[CPWG] [registration-issues-wg] [GTLD-WG] [SPAM] Re: ALAC Statement regarding EPDP
Carlton Samuels
carlton.samuels at gmail.com
Thu Aug 9 10:19:14 UTC 2018
Yessir, mark me down for "practicality with principles".
The greatest good for the greater number.
+1.
-Carlton
On Wed, 8 Aug 2018, 9:11 pm Greg Shatan, <greg at isoc-ny.org> wrote:
> Hadia,
>
> The impact of the GDPR on WHOIS does not need to hinder the work of those
> who identify cyber attackers, law enforcement agencies and customer
> protection agencies in any truly significant way. If "GDPR" is used as a
> platform to hinder this type of access and processing, it will directly
> impact individual end-users and customers in a very negative.
>
> In my "day job," I've been spending an ever increasing amount of time
> helping companies comply with GDPR. It requires work. It requires some
> attention to detail. It requires a pretty fair amount of record-keeping.
> It requires amending or creating processes. It requires thoughtfulness.
> But, at the end of the day, there is almost always a pathway to continue
> processing that had a lawful basis in the first place.
>
> As long as the result complies with GDPR, there should be no reason for
> anyone to think we are sending the message that data privacy (or, more
> accurately, data protection) is not important. We should not stand in the
> way of GDPR-compliant processing and access just to demonstrate our
> independence from law enforcement, cybersecurity, etc. That would not be
> good compliance and it would not be good policy-making. Indeed, I think
> the biggest threat to success by the EPDP are those participants who start
> out by drawing "lines in the sand" and then spend the rest of the time
> stubbornly refusing to cross them. That has not been the ALAC/At Large
> approach as far I can see, based on my observations and, more recently, my
> participation. Rather, our hallmark has been an emphasis on practicality,
> but practicality with principles. When ALAC/At Large has led the way on
> practical approaches, practical needs of end-users, practical solutions,
> etc., this has often allowed ALAC/At Large to help find common ground
> between the positions of more "doctrinaire" participants, guide working
> groups out of dead ends, and bring their work to successful results.
>
> Best regards,
>
> Greg
>
>
> On Wed, Aug 8, 2018 at 2:39 PM Jonathan Zuck <JZuck at innovatorsnetwork.org>
>> wrote:
>>
>>> I guess my point would be that simply because the interests of end users
>>> (as opposed to registrants in this particular case) align with the
>>> interests of cybersecurity researchers and reputational databases, etc., we
>>> shouldn't be afraid of those positions, especially when that position is
>>> not really adequetly represented on the EPDP
>>>
>>> On 8/8/18, 12:45 PM, "GTLD-WG on behalf of Hadia Abdelsalam Mokhtar EL
>>> miniawi" <gtld-wg-bounces at atlarge-lists.icann.org on behalf of
>>> Hadia at tra.gov.eg> wrote:
>>>
>>> So going back to the ALAC statement, which supposedly is going to be
>>> used as the base of the principals that are going to guide us throughout
>>> our contribution to the EPDP
>>>
>>>
>>>
>>> We should try to define our position with regard to the whole EPDP
>>> and not only the access part. The EPDP addresses four topics
>>>
>>>
>>>
>>> 1. Purposes for processing Registration Data
>>>
>>> 2. Required Data Processing activities (with 10 items one of which
>>> addresses access)
>>>
>>> 3. Data Processing terms
>>>
>>> 4. Updates to other Consensus Policies
>>>
>>>
>>>
>>> The most important of which in my opinion is the purposes for
>>> processing registration data based on which the access would be granted. By
>>> no means do we want to send the message that data privacy is not important
>>> and that we are only concerned with law enforcement and cybersecurity.
>>> Truly, the impact of the GDPR on WHOIS will hinder the work of those who
>>> identify cyber attackers, law enforcement agencies and customer protection
>>> agencies but it will directly impact the individual end users and customers.
>>>
>>>
>>>
>>> I don't think that it serves us right to be speaking only about
>>> cybersecurity and law enforcement agencies or being regarded as their
>>> advocates as for sure we are the advocates of the Internet end users.
>>>
>>> Best
>>> hadia
>>>
>>> From: CPWG [mailto:cpwg-bounces at icann.org] On Behalf Of Maureen
>>> Hilyard
>>> Sent: Tuesday, August 07, 2018 10:52 PM
>>> To: Marita Moll
>>> Cc: Greg Shatan; cpwg at icann.org
>>> Subject: Re: [CPWG] [GTLD-WG] [SPAM] Re: [registration-issues-wg]
>>> ALAC Statement regarding EPDP
>>>
>>> +1
>>>
>>> On Tue, Aug 7, 2018 at 10:24 AM, Marita Moll <mmoll at ca.inter.net
>>> <mailto:mmoll at ca.inter.net>> wrote:
>>>
>>> This is great Greg. Thanks for filling in some of the details.
