[CPWG] [GTLD-WG] [SPAM] Re: [registration-issues-wg] ALAC Statement regarding EPDP
Greg Shatan
gregshatanisoc at gmail.com
Thu Aug 9 01:35:43 UTC 2018
Hadia,
The impact of the GDPR on WHOIS does not need to hinder the work of those
who identify cyber attackers, law enforcement agencies and customer
protection agencies in any truly significant way. If "GDPR" is used as a
platform to hinder this type of access and processing, it will directly
impact individual end-users and customers in a very negative.
In my "day job," I've been spending an ever increasing amount of time
helping companies comply with GDPR. It requires work. It requires some
attention to detail. It requires a pretty fair amount of record-keeping.
It requires amending or creating processes. It requires thoughtfulness.
But, at the end of the day, there is almost always a pathway to continue
processing that had a lawful basis in the first place.
As long as the result complies with GDPR, there should be no reason for
anyone to think we are sending the message that data privacy (or, more
accurately, data protection) is not important. We should not stand in the
way of GDPR-compliant processing and access just to demonstrate our
independence from law enforcement, cybersecurity, etc. That would not be
good compliance and it would not be good policy-making. Indeed, I think
the biggest threat to success by the EPDP are those participants who start
out by drawing "lines in the sand" and then spend the rest of the time
stubbornly refusing to cross them. That has not been the ALAC/At Large
approach as far I can see, based on my observations and, more recently, my
participation. Rather, our hallmark has been an emphasis on practicality,
but practicality with principles. When ALAC/At Large has led the way on
practical approaches, practical needs of end-users, practical solutions,
etc., this has often allowed ALAC/At Large to help find common ground
between the positions of more "doctrinaire" participants, guide working
groups out of dead ends, and bring their work to successful results.
Best regards,
Greg
Best regards,
Greg
Best regards,
Greg
On Wed, Aug 8, 2018 at 2:39 PM Jonathan Zuck <JZuck at innovatorsnetwork.org>
wrote:
> I guess my point would be that simply because the interests of end users
> (as opposed to registrants in this particular case) align with the
> interests of cybersecurity researchers and reputational databases, etc., we
> shouldn't be afraid of those positions, especially when that position is
> not really adequetly represented on the EPDP
>
> On 8/8/18, 12:45 PM, "GTLD-WG on behalf of Hadia Abdelsalam Mokhtar EL
> miniawi" <gtld-wg-bounces at atlarge-lists.icann.org on behalf of
> Hadia at tra.gov.eg> wrote:
>
> So going back to the ALAC statement, which supposedly is going to be
> used as the base of the principals that are going to guide us throughout
> our contribution to the EPDP
>
>
>
> We should try to define our position with regard to the whole EPDP
> and not only the access part. The EPDP addresses four topics
>
>
>
> 1. Purposes for processing Registration Data
>
> 2. Required Data Processing activities (with 10 items one of which
> addresses access)
>
> 3. Data Processing terms
>
> 4. Updates to other Consensus Policies
>
>
>
> The most important of which in my opinion is the purposes for
> processing registration data based on which the access would be granted. By
> no means do we want to send the message that data privacy is not important
> and that we are only concerned with law enforcement and cybersecurity.
> Truly, the impact of the GDPR on WHOIS will hinder the work of those who
> identify cyber attackers, law enforcement agencies and customer protection
> agencies but it will directly impact the individual end users and customers.
>
>
>
> I don't think that it serves us right to be speaking only about
> cybersecurity and law enforcement agencies or being regarded as their
> advocates as for sure we are the advocates of the Internet end users.
>
> Best
> hadia
>
> From: CPWG [mailto:cpwg-bounces at icann.org] On Behalf Of Maureen
> Hilyard
> Sent: Tuesday, August 07, 2018 10:52 PM
> To: Marita Moll
> Cc: Greg Shatan; cpwg at icann.org
> Subject: Re: [CPWG] [GTLD-WG] [SPAM] Re: [registration-issues-wg] ALAC
> Statement regarding EPDP
>
> +1
>
> On Tue, Aug 7, 2018 at 10:24 AM, Marita Moll <mmoll at ca.inter.net
> <mailto:mmoll at ca.inter.net>> wrote:
>
> This is great Greg. Thanks for filling in some of the details.
