > don't know how to make that clearer. We
> would
> > > > > be absolutely FOOLISH to argue for anything
> > > > > else, since it will not be implementable.
> That
> > > > > being said, if through the EPDP or
> otherwise
> > > > > we can help make the legal argument for why
> > > > > good access for the folks we list at the
> end
> > > > > is within GDPR, more power to us. GDPR (and
> > > > > eventually similar legislation/regulation
> > > > > elsewhere) is the overall constraint. It is
> > > > > equivalent to the laws of physics which for
> > > > > the moment we need to consider inviolate.
> So
> > > > > my statement that "other issues trump
> privacy"
> > > > > is within that context. But just as
> > > > > proportionality governs what GDPR will
> decree
> > > > > as private in any given case, so it will
> > > > > govern what is not private. It all depends
> on
> > > > > making the legal argument and ultimately in
> > > > > needed convincing the courts. They are the
> > > > > arbiters, not me or anyone else in ICANN.
> In
> > > > > the US, there is the constitutional right
> to
> > > > > freedom of speech, but it is not
> unconstrained
> > > > > and there are limits to what you are
> allowed
> > > > > and not allowed to say. And from time to
> time,
> > > > > the courts and legislatures weigh in and
> > > > > decide where the line is. Alan At
> 02/08/2018
> > > > > 06:42 PM, Holly Raiche wrote:
> > > > >
> > > > > Hi Alan I have concerns with your
> > > > > statement - and since your reply below,
> > > > > with our statement of principles for
> the
> > > > > EPDP. As I suggested in my email of 1
> > > > > August, we need to be VERY clear that
> we
> > > > > are NOT arguing against implementation
> a
> > > > > policy that is compliant with the
> GDPR. Â
> > > > > We are arguing for other issues that
> > > > > impact on users - WITHIN the umbrella
> of
> > > > > the GDPR. Â And if we do not make that
> > > > > very clear, then we look as if we are
> not
> > > > > prepared to operate within the bounds
> of
> > > > > the EPDP - which is all about
> developing a
> > > > > new policy to replace the RDS
> requirements
> > > > > that will allow registries/registrars
> to
> > > > > comply with their ICANN contracts and
> > > > > operate within the GDPR framework. So
> your
> > > > > statement below that ‘yes, other
> issues
> > > > > trump privacyÂ’ - misstates that. Â
> What
> > > > > we are (or should be) arguing for is a
> > > > > balance of rights of access that - to
> the
> > > > > greatest extend possible - recognises
> the
> > > > > value of RDS to some constituencies
> with
> > > > > legitimate purposes - WITHIN the GDPR
> > > > > framework. That implicitly accepts that
> > > > > people/organisations that once had free
> > > > > and unrestricted access to the data
> will
> > > > > no longer have that open access. And
> for
> > > > > ALAC generally, I will repeat what I
> said
> > > > > in my 1 August email - our statement of
> > > > > principles must be VERY clear that we
> are
> > > > > NOT arguing for a new RDS policy that
> goes
> > > > > outside of the GDPR. Holly On 3 Aug
> 2018,
> > > > > at 1:29 am, Alan Greenberg
> > > > > <alan.greenberg at mcgill.ca
> > > > > <mailto:alan.greenberg at mcgill.ca
> > > > > <mailto:alan.greenberg at mcgill.ca>> >
> > > wrote:
> > > > >
> > > > > At 02/08/2018 10:37 AM, Michele
> Neylon
> > > > > - Blacknight wrote:
> > > > >
> > > > > Jonathan / Alan Thanks for the
> > > > > clarifications. 3 - I don't
> know
> > > > > how you can know what the
> > > > > interests of a user are. The
> > > > > assumption you seem to be
> making
> > > > > is that due process and privacy
> > > > > should take a backseat to
> access
> > > > > to data
> > > > >
> > > > > Privacy is not absolute but based
> on
> > > > > various other issues. So yes, we
> are
> > > > > saying that in some cases, the
> other
> > > > > issues trump privacy. Perhaps we
> > > > > differ on where the dividing line
> is.