>>>
>>> Marita
>>>
>>> On 8/7/2018 10:17 PM, Greg Shatan wrote:
>>> I’ve been watching this conversation unfold for awhile. A few
>>> observations:
>>>
>>> 1. Nobody suggested that ALAC support an outcome that would violate
>>> GDPR. Compliance with GDPR is a given. Thankfully, that misunderstanding
>>> seems to have been cleared up.
>>>
>>> 2. No one is arguing in favor of putting the “private info of
>>> registrants” into “the hands of bad actors.” Indeed, GDPR is not primarily
>>> aimed at preventing access by bad actors. Rather it is aimed at regulating
>>> the use of personal data by any actor. I haven’t really thought about it,
>>> but GDPR is probably not going to be a major deterrent against real bad
>>> actors.
>>>
>>> 3. WHOIS/RDS exists in order to be accessed by third parties (i.e.,
>>> folks other than the registrant and the registrar). There are many, many
>>> legitimate use cases for access. Of course, there are “mis-use cases”
>>> involving bad actors, and one of the obvious challenges for the EPDP is
>>> dealing with those. From the point of view of the end-user, that needs to
>>> be dealt with in a way that does not hinder timely, straight-forward
>>> legitimate access to Whois data.
>>>
>>> 4. I have seen no evidence that the European Data Protection people
>>> have thought about how WHOIS/RDS can function under GDPR. More broadly,
>>> GDPR is a law about access, in very large part. GDPR provides a road map
>>> for data controllers and processors to get and “process” (use, store,
>>> provide access to, transfer, delete, etc.) data. Much of GDPR is concerned
>>> with how data is used (I’d rather use that term than “processed” for these
>>> discussions), the purposes for which it is used, how it is stored, how it
>>> is transferred, who is responsible for any use, the circumstances when a
>>> data subject does (and does not) have control over how their data is used.
>>> GDPR assumes that data will be “processed” and creates a set of rules of
>>> the road for that processing.
>>>
>>> 5. It is true that end-users and registrants benefit from both
>>> privacy and security. End-users benefit directly and indirectly from access
>>> to WHOIS/RDS data, for non-security related reasons as well as
>>> security-related reasons. Registrants also benefit from access to
>>> WHOIS/RDS, both by themselves and by third parties in a variety of ways.
>>> Registrants benefit from data privacy, at least with regard to their own
>>> data (though they may lose some of the benefits that come from third party
>>> access to their data, such as receiving offers to purchase domain names).
>>> However, I struggling to see how end-users (as end-users) benefit from
>>> barriers to accessing registrant WHOIS/RDS data.
>>>
>>> 6. How Cambridge Analytica got Facebook data is not particularly
>>> relevant. But if it is going to be used as a “cautionary tale”, we need to
>>> be accurate, so that the right lessons can be learned. Cambridge Analytica
>>> did NOT get the data by making a request to Facebook “to have access to
>>> these data for research.” In fact, they didn’t get the data directly from
>>> Facebook at all. The data was gathered through a personality quiz app,
>>> which was (as Facebook was configured at that time and with the consent of
>>> the participants) able to harvest data about friends and friends-of-friends
>>> of the participants, as well as the participants. It may have been used for
>>> legitimate research purposes. However, the data was then sold to Cambridge
>>> Analytica, without Facebook’s knowledge and in violation of their terms of
>>> service.
>>>
>>> 7. The California Consumer Privacy Act is already here, though it
>>> won’t be enforced until 2020. While it bears a resemblance to GDPR, it has
>>> many differences as well, and some of its goals are quite different. Like
>>> GDPR it is not primarily aimed at keeping data out of the hands of bad
>>> actors. I have not yet considered the impact of the CCPA on WHOIS/RDS, and
>>> how it is similar or different to the impact of GDPR. Its primary goals
>>> seem to be to control data monetization, and to give consumers greater
>>> access to their data, with data subject rights similar to those in GDPR.
>>>
>>> 8. Overall, I agree with those who believe that appropriate and
>>> timely access to WHOIS/RDS data benefits end-users. Whether GDPR is good or
>>> bad for end-users is moot. GDPR exists, and how it is dealt with will show
>>> how good or bad it is for end-users. Our goal should be to have GDPR
>>> implemented in the WHOIS/RDS context in a way that maximizes the benefit
>>> and minimizes the harm to end-users.
>>>
>>> Best regards,
>>>
>>> Greg Shatan
>>>
>>> On Tue, Aug 7, 2018 at 1:58 PM Evan Leibovitch <
>>> evanleibovitch at gmail.com<mailto:evanleibovitch at gmail.com>> wrote:
>>> I don't know about the Europeans or the California government. I do
>>> have
>>> more than a decade's experience in ICANN, however, and have observed
>>> that
>>> its track record in both decent privacy and decent accessibility is
>>> abysmal.
>>>
>>> ___________________
>>> Evan Leibovitch, Toronto
>>> @evanleibovitch/@el56
>>>
>>> On Tue, Aug 7, 2018, 1:30 PM Marita Moll, <mmoll at ca.inter.net
>>> <mailto:mmoll at ca.inter.net>> wrote:
>>>
>>> > With respect Evan, saying I am missing the point is not really
>>> > respectful. No one is arguing for privacy without protections. I
>>> don't
>>> > have all the information I need to support this, but I have a
>>> feeling
>>> > the European Data Protection people might have thought about this.