>
> Marita
>
> On 8/7/2018 10:17 PM, Greg Shatan wrote:
> I’ve been watching this conversation unfold for awhile. A few
> observations:
>
> 1. Nobody suggested that ALAC support an outcome that would violate
> GDPR. Compliance with GDPR is a given. Thankfully, that misunderstanding
> seems to have been cleared up.
>
> 2. No one is arguing in favor of putting the “private info of
> registrants” into “the hands of bad actors.” Indeed, GDPR is not primarily
> aimed at preventing access by bad actors. Rather it is aimed at regulating
> the use of personal data by any actor. I haven’t really thought about it,
> but GDPR is probably not going to be a major deterrent against real bad
> actors.
>
> 3. WHOIS/RDS exists in order to be accessed by third parties (i.e.,
> folks other than the registrant and the registrar). There are many, many
> legitimate use cases for access. Of course, there are “mis-use cases”
> involving bad actors, and one of the obvious challenges for the EPDP is
> dealing with those. From the point of view of the end-user, that needs to
> be dealt with in a way that does not hinder timely, straight-forward
> legitimate access to Whois data.
>
> 4. I have seen no evidence that the European Data Protection people
> have thought about how WHOIS/RDS can function under GDPR. More broadly,
> GDPR is a law about access, in very large part. GDPR provides a road map
> for data controllers and processors to get and “process” (use, store,
> provide access to, transfer, delete, etc.) data. Much of GDPR is concerned
> with how data is used (I’d rather use that term than “processed” for these
> discussions), the purposes for which it is used, how it is stored, how it
> is transferred, who is responsible for any use, the circumstances when a
> data subject does (and does not) have control over how their data is used.
> GDPR assumes that data will be “processed” and creates a set of rules of
> the road for that processing.
>
> 5. It is true that end-users and registrants benefit from both privacy
> and security. End-users benefit directly and indirectly from access to
> WHOIS/RDS data, for non-security related reasons as well as
> security-related reasons. Registrants also benefit from access to
> WHOIS/RDS, both by themselves and by third parties in a variety of ways.
> Registrants benefit from data privacy, at least with regard to their own
> data (though they may lose some of the benefits that come from third party
> access to their data, such as receiving offers to purchase domain names).
> However, I struggling to see how end-users (as end-users) benefit from
> barriers to accessing registrant WHOIS/RDS data.
>
> 6. How Cambridge Analytica got Facebook data is not particularly
> relevant. But if it is going to be used as a “cautionary tale”, we need to
> be accurate, so that the right lessons can be learned. Cambridge Analytica
> did NOT get the data by making a request to Facebook “to have access to
> these data for research.” In fact, they didn’t get the data directly from
> Facebook at all. The data was gathered through a personality quiz app,
> which was (as Facebook was configured at that time and with the consent of
> the participants) able to harvest data about friends and friends-of-friends
> of the participants, as well as the participants. It may have been used for
> legitimate research purposes. However, the data was then sold to Cambridge
> Analytica, without Facebook’s knowledge and in violation of their terms of
> service.
>
> 7. The California Consumer Privacy Act is already here, though it
> won’t be enforced until 2020. While it bears a resemblance to GDPR, it has
> many differences as well, and some of its goals are quite different. Like
> GDPR it is not primarily aimed at keeping data out of the hands of bad
> actors. I have not yet considered the impact of the CCPA on WHOIS/RDS, and
> how it is similar or different to the impact of GDPR. Its primary goals
> seem to be to control data monetization, and to give consumers greater
> access to their data, with data subject rights similar to those in GDPR.
>
> 8. Overall, I agree with those who believe that appropriate and timely
> access to WHOIS/RDS data benefits end-users. Whether GDPR is good or bad
> for end-users is moot. GDPR exists, and how it is dealt with will show how
> good or bad it is for end-users. Our goal should be to have GDPR
> implemented in the WHOIS/RDS context in a way that maximizes the benefit
> and minimizes the harm to end-users.
>
> Best regards,
>
> Greg Shatan
>
> On Tue, Aug 7, 2018 at 1:58 PM Evan Leibovitch <
> evanleibovitch at gmail.com<mailto:evanleibovitch at gmail.com>> wrote:
> I don't know about the Europeans or the California government. I do
> have
> more than a decade's experience in ICANN, however, and have observed
> that
> its track record in both decent privacy and decent accessibility is
> abysmal.