> > > > >
> > > > > 4 - Same as 3. Plenty of ccTLDs
> > > > > never offered PII in their
> public
> > > > > whois and there weren't any
> issues
> > > > > with security or stability.
> > > > > Skipping due process for "ease
> of
> > > > > access" is a very slippery and
> > > > > dangerous slope.
> > > > >
> > > > > Both here and in reply to #3, the
> term
> > > > > "due process" tends to be used in
> > > > > reference to legal constraints
> > > > > associated with law enforcement
> > > > > actions as sanctioned by laws and
> > > > > courts. That is one path to
> unlocking
> > > > > otherwise private information. A
> major
> > > > > aspect of the GDPR implementation
> will
> > > > > be identifying other less
> cumbersome
> > > > > and restricted processes for
> accessing
> > > > > WHOIS data by a variety of
> partners.
> > > > > It will not be unconstrained nor
> will
> > > > > it be as cumbersome as going to
> court
> > > > > (hopefully). Alan
> > > > >
> > > > > Regards Michele -- Mr Michele
> > > > > Neylon Blacknight Solutions
> > > > > Hosting, Colocation & Domains
> > > > > https://www.blacknight.com/
> > > > > <https://www.blacknight.com/>
> > > > > https://blacknight.blog/
> > > > > <https://blacknight.blog/>
> Intl.
> > > > > +353 (0) 59 Â 9183072 Direct
> Dial:
> > > > > +353 (0)59 9183090 Personal
> blog:
> > > > > https://michele.blog/ Some
> > > > > thoughts: https://ceo.hosting/
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > Blacknight Internet Solutions
> Ltd,
> > > > > Unit 12A,Barrowside Business
> > > > > Park,Sleaty
> > > > > Road,Graiguecullen,Carlow,R93
> > > > > X265,Ireland  Company No.:
> 370845
> > > > > On 02/08/2018, 15:03,
> > > > > "Jonathan Zuck"
> > > > > <JZuck at innovatorsnetwork.org>
> > > > > wrote: Â Â Thanks Michele! Â Â
> 3.
> > > > > Where there appears to be a
> > > > > conflict of interest between a
> > > > > registrant and non-registrant
> end
> > > > > user, we'll be endeavoring to
> > > > > represent the interests of the
> > > > > non-registrant end user. Â Â 4.
> > > > > Related to 3. This is simply an
> > > > > affirmation of the interests of
> > > > > end users in a stable and
> secure
> > > > > internet and it is those
> interests
> > > > > we'll be representing. We've
> > > > > included law enforcement
> because
> > > > > efficiencies regarding their
> > > > > access may come up. Just
> because
> > > > > there's always a way for them
> to
> > > > > get to data doesn't mean it's
> the
> > > > > best way. Â Â Make sense? Â Â
> > > > > Jonathan   -----Original
> > > > > Message----- Â Â From: GTLD-WG
> > > > > <
> > > > gtld-wg-bounces at atlarge-lists.icann.org>
> > > > > On Behalf Of Michele Neylon -
> > > > > Blacknight   Sent: Wednesday,
> > > > > August 1, 2018 12:34 PM Â Â To:
> > > > > Alan Greenberg
> > > > > <alan.greenberg at mcgill.ca>;
> CPWG
> > > > > <cpwg at icann.org> Â Â Subject:
> Re:
> > > > > [GTLD-WG] [CPWG]
> > > > > [registration-issues-wg] ALAC
> > > > > Statement regarding EPDP Â Â
> Alan
> > > > >   1 - good   2 - good  Â
> 3 -
> > > > > I don't understand what that
> means
> > > > > Â Â 4 - Why are you combining
> law
> > > > > enforcement and private
> parties?