>>> They
>>> > don't want to protect bad actors either. And I have heard that a
>>> > similiar law to GDPR is under consideration in California. So I
>>> don't
>>> > see any need to think we are only ones concerned with keeping bad
>>> actors
>>> > out of the ring.
>>> >
>>> > Marita
>>> >
>>> >
>>> > On 8/7/2018 7:08 PM, Evan Leibovitch wrote:
>>> > > Hi Marita,
>>> > >
>>> > > I think you may be missing the point when you state that
>>> "keeping the
>>> > > private info of registrants out of the hands of bad actors
>>> protects
>>> > > both parties". The examples that exist in abundance come from
>>> > > registrants who /ARE themselves/ the bad actors, that hide behind
>>> > > either privacy regulations or inaccurate contact information to
>>> avoid
>>> > > being held to account for their harm.
>>> > >
>>> > > Just as the right to freedom of speech is not absolute -- even in
>>> > > America -- neither is the right to privacy a way to hide
>>> > > accountability for causing demonstrable harm. Augmenting privacy
>>> with
>>> > > tiered access is fine so long as it is accessible to victims and
>>> > > effective in execution; that is exactly the balance of which I
>>> speak.
>>> > > This won't be easy -- being physically threatened demands a
>>> different
>>> > > response to merely being insulted -- but it is vital. Without
>>> such
>>> > > checks and balances, absolute privacy is a sure source of far
>>> more
>>> > > harm than good. For every whistleblower protected, a dozen
>>> others will
>>> > > be scammed out of their life savings, and thousands more will
>>> live in
>>> > > fear for their lives because of death threats from those with
>>> > > unchecked anonymity. This is not theory, it is happening.
>>> > >
>>> > > In summary, it is both naive and against the global public
>>> interest to
>>> > > advocate for privacy without advocating just as strenuously for
>>> > > appropriate protections against bad actors who seek to exploit
>>> that
>>> > > privacy to cause harm. At-Large seeks both.
>>> > >
>>> > > - Evan
>>> > >
>>> > >
>>> > > PS: I absolutely reject the assertion that it is fear-mongering
>>> to
>>> > > simply want to prevent abuse of privacy by some registrants that
>>> is
>>> > > both clearly evidenced and ongoing.
>>> > >
>>> > >
>>> > > On Aug 7, 2018, at 11:55, Marita Moll <mmoll at ca.inter.net
>>> <mailto:mmoll at ca.inter.net>
>>> > > <mailto:mmoll at ca.inter.net<mailto:mmoll at ca.inter.net>>> wrote:
>>> > >
>>> > > Hello Evan and Allan. I agree with a number of those here
>>> how have
>>> > > suggested that the interests of registrants and end-users
>>> are not
>>> > that
>>> > > different. Keeping the private info of registrants out of
>>> the hands
>>> > of
>>> > > bad actors protects both parties. If crimes are committed,
>>> having
>>> > tiered
>>> > > access to the info would release that info to validated
>>> authorities.
>>> > As
>>> > > a registrant, I don't want my private information out there
>>> if it
>>> > isn't
>>> > > necessary. And I don't see how shielding my private info on
>>> WhoIS
>>> > will
>>> > > endanger my neighbour once tiered access is agreed upon.
>>> This is no
>>> > > different from the way the law usually works -- we don't all
>>> have to
>>> > > live in glass houses in order to be safe. We need well
>>> thought out
>>> > > procedures that protect all of us.
>>> > >
>>> > > It's just my opinion. I know others have good arguments. But
>>> I don't
>>> > buy
>>> > > the scary scenarios being presented by some groups hoping to
>>> scuttle
>>> > > this whole thing. If the Europeans don't think the world
>>> will come
>>> > to an
>>> > > end once GDPR is enforced, why is the boogey man being
>>> unleashed in
>>> > > North America?
>>> > >
>>> > >
>>> http://www.insidesources.com/fake-news-fake-pharmacies-whats-next/
>>> > >
>>> > > Marita
>>> > >
>>> > >
>>> > > On 8/7/2018 5:09 AM, Alan Greenberg wrote:
>>> > >
>>> > > Marita, you cannot take one phrase out of context. If
>>> you go
>>> > > back in the thread (which was not fully copied here) I
>>> believe
>>> > > that a major concern of Holly and Bastiaan was that my
>>> > > statement sounded like it was trying to get around GDPR,
>>> but
>>> > > in fact compliance with GDPR is (to use a Startrek
>>> expression)
>>> > > "the prime directive". It is not a simple matter of
>>> security
>>> > > vs privacy. If, for instance, we were talking about USER
>>> > > security vs USER privacy, we would have a real challenge
>>> in
>>> > > deciding which was more important and I am pretty sure we
>>> > > would not even try in the general case. But that is not
>>> what
>>> > > we are taking about here. We are talking about gTLD
>>> REGISTRANT
>>> > > privacy vs USER security. And the ALAC's position has
>>> > > previously been that although we care about registrants
>>> (and
>>> > > their privacy and their domains etc) and have put very
>>> > > significant resources into supporting gTLD registrants,
>>> the
>>> > > shear number of users makes their security and ability
>>> to use
>>> > > the Internet with relative safety and trust takes
>>> precedence
>>> > > over the privacy of the relative handful of gTLD
>>> registrants.