>
> ___________________
> Evan Leibovitch, Toronto
> @evanleibovitch/@el56
>
> On Tue, Aug 7, 2018, 1:30 PM Marita Moll, <mmoll at ca.inter.net<mailto:
> mmoll at ca.inter.net>> wrote:
>
> > With respect Evan, saying I am missing the point is not really
> > respectful. No one is arguing for privacy without protections. I
> don't
> > have all the information I need to support this, but I have a feeling
> > the European Data Protection people might have thought about this.
> They
> > don't want to protect bad actors either. And I have heard that a
> > similiar law to GDPR is under consideration in California. So I don't
> > see any need to think we are only ones concerned with keeping bad
> actors
> > out of the ring.
> >
> > Marita
> >
> >
> > On 8/7/2018 7:08 PM, Evan Leibovitch wrote:
> > > Hi Marita,
> > >
> > > I think you may be missing the point when you state that "keeping
> the
> > > private info of registrants out of the hands of bad actors protects
> > > both parties". The examples that exist in abundance come from
> > > registrants who /ARE themselves/ the bad actors, that hide behind
> > > either privacy regulations or inaccurate contact information to
> avoid
> > > being held to account for their harm.
> > >
> > > Just as the right to freedom of speech is not absolute -- even in
> > > America -- neither is the right to privacy a way to hide
> > > accountability for causing demonstrable harm. Augmenting privacy
> with
> > > tiered access is fine so long as it is accessible to victims and
> > > effective in execution; that is exactly the balance of which I
> speak.
> > > This won't be easy -- being physically threatened demands a
> different
> > > response to merely being insulted -- but it is vital. Without such
> > > checks and balances, absolute privacy is a sure source of far more
> > > harm than good. For every whistleblower protected, a dozen others
> will
> > > be scammed out of their life savings, and thousands more will live
> in
> > > fear for their lives because of death threats from those with
> > > unchecked anonymity. This is not theory, it is happening.
> > >
> > > In summary, it is both naive and against the global public
> interest to
> > > advocate for privacy without advocating just as strenuously for
> > > appropriate protections against bad actors who seek to exploit that
> > > privacy to cause harm. At-Large seeks both.
> > >
> > > - Evan
> > >
> > >
> > > PS: I absolutely reject the assertion that it is fear-mongering to
> > > simply want to prevent abuse of privacy by some registrants that is
> > > both clearly evidenced and ongoing.
> > >
> > >
> > > On Aug 7, 2018, at 11:55, Marita Moll <mmoll at ca.inter.net<mailto:
> mmoll at ca.inter.net>
> > > <mailto:mmoll at ca.inter.net<mailto:mmoll at ca.inter.net>>> wrote:
> > >
> > > Hello Evan and Allan. I agree with a number of those here how
> have
> > > suggested that the interests of registrants and end-users are
> not
> > that
> > > different. Keeping the private info of registrants out of the
> hands
> > of
> > > bad actors protects both parties. If crimes are committed,
> having
> > tiered
> > > access to the info would release that info to validated
> authorities.
> > As
> > > a registrant, I don't want my private information out there if
> it
> > isn't
> > > necessary. And I don't see how shielding my private info on
> WhoIS
> > will
> > > endanger my neighbour once tiered access is agreed upon. This
> is no
> > > different from the way the law usually works -- we don't all
> have to
> > > live in glass houses in order to be safe. We need well thought
> out
> > > procedures that protect all of us.
> > >
> > > It's just my opinion. I know others have good arguments. But I
> don't
> > buy
> > > the scary scenarios being presented by some groups hoping to
> scuttle
> > > this whole thing. If the Europeans don't think the world will
> come
> > to an
> > > end once GDPR is enforced, why is the boogey man being
> unleashed in
> > > North America?
> > >
> > >
> http://www.insidesources.com/fake-news-fake-pharmacies-whats-next/
> > >
> > > Marita
> > >
> > >
> > > On 8/7/2018 5:09 AM, Alan Greenberg wrote:
> > >
> > > Marita, you cannot take one phrase out of context. If you
> go
> > > back in the thread (which was not fully copied here) I
> believe
> > > that a major concern of Holly and Bastiaan was that my
> > > statement sounded like it was trying to get around GDPR,
> but
> > > in fact compliance with GDPR is (to use a Startrek
> expression)
> > > "the prime directive". It is not a simple matter of
> security
> > > vs privacy. If, for instance, we were talking about USER
> > > security vs USER privacy, we would have a real challenge in
> > > deciding which was more important and I am pretty sure we
> > > would not even try in the general case. But that is not
> what
> > > we are taking about here. We are talking about gTLD
> REGISTRANT
> > > privacy vs USER security. And the ALAC's position has
> > > previously been that although we care about registrants
> (and
> > > their privacy and their domains etc) and have put very
> > > significant resources into supporting gTLD registrants, the
> > > shear number of users makes their security and ability to
> use
> > > the Internet with relative safety and trust takes
> precedence
> > > over the privacy of the relative handful of gTLD
> registrants.