> > > > > Law enforcement can always get
> > > > > access to data when they follow
> > > > > due process.   Regards  Â
> > > > > Michele   --   Mr Michele
> > > > > Neylon   Blacknight
> Solutions Â
> > > > > Â Hosting, Colocation &
> Domains Â
> > > > > Â https://www.blacknight.com/
> > > > > <https://www.blacknight.com/>
> Â Â
> > > > > https://blacknight.blog/
> > > > > <https://blacknight.blog/> Â Â
> > > > > Intl. +353 (0) 59 Â 9183072 Â Â
> > > > > Direct Dial: +353 (0)59
> 9183090 Â
> > > > > Â Personal blog:
> > > > > https://michele.blog/ Â Â Some
> > > > > thoughts: https://ceo.hosting/
> Â Â
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > Â Â Blacknight Internet
> Solutions
> > > > > Ltd, Unit 12A,Barrowside
> Business
> > > > > Park,Sleaty  Â
> > > > > Road,Graiguecullen,Carlow,R93
> > > > > X265,Ireland  Company No.:
> 370845
> > > > > Â Â On 01/08/2018, 17:27,
> > > > > "registration-issues-wg on
> behalf
> > > > > of Alan Greenberg"
> > > > > <
> > > > registration-issues-wg-bounces at atlarge-lists.icann.org
> > > > > on behalf of
> > > > > alan.greenberg at mcgill.ca>
> wrote: Â
> > > > > Â Â Â Â Â Yesterday, the EPDP
> > > > > Members were asked to present a
> > > > > 1-3 minute       summary
> of
> > > > > their groups position in
> regard to
> > > > > the EPDP. The following   Â
> Â Â
> > > > > Â is the statement agreed to by
> > > > > me, Hadia, Holly and Seun. Â Â
> Â Â
> > > > > Â Â 1. Â Â The ALAC believes
> that
> > > > > the EPDP MUST succeed and will
> be
> > > > > working       toward that
> > > > > end. Â Â Â Â Â Â 2. Â Â We
> have a
> > > > > support structure that we are
> > > > > organizing to ensure     Â
> Â
> > > > > that what we present here is
> > > > > understood by our community and
> > > > > has       their input and
> > > > > support. Â Â Â Â Â Â 3. Â Â The
> > > > > ALAC believes that individual
> > > > > registrants are users and we Â
> Â Â
> > > > > Â Â Â have regularly worked on
> > > > > their behalf (as in the PDP
> that
> > > > > we       initiated to
> > > > > protect registrant rights when
> > > > > their domains expire), if  Â
> Â Â
> > > > > Â Â registrant needs differ
> from
> > > > > those of the 4 billion Internet
> > > > > users       who are not
> > > > > registrants, those latter needs
> > > > > take precedence. We      Â
> > > > > believe that GDPR and this EPDP
> > > > > are such a situation. Â Â Â Â
> Â Â
> > > > > 4. Â Â Although some Internet
> > > > > users consult WHOIS and will
> not
> > > > > be able       to do so in
> > > > > some cases going forward, our
> main
> > > > > concern is access for    Â
> Â Â
> > > > > those third parties who work to
> > > > > ensure that the Internet is a
> safe
> > > > > Â Â Â Â Â Â and secure place
> for
> > > > > users and that means that law
> > > > > enforcement, Â Â Â Â Â Â
> > > > > cybersecurity researchers,
> those
> > > > > combatting fraud in domain
> names,
> > > > > Â Â Â Â Â Â and others who help
> > > > > protect users from phishing,
> > > > > malware, spam, Â Â Â Â Â Â
> fraud,
> > > > > DDoS attacks and such can work
> > > > > with minimal reduction in  Â
> Â Â
> > > > > Â Â access to WHOIS data. All
> > > > > within the constraints of GDPR
> of
> > > > > course. Â Â Â Â Â Â
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > Â Â Â Â Â Â CPWG mailing list
> Â Â
> > > > >     CPWG at icann.org   Â
> Â Â Â
> > > > >
> > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > > <
> > > > https://mm.icann.org/mailman/listinfo/cpwg>
> > > > > Â Â Â Â Â Â
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > Â Â Â Â Â Â
> registration-issues-wg
> > > > > mailing list      Â
> > > > >
> > > > registration-issues-wg at atlarge-lists.icann.org
> > > > > Â Â Â Â Â Â
> > > > >
> > > > https://mm.icann.org/mailman/listinfo/registration-issues-wg
> > > > > Â Â
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > >   CPWG mailing list  Â
> > > > > CPWG at icann.org  Â
> > > > >
> > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > > <
> > > > https://mm.icann.org/mailman/listinfo/cpwg>
> > > > > Â Â