>>> > > That is why ICANN has (and continues to) support the
>>> existing
>>> > > WHOIS system to the extent possible. That is the entire
>>> gist
>>> > > of the Temporary Spec. - /"Consistent with ICANN’s stated
>>> > > objective to comply with the GDPR, while maintaining the
>>> > > existing WHOIS system to the greatest extent possible,
>>> the
>>> > > Temporary Specification maintains....." /And I note with
>>> some
>>> > > amusement that some filter along the way has flagged this
>>> > > entire thread as SPAM. Alan At 06/08/2018 12:08 PM,
>>> Marita
>>> > > Moll wrote:
>>> > >
>>> > > I am in agreement with Tijani, Holly, Bastian and
>>> Michele.
>>> > > Perhaps it is unintentional, but the language does
>>> send
>>> > > the message that we are looking more carefully at
>>> security
>>> > > than privacy. I am also not convinced that end-users
>>> would
>>> > > want us to do that. Marita On 8/3/2018 10:30 AM,
>>> Tijani
>>> > > BEN JEMAA wrote:
>>> > >
>>> > > Very interesting discussion. This issue has been
>>> > > discussed several times and the positions
>>> didn’t
>>> > > change. What bothers me is the presentation of
>>> the
>>> > > registrants interest as opposite to the
>>> remaining
>>> > > users ones. they are not since the registrants
>>> are
>>> > > also subject to the domain abuse. You are
>>> speaking
>>> > > about 4 billion users; these include all:
>>> contracted
>>> > > parties, business, registrants, governments,
>>> etc. We
>>> > > are about defending the interest of all of them
>>> as
>>> > > individual end users, not as registry, registrar,
>>> > > businessman, minister, etc…. You included theÂ
>>> > > cybersecurity researchers; you know how Cambridge
>>> > > Analytica got the American data from Facebook?
>>> They
>>> > > requested to have access to these data for
>>> research,
>>> > > and the result was the American election result
>>> > > impacted. So, I agree with Bastiaan that we need
>>> to be
>>> > > careful and care about the protection of
>>> personal data
>>> > > as well as the prevention of any harmful use of
>>> the
>>> > > domain names, both together.
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > *Tijani BEN JEMAA* Executive Director
>>> Mediterranean
>>> > > Federation of Internet Associations (*FMAI*)
>>> Phone:
>>> > > +216 98 330 114 +216 52 385 114
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > >
>>> > > Le 3 août 2018 à 07:22, Bastiaan Goslings
>>> > > <bastiaan.goslings at ams-ix.net<mailto:
>>> bastiaan.goslings at ams-ix.net>
>>> > > <mailto:bastiaan.goslings at ams-ix.net<mailto:
>>> bastiaan.goslings at ams-ix.net>
>>> > > <mailto:bastiaan.goslings at ams-ix.net<mailto:
>>> bastiaan.goslings at ams-ix.net>>>> a écrit :
>>> > > Thanks for clarifying, Alan. As a matter of
>>> > > principle I agree with Holly - and Michele.
>>> While
>>> > > I think I understand the good intent of what
>>> you
>>> > > are saying, your earlier responses almost
>>> sound to
>>> > > me like a false ‘security versus privacy’
>>> > > dichotomy. Like, the number of people
>>> (users) that
>>> > > care about security as opposed to those
>>> > > (registrants) that want their privacy
>>> protected to
>>> > > the max is larger. Etc. Apologies if I am
>>> > > oversimplifying things here, I do not mean
>>> to. In
>>> > > this particular EPDP case though I am
>>> convinced
>>> > > that we can find a common ground on what the
>>> ALAC
>>> > > members and alternates should bring to the
>>> table.
>>> > > In terms of perceived registrants’ and
>>> general
>>> > > Internet end-users’ interests. As you
>>> rightly
>>> > > state, it is about being GDPR compliant. So
>>> we do
>>> > > not have to be philosophical about a rather
>>> broad
>>> > > term like ‘privacy’ and argue about
>>> whether it
>>> > > is in conflict with e.g. the interest of
>>> LEAs.
>>> > > Indeed, ‘Privacy is not absolute’.
>>> However,
>>> > > ‘due process’ is a(nother) no brainer,
>>> not
>>> > > just because it might be a legal
>>> requirement. From
>>> > > what I understand the work being done on
>>> defining
>>> > > Access and Accreditation criteria is keeping
>>> that
>>> > > principle in mind, and within in the MS
>>> context of
>>> > > the EPDP we can together see to it that it
>>> does
>>> > > end up properly enshrined in policy and
>>> contracts.