> > > That is why ICANN has (and continues to) support the
> existing
> > > WHOIS system to the extent possible. That is the entire
> gist
> > > of the Temporary Spec. - /"Consistent with ICANN’s stated
> > > objective to comply with the GDPR, while maintaining the
> > > existing WHOIS system to the greatest extent possible, the
> > > Temporary Specification maintains....." /And I note with
> some
> > > amusement that some filter along the way has flagged this
> > > entire thread as SPAM. Alan At 06/08/2018 12:08 PM, Marita
> > > Moll wrote:
> > >
> > > I am in agreement with Tijani, Holly, Bastian and
> Michele.
> > > Perhaps it is unintentional, but the language does send
> > > the message that we are looking more carefully at
> security
> > > than privacy. I am also not convinced that end-users
> would
> > > want us to do that. Marita On 8/3/2018 10:30 AM, Tijani
> > > BEN JEMAA wrote:
> > >
> > > Very interesting discussion. This issue has been
> > > discussed several times and the positions didn’t
> > > change. What bothers me is the presentation of the
> > > registrants interest as opposite to the remaining
> > > users ones. they are not since the registrants are
> > > also subject to the domain abuse. You are speaking
> > > about 4 billion users; these include all:
> contracted
> > > parties, business, registrants, governments, etc.
> We
> > > are about defending the interest of all of them as
> > > individual end users, not as registry, registrar,
> > > businessman, minister, etc…. You included theÂ
> > > cybersecurity researchers; you know how Cambridge
> > > Analytica got the American data from Facebook? They
> > > requested to have access to these data for
> research,
> > > and the result was the American election result
> > > impacted. So, I agree with Bastiaan that we need
> to be
> > > careful and care about the protection of personal
> data
> > > as well as the prevention of any harmful use of the
> > > domain names, both together.
> > >
> >
> ------------------------------------------------------------------------
> > > *Tijani BEN JEMAA* Executive Director Mediterranean
> > > Federation of Internet Associations (*FMAI*) Phone:
> > > +216 98 330 114 +216 52 385 114
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > Le 3 août 2018 à 07:22, Bastiaan Goslings
> > > <bastiaan.goslings at ams-ix.net<mailto:
> bastiaan.goslings at ams-ix.net>
> > > <mailto:bastiaan.goslings at ams-ix.net<mailto:
> bastiaan.goslings at ams-ix.net>
> > > <mailto:bastiaan.goslings at ams-ix.net<mailto:
> bastiaan.goslings at ams-ix.net>>>> a écrit :
> > > Thanks for clarifying, Alan. As a matter of
> > > principle I agree with Holly - and Michele.
> While
> > > I think I understand the good intent of what
> you
> > > are saying, your earlier responses almost
> sound to
> > > me like a false ‘security versus privacy’
> > > dichotomy. Like, the number of people (users)
> that
> > > care about security as opposed to those
> > > (registrants) that want their privacy
> protected to
> > > the max is larger. Etc. Apologies if I am
> > > oversimplifying things here, I do not mean to.
> In
> > > this particular EPDP case though I am convinced
> > > that we can find a common ground on what the
> ALAC
> > > members and alternates should bring to the
> table.
> > > In terms of perceived registrants’ and
> general
> > > Internet end-users’ interests. As you rightly
> > > state, it is about being GDPR compliant. So we
> do
> > > not have to be philosophical about a rather
> broad
> > > term like ‘privacy’ and argue about
> whether it
> > > is in conflict with e.g. the interest of LEAs.
> > > Indeed, ‘Privacy is not absolute’. However,
> > > ‘due process’ is a(nother) no brainer, not
> > > just because it might be a legal requirement.