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > >   GTLD-WG mailing list  Â
> > > > >
> GTLD-WG at atlarge-lists.icann.org Â
> > > > > Â
> > > > >
> > > > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > > > > Â Â Working Group direct URL:
> > > > >
> > > > https://community.icann.org/display/atlarge/New+GTLDs
> > > > >
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > CPWG mailing list CPWG at icann.org
> > > > > <mailto:CPWG at icann.org
> > > > > <mailto:CPWG at icann.org>>
> > > > >
> > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > > <
> > > > https://mm.icann.org/mailman/listinfo/cpwg>
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > registration-issues-wg mailing list
> > > > >
> > > > registration-issues-wg at atlarge-lists.icann.org
> > > > >
> > > > https://mm.icann.org/mailman/listinfo/registration-issues-wg
> > > > >
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > CPWG mailing list CPWG at icann.org
> > > > > <mailto:CPWG at icann.org
> > > > > <mailto:CPWG at icann.org>>
> > > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > > <
> https://mm.icann.org/mailman/listinfo/cpwg>
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > CPWG mailing list CPWG at icann.org
> > > > > <mailto:CPWG at icann.org <mailto:CPWG at icann.org
> >>
> > > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > > <https://mm.icann.org/mailman/listinfo/cpwg>
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > CPWG mailing list CPWG at icann.org
> > > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > > <https://mm.icann.org/mailman/listinfo/cpwg>
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > CPWG mailing list CPWG at icann.org
> > > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > > <https://mm.icann.org/mailman/listinfo/cpwg>
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > > GTLD-WG mailing list GTLD-WG at atlarge-lists.icann.org
> > > > >
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > > > > <
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg>
> > > > > Working Group direct URL:
> > > > > https://community.icann.org/display/atlarge/New+GTLDs
> > > > > <https://community.icann.org/display/atlarge/New+GTLDs
> >
> > > > >
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > >
> > > > > CPWG mailing list
> > > > > CPWG at icann.org
> > > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > >
> > > > >
> > > >
> ------------------------------------------------------------------------
> > > > >
> > > > > GTLD-WG mailing list
> > > > > GTLD-WG at atlarge-lists.icann.org
> > > > > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > > > >
> > > > > Working Group direct URL:
> > > > https://community.icann.org/display/atlarge/New+GTLDs
> > > > >
> > > >
> > > > _______________________________________________
> > > > CPWG mailing list
> > > > CPWG at icann.org
> > > > https://mm.icann.org/mailman/listinfo/cpwg
> > > > _______________________________________________
> > > > GTLD-WG mailing list
> > > > GTLD-WG at atlarge-lists.icann.org
> > > > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > > >
> > > > Working Group direct URL:
> > > > https://community.icann.org/display/atlarge/New+GTLDs
> > > _______________________________________________
> > > CPWG mailing list
> > > CPWG at icann.org
> > > https://mm.icann.org/mailman/listinfo/cpwg
> > > _______________________________________________
> > > GTLD-WG mailing list
> > > GTLD-WG at atlarge-lists.icann.org
> > > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > >
> > > Working Group direct URL:
> > > https://community.icann.org/display/atlarge/New+GTLDs
> > _______________________________________________
> > CPWG mailing list
> > CPWG at icann.org
> > https://mm.icann.org/mailman/listinfo/cpwg
> > _______________________________________________
> > registration-issues-wg mailing list
> > registration-issues-wg at atlarge-lists.icann.org
> > https://mm.icann.org/mailman/listinfo/registration-issues-wg
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180808/a0f6f8dd/attachment-0001.html>
More information about the CPWG
mailing list