>>> > > -Bastiaan
>>> > >
>>> > > On 3 Aug 2018, at 01:10, Alan Greenberg
>>> > > <alan.greenberg at mcgill.ca<mailto:
>>> alan.greenberg at mcgill.ca>
>>> > > <mailto:alan.greenberg at mcgill.ca<mailto:
>>> alan.greenberg at mcgill.ca>
>>> > > <mailto:alan.greenberg at mcgill.ca<mailto:
>>> alan.greenberg at mcgill.ca>>>> wrote:
>>> > > Holly, the original statement ends with
>>> "All
>>> > > within the constraints of GDPR of
>>> course." I
>>> > > don't know how to make that clearer. We
>>> would
>>> > > be absolutely FOOLISH to argue for
>>> anything
>>> > > else, since it will not be
>>> implementable. That
>>> > > being said, if through the EPDP or
>>> otherwise
>>> > > we can help make the legal argument for
>>> why
>>> > > good access for the folks we list at the
>>> end
>>> > > is within GDPR, more power to us. GDPR
>>> (and
>>> > > eventually similar legislation/regulation
>>> > > elsewhere) is the overall constraint. It
>>> is
>>> > > equivalent to the laws of physics which
>>> for
>>> > > the moment we need to consider
>>> inviolate. So
>>> > > my statement that "other issues trump
>>> privacy"
>>> > > is within that context. But just as
>>> > > proportionality governs what GDPR will
>>> decree
>>> > > as private in any given case, so it will
>>> > > govern what is not private. It all
>>> depends on
>>> > > making the legal argument and ultimately
>>> in
>>> > > needed convincing the courts. They are
>>> the
>>> > > arbiters, not me or anyone else in
>>> ICANN. In
>>> > > the US, there is the constitutional
>>> right to
>>> > > freedom of speech, but it is not
>>> unconstrained
>>> > > and there are limits to what you are
>>> allowed
>>> > > and not allowed to say. And from time to
>>> time,
>>> > > the courts and legislatures weigh in and
>>> > > decide where the line is. Alan At
>>> 02/08/2018
>>> > > 06:42 PM, Holly Raiche wrote:
>>> > >
>>> > > Hi Alan I have concerns with your
>>> > > statement - and since your reply
>>> below,
>>> > > with our statement of principles for
>>> the
>>> > > EPDP. As I suggested in my email of 1
>>> > > August, we need to be VERY clear
>>> that we
>>> > > are NOT arguing against
>>> implementation a
>>> > > policy that is compliant with the
>>> GDPR. Â
>>> > > We are arguing for other issues that
>>> > > impact on users - WITHIN the
>>> umbrella of
>>> > > the GDPR. Â And if we do not make
>>> that
>>> > > very clear, then we look as if we
>>> are not
>>> > > prepared to operate within the
>>> bounds of
>>> > > the EPDP - which is all about
>>> developing a
>>> > > new policy to replace the RDS
>>> requirements
>>> > > that will allow
>>> registries/registrars to
>>> > > comply with their ICANN contracts and
>>> > > operate within the GDPR framework.
>>> So your
>>> > > statement below that ‘yes, other
>>> issues
>>> > > trump privacyÂ’ - misstates that. Â
>>> What
>>> > > we are (or should be) arguing for is
>>> a
>>> > > balance of rights of access that -
>>> to the
>>> > > greatest extend possible -
>>> recognises the
>>> > > value of RDS to some constituencies
>>> with
>>> > > legitimate purposes - WITHIN the GDPR
>>> > > framework. That implicitly accepts
>>> that
>>> > > people/organisations that once had
>>> free
>>> > > and unrestricted access to the data
>>> will
>>> > > no longer have that open access. And
>>> for
>>> > > ALAC generally, I will repeat what I
>>> said
>>> > > in my 1 August email - our statement
>>> of
>>> > > principles must be VERY clear that
>>> we are
>>> > > NOT arguing for a new RDS policy
>>> that goes
>>> > > outside of the GDPR. Holly On 3 Aug
>>> 2018,
>>> > > at 1:29 am, Alan Greenberg
>>> > > <alan.greenberg at mcgill.ca<mailto:
>>> alan.greenberg at mcgill.ca>
>>> > > <mailto:alan.greenberg at mcgill.ca
>>> <mailto:alan.greenberg at mcgill.ca>
>>> > > <mailto:alan.greenberg at mcgill.ca
>>> <mailto:alan.greenberg at mcgill.ca>>> > wrote:
>>> > >
>>> > > At 02/08/2018 10:37 AM, Michele
>>> Neylon
>>> > > - Blacknight wrote:
>>> > >
>>> > > Jonathan / Alan Thanks for
>>> the
>>> > > clarifications. 3 - I don't
>>> know
>>> > > how you can know what the
>>> > > interests of a user are. The
>>> > > assumption you seem to be
>>> making
>>> > > is that due process and
>>> privacy
>>> > > should take a backseat to
>>> access
>>> > > to data
>>> > >
>>> > > Privacy is not absolute but
>>> based on
>>> > > various other issues. So yes, we
>>> are
>>> > > saying that in some cases, the
>>> other
>>> > > issues trump privacy. Perhaps we
>>> > > differ on where the dividing
>>> line is.