> From
> > > what I understand the work being done on
> defining
> > > Access and Accreditation criteria is keeping
> that
> > > principle in mind, and within in the MS
> context of
> > > the EPDP we can together see to it that it does
> > > end up properly enshrined in policy and
> contracts.
> > > -Bastiaan
> > >
> > > On 3 Aug 2018, at 01:10, Alan Greenberg
> > > <alan.greenberg at mcgill.ca<mailto:
> alan.greenberg at mcgill.ca>
> > > <mailto:alan.greenberg at mcgill.ca<mailto:
> alan.greenberg at mcgill.ca>
> > > <mailto:alan.greenberg at mcgill.ca<mailto:
> alan.greenberg at mcgill.ca>>>> wrote:
> > > Holly, the original statement ends with
> "All
> > > within the constraints of GDPR of course."
> I
> > > don't know how to make that clearer. We
> would
> > > be absolutely FOOLISH to argue for anything
> > > else, since it will not be implementable.
> That
> > > being said, if through the EPDP or
> otherwise
> > > we can help make the legal argument for why
> > > good access for the folks we list at the
> end
> > > is within GDPR, more power to us. GDPR (and
> > > eventually similar legislation/regulation
> > > elsewhere) is the overall constraint. It is
> > > equivalent to the laws of physics which for
> > > the moment we need to consider inviolate.
> So
> > > my statement that "other issues trump
> privacy"
> > > is within that context. But just as
> > > proportionality governs what GDPR will
> decree
> > > as private in any given case, so it will
> > > govern what is not private. It all depends
> on
> > > making the legal argument and ultimately in
> > > needed convincing the courts. They are the
> > > arbiters, not me or anyone else in ICANN.
> In
> > > the US, there is the constitutional right
> to
> > > freedom of speech, but it is not
> unconstrained
> > > and there are limits to what you are
> allowed
> > > and not allowed to say. And from time to
> time,
> > > the courts and legislatures weigh in and
> > > decide where the line is. Alan At
> 02/08/2018
> > > 06:42 PM, Holly Raiche wrote:
> > >
> > > Hi Alan I have concerns with your
> > > statement - and since your reply below,
> > > with our statement of principles for
> the
> > > EPDP. As I suggested in my email of 1
> > > August, we need to be VERY clear that
> we
> > > are NOT arguing against implementation
> a
> > > policy that is compliant with the
> GDPR. Â
> > > We are arguing for other issues that
> > > impact on users - WITHIN the umbrella
> of
> > > the GDPR. Â And if we do not make that
> > > very clear, then we look as if we are
> not
> > > prepared to operate within the bounds
> of
> > > the EPDP - which is all about
> developing a
> > > new policy to replace the RDS
> requirements
> > > that will allow registries/registrars
> to
> > > comply with their ICANN contracts and
> > > operate within the GDPR framework. So
> your
> > > statement below that ‘yes, other
> issues
> > > trump privacyÂ’ - misstates that. Â
> What
> > > we are (or should be) arguing for is a
> > > balance of rights of access that - to
> the
> > > greatest extend possible - recognises
> the
> > > value of RDS to some constituencies
> with
> > > legitimate purposes - WITHIN the GDPR
> > > framework. That implicitly accepts that
> > > people/organisations that once had free
> > > and unrestricted access to the data
> will
> > > no longer have that open access. And
> for
> > > ALAC generally, I will repeat what I
> said
> > > in my 1 August email - our statement of
> > > principles must be VERY clear that we
> are
> > > NOT arguing for a new RDS policy that
> goes
> > > outside of the GDPR. Holly On 3 Aug
> 2018,
> > > at 1:29 am, Alan Greenberg
> > > <alan.greenberg at mcgill.ca<mailto:
> alan.greenberg at mcgill.ca>
> > > <mailto:alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca>
> > > <mailto:alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca>>> > wrote:
> > >
> > > At 02/08/2018 10:37 AM, Michele
> Neylon
> > > - Blacknight wrote:
> > >
> > > Jonathan / Alan Thanks for the
> > > clarifications. 3 - I don't
> know
> > > how you can know what the
> > > interests of a user are. The
> > > assumption you seem to be
> making
> > > is that due process and privacy
> > > should take a backseat to
> access
> > > to data
> > >
> > > Privacy is not absolute but based
> on
> > > various other issues. So yes, we
> are
> > > saying that in some cases, the
> other
> > > issues trump privacy. Perhaps we
> > > differ on where the dividing line
> is.