>>> > >
>>> > > 4 - Same as 3. Plenty of
>>> ccTLDs
>>> > > never offered PII in their
>>> public
>>> > > whois and there weren't any
>>> issues
>>> > > with security or stability.
>>> > > Skipping due process for
>>> "ease of
>>> > > access" is a very slippery
>>> and
>>> > > dangerous slope.
>>> > >
>>> > > Both here and in reply to #3,
>>> the term
>>> > > "due process" tends to be used in
>>> > > reference to legal constraints
>>> > > associated with law enforcement
>>> > > actions as sanctioned by laws and
>>> > > courts. That is one path to
>>> unlocking
>>> > > otherwise private information. A
>>> major
>>> > > aspect of the GDPR
>>> implementation will
>>> > > be identifying other less
>>> cumbersome
>>> > > and restricted processes for
>>> accessing
>>> > > WHOIS data by a variety of
>>> partners.
>>> > > It will not be unconstrained nor
>>> will
>>> > > it be as cumbersome as going to
>>> court
>>> > > (hopefully). Alan
>>> > >
>>> > > Regards Michele -- Mr Michele
>>> > > Neylon Blacknight Solutions
>>> > > Hosting, Colocation & Domains
>>> > > https://www.blacknight.com/
>>> > > <https://www.blacknight.com/
>>> >
>>> > > https://blacknight.blog/
>>> > > <https://blacknight.blog/>
>>> Intl.
>>> > > +353 (0) 59 Â 9183072 Direct
>>> Dial:
>>> > > +353 (0)59 9183090 Personal
>>> blog:
>>> > > https://michele.blog/ Some
>>> > > thoughts:
>>> https://ceo.hosting/
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > Blacknight Internet
>>> Solutions Ltd,
>>> > > Unit 12A,Barrowside Business
>>> > > Park,Sleaty
>>> > > Road,Graiguecullen,Carlow,R93
>>> > > X265,Ireland  Company No.:
>>> 370845
>>> > > On 02/08/2018, 15:03,
>>> > > "Jonathan Zuck"
>>> > > <JZuck at innovatorsnetwork.org
>>> <mailto:JZuck at innovatorsnetwork.org>>
>>> > > wrote: Â Â Thanks Michele! Â
>>> Â 3.
>>> > > Where there appears to be a
>>> > > conflict of interest between
>>> a
>>> > > registrant and
>>> non-registrant end
>>> > > user, we'll be endeavoring to
>>> > > represent the interests of
>>> the
>>> > > non-registrant end user. Â Â
>>> 4.
>>> > > Related to 3. This is simply
>>> an
>>> > > affirmation of the interests
>>> of
>>> > > end users in a stable and
>>> secure
>>> > > internet and it is those
>>> interests
>>> > > we'll be representing. We've
>>> > > included law enforcement
>>> because
>>> > > efficiencies regarding their
>>> > > access may come up. Just
>>> because
>>> > > there's always a way for
>>> them to
>>> > > get to data doesn't mean
>>> it's the
>>> > > best way. Â Â Make sense? Â Â
>>> > > Jonathan   -----Original
>>> > > Message----- Â Â From:
>>> GTLD-WG
>>> > > <
>>> > gtld-wg-bounces at atlarge-lists.icann.org<mailto:
>>> gtld-wg-bounces at atlarge-lists.icann.org>>
>>> > > On Behalf Of Michele Neylon -
>>> > > Blacknight   Sent:
>>> Wednesday,
>>> > > August 1, 2018 12:34 PM Â Â
>>> To:
>>> > > Alan Greenberg
>>> > > <alan.greenberg at mcgill.ca
>>> <mailto:alan.greenberg at mcgill.ca>>; CPWG
>>> > > <cpwg at icann.org<mailto:
>>> cpwg at icann.org>> Â Â Subject: Re:
>>> > > [GTLD-WG] [CPWG]
>>> > > [registration-issues-wg] ALAC
>>> > > Statement regarding EPDP Â Â
>>> Alan
>>> > >   1 - good   2 - good Â
>>> Â 3 -
>>> > > I don't understand what that
>>> means
>>> > > Â Â 4 - Why are you
>>> combining law
>>> > > enforcement and private
>>> parties?
>>> > > Law enforcement can always
>>> get
>>> > > access to data when they
>>> follow
>>> > > due process.   Regards  Â
>>> > > Michele   --   Mr Michele
>>> > > Neylon   Blacknight
>>> Solutions Â
>>> > > Â Hosting, Colocation &
>>> Domains Â
>>> > > Â
>>> https://www.blacknight.com/
>>> > > <https://www.blacknight.com/>
>>> Â Â
>>> > > https://blacknight.blog/
>>> > > <https://blacknight.blog/>
>>> Â Â
>>> > > Intl. +353 (0) 59 Â 9183072
>>> Â Â
>>> > > Direct Dial: +353 (0)59
>>> 9183090 Â
>>> > > Â Personal blog:
>>> > > https://michele.blog/ Â Â
>>> Some
>>> > > thoughts:
>>> https://ceo.hosting/ Â Â
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > Â Â Blacknight Internet
>>> Solutions
>>> > > Ltd, Unit 12A,Barrowside
>>> Business
>>> > > Park,Sleaty  Â
>>> > > Road,Graiguecullen,Carlow,R93
>>> > > X265,Ireland  Company No.:
>>> 370845
>>> > > Â Â On 01/08/2018, 17:27,
>>> > > "registration-issues-wg on
>>> behalf
>>> > > of Alan Greenberg"
>>> > > <
>>> > registration-issues-wg-bounces at atlarge-lists.icann.org<mailto:
>>> registration-issues-wg-bounces at atlarge-lists.icann.org>
>>> > > on behalf of
>>> > > alan.greenberg at mcgill.ca
>>> <mailto:alan.greenberg at mcgill.ca>> wrote: Â
>>> > > Â Â Â Â Â Yesterday, the EPDP
>>> > > Members were asked to
>>> present a
>>> > > 1-3 minute      Â
>>> summary of
>>> > > their groups position in
>>> regard to
>>> > > the EPDP. The following  Â
>>> Â Â Â
>>> > > Â is the statement agreed to
>>> by
>>> > > me, Hadia, Holly and Seun. Â
>>> Â Â Â
>>> > > Â Â 1. Â Â The ALAC believes
>>> that
>>> > > the EPDP MUST succeed and
>>> will be
>>> > > working       toward
>>> that
>>> > > end. Â Â Â Â Â Â 2. Â Â We
>>> have a
>>> > > support structure that we are
>>> > > organizing to ensure    Â
>>> Â Â
>>> > > that what we present here is
>>> > > understood by our community
>>> and
>>> > > has       their input
>>> and
>>> > > support. Â Â Â Â Â Â 3. Â Â
>>> The
>>> > > ALAC believes that individual
>>> > > registrants are users and we
>>> Â Â Â
>>> > > Â Â Â have regularly worked
>>> on
>>> > > their behalf (as in the PDP
>>> that
>>> > > we       initiated to
>>> > > protect registrant rights
>>> when
>>> > > their domains expire), if Â
>>> Â Â Â
>>> > > Â Â registrant needs differ
>>> from
>>> > > those of the 4 billion
>>> Internet
>>> > > users       who are not
>>> > > registrants, those latter
>>> needs
>>> > > take precedence. We    Â
>>> Â Â
>>> > > believe that GDPR and this
>>> EPDP
>>> > > are such a situation. Â Â Â
>>> Â Â Â
>>> > > 4. Â Â Although some Internet
>>> > > users consult WHOIS and will
>>> not
>>> > > be able       to do so
>>> in
>>> > > some cases going forward,
>>> our main
>>> > > concern is access for   Â
>>> Â Â Â
>>> > > those third parties who work
>>> to
>>> > > ensure that the Internet is
>>> a safe
>>> > > Â Â Â Â Â Â and secure place
>>> for
>>> > > users and that means that law
>>> > > enforcement, Â Â Â Â Â Â
>>> > > cybersecurity researchers,
>>> those
>>> > > combatting fraud in domain
>>> names,
>>> > > Â Â Â Â Â Â and others who
>>> help
>>> > > protect users from phishing,
>>> > > malware, spam, Â Â Â Â Â Â
>>> fraud,
>>> > > DDoS attacks and such can
>>> work
>>> > > with minimal reduction in Â
>>> Â Â Â
>>> > > Â Â access to WHOIS data. All
>>> > > within the constraints of
>>> GDPR of
>>> > > course. Â Â Â Â Â Â
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > Â Â Â Â Â Â CPWG mailing
>>> list  Â
>>> > > Â Â Â Â CPWG at icann.org
>>> <mailto:CPWG at icann.org> Â Â Â Â Â Â
>>> > >
>>> > https://mm.icann.org/mailman/listinfo/cpwg
>>> > > <
>>> > https://mm.icann.org/mailman/listinfo/cpwg>
>>> > > Â Â Â Â Â Â
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > Â Â Â Â Â Â
>>> registration-issues-wg
>>> > > mailing list      Â
>>> > >
>>> > registration-issues-wg at atlarge-lists.icann.org<mailto:
>>> registration-issues-wg at atlarge-lists.icann.org>
>>> > > Â Â Â Â Â Â
>>> > >
>>> > https://mm.icann.org/mailman/listinfo/registration-issues-wg
>>> > > Â Â
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > >   CPWG mailing list  Â
>>> > > CPWG at icann.org<mailto:
>>> CPWG at icann.org> Â Â
>>> > >
>>> > https://mm.icann.org/mailman/listinfo/cpwg
>>> > > <
>>> > https://mm.icann.org/mailman/listinfo/cpwg>
>>> > > Â Â