> > >
> > > 4 - Same as 3. Plenty of ccTLDs
> > > never offered PII in their
> public
> > > whois and there weren't any
> issues
> > > with security or stability.
> > > Skipping due process for "ease
> of
> > > access" is a very slippery and
> > > dangerous slope.
> > >
> > > Both here and in reply to #3, the
> term
> > > "due process" tends to be used in
> > > reference to legal constraints
> > > associated with law enforcement
> > > actions as sanctioned by laws and
> > > courts. That is one path to
> unlocking
> > > otherwise private information. A
> major
> > > aspect of the GDPR implementation
> will
> > > be identifying other less
> cumbersome
> > > and restricted processes for
> accessing
> > > WHOIS data by a variety of
> partners.
> > > It will not be unconstrained nor
> will
> > > it be as cumbersome as going to
> court
> > > (hopefully). Alan
> > >
> > > Regards Michele -- Mr Michele
> > > Neylon Blacknight Solutions
> > > Hosting, Colocation & Domains
> > > https://www.blacknight.com/
> > > <https://www.blacknight.com/>
> > > https://blacknight.blog/
> > > <https://blacknight.blog/>
> Intl.
> > > +353 (0) 59 Â 9183072 Direct
> Dial:
> > > +353 (0)59 9183090 Personal
> blog:
> > > https://michele.blog/ Some
> > > thoughts: https://ceo.hosting/
> > >
> >
> ------------------------------------------------------------------------
> > > Blacknight Internet Solutions
> Ltd,
> > > Unit 12A,Barrowside Business
> > > Park,Sleaty
> > > Road,Graiguecullen,Carlow,R93
> > > X265,Ireland  Company No.:
> 370845
> > > On 02/08/2018, 15:03,
> > > "Jonathan Zuck"
> > > <JZuck at innovatorsnetwork.org
> <mailto:JZuck at innovatorsnetwork.org>>
> > > wrote: Â Â Thanks Michele! Â Â
> 3.
> > > Where there appears to be a
> > > conflict of interest between a
> > > registrant and non-registrant
> end
> > > user, we'll be endeavoring to
> > > represent the interests of the
> > > non-registrant end user. Â Â 4.
> > > Related to 3. This is simply an
> > > affirmation of the interests of
> > > end users in a stable and
> secure
> > > internet and it is those
> interests
> > > we'll be representing. We've
> > > included law enforcement
> because
> > > efficiencies regarding their
> > > access may come up. Just
> because
> > > there's always a way for them
> to
> > > get to data doesn't mean it's
> the
> > > best way. Â Â Make sense? Â Â
> > > Jonathan   -----Original
> > > Message----- Â Â From: GTLD-WG
> > > <
> > gtld-wg-bounces at atlarge-lists.icann.org<mailto:
> gtld-wg-bounces at atlarge-lists.icann.org>>
> > > On Behalf Of Michele Neylon -
> > > Blacknight   Sent: Wednesday,
> > > August 1, 2018 12:34 PM Â Â To:
> > > Alan Greenberg
> > > <alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca>>; CPWG
> > > <cpwg at icann.org<mailto:
> cpwg at icann.org>> Â Â Subject: Re:
> > > [GTLD-WG] [CPWG]
> > > [registration-issues-wg] ALAC
> > > Statement regarding EPDP Â Â
> Alan
> > >   1 - good   2 - good  Â
> 3 -
> > > I don't understand what that
> means
> > > Â Â 4 - Why are you combining
> law
> > > enforcement and private
> parties?
> > > Law enforcement can always get
> > > access to data when they follow
> > > due process.   Regards  Â
> > > Michele   --   Mr Michele
> > > Neylon   Blacknight
> Solutions Â
> > > Â Hosting, Colocation &
> Domains Â
> > > Â https://www.blacknight.com/
> > > <https://www.blacknight.com/>
> Â Â
> > > https://blacknight.blog/
> > > <https://blacknight.blog/> Â Â
> > > Intl. +353 (0) 59 Â 9183072 Â Â
> > > Direct Dial: +353 (0)59
> 9183090 Â
> > > Â Personal blog:
> > > https://michele.blog/ Â Â Some
> > > thoughts: https://ceo.hosting/
> Â Â
> > >
> >
> ------------------------------------------------------------------------
> > > Â Â Blacknight Internet
> Solutions
> > > Ltd, Unit 12A,Barrowside
> Business
> > > Park,Sleaty  Â
> > > Road,Graiguecullen,Carlow,R93
> > > X265,Ireland  Company No.:
> 370845
> > > Â Â On 01/08/2018, 17:27,
> > > "registration-issues-wg on
> behalf
> > > of Alan Greenberg"
> > > <
> > registration-issues-wg-bounces at atlarge-lists.icann.org<mailto:
> registration-issues-wg-bounces at atlarge-lists.icann.org>
> > > on behalf of
> > > alan.greenberg at mcgill.ca
> <mailto:alan.greenberg at mcgill.ca>> wrote: Â
> > > Â Â Â Â Â Yesterday, the EPDP
> > > Members were asked to present a
> > > 1-3 minute       summary
> of
> > > their groups position in
> regard to
> > > the EPDP. The following   Â
> Â Â
> > > Â is the statement agreed to by
> > > me, Hadia, Holly and Seun. Â Â
> Â Â
> > > Â Â 1. Â Â The ALAC believes
> that
> > > the EPDP MUST succeed and will
> be
> > > working       toward that
> > > end. Â Â Â Â Â Â 2. Â Â We
> have a
> > > support structure that we are
> > > organizing to ensure     Â
> Â
> > > that what we present here is
> > > understood by our community and
> > > has       their input and
> > > support. Â Â Â Â Â Â 3. Â Â The
> > > ALAC believes that individual
> > > registrants are users and we Â
> Â Â
> > > Â Â Â have regularly worked on
> > > their behalf (as in the PDP
> that
> > > we       initiated to
> > > protect registrant rights when
> > > their domains expire), if  Â
> Â Â
> > > Â Â registrant needs differ
> from
> > > those of the 4 billion Internet
> > > users       who are not
> > > registrants, those latter needs
> > > take precedence. We      Â
> > > believe that GDPR and this EPDP
> > > are such a situation. Â Â Â Â
> Â Â
> > > 4. Â Â Although some Internet
> > > users consult WHOIS and will
> not
> > > be able       to do so in
> > > some cases going forward, our
> main
> > > concern is access for    Â
> Â Â
> > > those third parties who work to
> > > ensure that the Internet is a
> safe
> > > Â Â Â Â Â Â and secure place
> for
> > > users and that means that law
> > > enforcement, Â Â Â Â Â Â
> > > cybersecurity researchers,
> those
> > > combatting fraud in domain
> names,
> > > Â Â Â Â Â Â and others who help
> > > protect users from phishing,
> > > malware, spam, Â Â Â Â Â Â
> fraud,
> > > DDoS attacks and such can work
> > > with minimal reduction in  Â
> Â Â
> > > Â Â access to WHOIS data. All
> > > within the constraints of GDPR
> of
> > > course. Â Â Â Â Â Â
> > >
> >
> ------------------------------------------------------------------------
> > > Â Â Â Â Â Â CPWG mailing list
> Â Â
> > > Â Â Â Â CPWG at icann.org<mailto:
> CPWG at icann.org> Â Â Â Â Â Â
> > >
> > https://mm.icann.org/mailman/listinfo/cpwg
> > > <
> > https://mm.icann.org/mailman/listinfo/cpwg>
> > > Â Â Â Â Â Â
> > >
> >
> ------------------------------------------------------------------------
> > > Â Â Â Â Â Â
> registration-issues-wg
> > > mailing list      Â
> > >
> > registration-issues-wg at atlarge-lists.icann.org<mailto:
> registration-issues-wg at atlarge-lists.icann.org>
> > > Â Â Â Â Â Â
> > >
> > https://mm.icann.org/mailman/listinfo/registration-issues-wg
> > > Â Â
> > >
> >
> ------------------------------------------------------------------------
> > >   CPWG mailing list  Â
> > > CPWG at icann.org<mailto:
> CPWG at icann.org> Â Â
> > >
> > https://mm.icann.org/mailman/listinfo/cpwg
> > > <
> > https://mm.icann.org/mailman/listinfo/cpwg>
> > > Â Â
> > >
> >
> ------------------------------------------------------------------------
> > >   GTLD-WG mailing list  Â
> > >
> GTLD-WG at atlarge-lists.icann.org<mailto:GTLD-WG at atlarge-lists.icann.org> Â
> > > Â
> > >
> > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > > Â Â Working Group direct URL:
> > >
> > https://community.icann.org/display/atlarge/New+GTLDs
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > > CPWG mailing list CPWG at icann.org
> <mailto:CPWG at icann.org>
> > > <mailto:CPWG at icann.org<mailto:
> CPWG at icann.org>
> > > <mailto:CPWG at icann.org<mailto:
> CPWG at icann.org>>>
> > >
> > https://mm.icann.org/mailman/listinfo/cpwg
> > > <
> > https://mm.icann.org/mailman/listinfo/cpwg>
> > >
> > >
> >
> ------------------------------------------------------------------------
> > > registration-issues-wg mailing list
> > >
> > registration-issues-wg at atlarge-lists.icann.org<mailto:
> registration-issues-wg at atlarge-lists.icann.org>
> > >
> > https://mm.icann.org/mailman/listinfo/registration-issues-wg
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > > CPWG mailing list CPWG at icann.org<mailto:
> CPWG at icann.org>
> > > <mailto:CPWG at icann.org<mailto:
> CPWG at icann.org>
> > > <mailto:CPWG at icann.org<mailto:
> CPWG at icann.org>>>
> > > https://mm.icann.org/mailman/listinfo/cpwg
> > > <
> https://mm.icann.org/mailman/listinfo/cpwg>
> > >
> > >
> >
> ------------------------------------------------------------------------
> > > CPWG mailing list CPWG at icann.org<mailto:
> CPWG at icann.org>
> > > <mailto:CPWG at icann.org<mailto:CPWG at icann.org>
> <mailto:CPWG at icann.org<mailto:CPWG at icann.org>>>
> > > https://mm.icann.org/mailman/listinfo/cpwg
> > > <https://mm.icann.org/mailman/listinfo/cpwg>
> > >
> > >
> >
> ------------------------------------------------------------------------
> > > CPWG mailing list CPWG at icann.org<mailto:
> CPWG at icann.org>
> > > https://mm.icann.org/mailman/listinfo/cpwg
> > > <https://mm.icann.org/mailman/listinfo/cpwg>
> > >
> > >
> >
> ------------------------------------------------------------------------
> > > CPWG mailing list CPWG at icann.org<mailto:CPWG at icann.org
> >
> > > https://mm.icann.org/mailman/listinfo/cpwg
> > > <https://mm.icann.org/mailman/listinfo/cpwg>
> > >
> >
> ------------------------------------------------------------------------
> > > GTLD-WG mailing list GTLD-WG at atlarge-lists.icann.org
> <mailto:GTLD-WG at atlarge-lists.icann.org>
> > >
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > > <
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg>
> > > Working Group direct URL:
> > > https://community.icann.org/display/atlarge/New+GTLDs
> > > <https://community.icann.org/display/atlarge/New+GTLDs
> >
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > CPWG mailing list
> > > CPWG at icann.org<mailto:CPWG at icann.org>
> > > https://mm.icann.org/mailman/listinfo/cpwg
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > GTLD-WG mailing list
> > > GTLD-WG at atlarge-lists.icann.org<mailto:
> GTLD-WG at atlarge-lists.icann.org>
> > > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> > >
> > > Working Group direct URL:
> > https://community.icann.org/display/atlarge/New+GTLDs
> > >
> >
> > _______________________________________________
> > CPWG mailing list
> > CPWG at icann.org<mailto:CPWG at icann.org>
> > https://mm.icann.org/mailman/listinfo/cpwg
> > _______________________________________________
> > GTLD-WG mailing list
> > GTLD-WG at atlarge-lists.icann.org<mailto:
> GTLD-WG at atlarge-lists.icann.org>
> > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> >
> > Working Group direct URL:
> > https://community.icann.org/display/atlarge/New+GTLDs
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org<mailto:CPWG at icann.org>
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> GTLD-WG mailing list
> GTLD-WG at atlarge-lists.icann.org<mailto:GTLD-WG at atlarge-lists.icann.org
> >
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>
> Working Group direct URL:
> https://community.icann.org/display/atlarge/New+GTLDs
>
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org<mailto:CPWG at icann.org>
> https://mm.icann.org/mailman/listinfo/cpwg
>
>
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> GTLD-WG mailing list
> GTLD-WG at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>
> Working Group direct URL:
> https://community.icann.org/display/atlarge/New+GTLDs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180808/28ae7755/attachment-0001.html>
More information about the CPWG
mailing list