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > >   GTLD-WG mailing list  Â
>>> > >
>>> GTLD-WG at atlarge-lists.icann.org<mailto:GTLD-WG at atlarge-lists.icann.org>
>>> Â
>>> > > Â
>>> > >
>>> > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>> > > Â Â Working Group direct URL:
>>> > >
>>> > https://community.icann.org/display/atlarge/New+GTLDs
>>> > >
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > CPWG mailing list CPWG at icann.org
>>> <mailto:CPWG at icann.org>
>>> > > <mailto:CPWG at icann.org<mailto:
>>> CPWG at icann.org>
>>> > > <mailto:CPWG at icann.org<mailto:
>>> CPWG at icann.org>>>
>>> > >
>>> > https://mm.icann.org/mailman/listinfo/cpwg
>>> > > <
>>> > https://mm.icann.org/mailman/listinfo/cpwg>
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > registration-issues-wg mailing
>>> list
>>> > >
>>> > registration-issues-wg at atlarge-lists.icann.org<mailto:
>>> registration-issues-wg at atlarge-lists.icann.org>
>>> > >
>>> > https://mm.icann.org/mailman/listinfo/registration-issues-wg
>>> > >
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > CPWG mailing list CPWG at icann.org<mailto:
>>> CPWG at icann.org>
>>> > > <mailto:CPWG at icann.org<mailto:
>>> CPWG at icann.org>
>>> > > <mailto:CPWG at icann.org<mailto:
>>> CPWG at icann.org>>>
>>> > >
>>> https://mm.icann.org/mailman/listinfo/cpwg
>>> > > <
>>> https://mm.icann.org/mailman/listinfo/cpwg>
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > CPWG mailing list CPWG at icann.org<mailto:
>>> CPWG at icann.org>
>>> > > <mailto:CPWG at icann.org<mailto:CPWG at icann.org>
>>> <mailto:CPWG at icann.org<mailto:CPWG at icann.org>>>
>>> > > https://mm.icann.org/mailman/listinfo/cpwg
>>> > > <https://mm.icann.org/mailman/listinfo/cpwg>
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > CPWG mailing list CPWG at icann.org<mailto:
>>> CPWG at icann.org>
>>> > > https://mm.icann.org/mailman/listinfo/cpwg
>>> > > <https://mm.icann.org/mailman/listinfo/cpwg>
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > CPWG mailing list CPWG at icann.org<mailto:
>>> CPWG at icann.org>
>>> > > https://mm.icann.org/mailman/listinfo/cpwg
>>> > > <https://mm.icann.org/mailman/listinfo/cpwg>
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > > GTLD-WG mailing list GTLD-WG at atlarge-lists.icann.org
>>> <mailto:GTLD-WG at atlarge-lists.icann.org>
>>> > >
>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>> > > <
>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg>
>>> > > Working Group direct URL:
>>> > >
>>> https://community.icann.org/display/atlarge/New+GTLDs
>>> > > <
>>> https://community.icann.org/display/atlarge/New+GTLDs>
>>> > >
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > >
>>> > > CPWG mailing list
>>> > > CPWG at icann.org<mailto:CPWG at icann.org>
>>> > > https://mm.icann.org/mailman/listinfo/cpwg
>>> > >
>>> > >
>>> >
>>> ------------------------------------------------------------------------
>>> > >
>>> > > GTLD-WG mailing list
>>> > > GTLD-WG at atlarge-lists.icann.org<mailto:
>>> GTLD-WG at atlarge-lists.icann.org>
>>> > > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>> > >
>>> > > Working Group direct URL:
>>> > https://community.icann.org/display/atlarge/New+GTLDs
>>> > >
>>> >
>>> > _______________________________________________
>>> > CPWG mailing list
>>> > CPWG at icann.org<mailto:CPWG at icann.org>
>>> > https://mm.icann.org/mailman/listinfo/cpwg
>>> > _______________________________________________
>>> > GTLD-WG mailing list
>>> > GTLD-WG at atlarge-lists.icann.org<mailto:
>>> GTLD-WG at atlarge-lists.icann.org>
>>> > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>> >
>>> > Working Group direct URL:
>>> > https://community.icann.org/display/atlarge/New+GTLDs
>>> _______________________________________________
>>> CPWG mailing list
>>> CPWG at icann.org<mailto:CPWG at icann.org>
>>> https://mm.icann.org/mailman/listinfo/cpwg
>>> _______________________________________________
>>> GTLD-WG mailing list
>>> GTLD-WG at atlarge-lists.icann.org<mailto:
>>> GTLD-WG at atlarge-lists.icann.org>
>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>>
>>> Working Group direct URL:
>>> https://community.icann.org/display/atlarge/New+GTLDs
>>>
>>>
>>> _______________________________________________
>>> CPWG mailing list
>>> CPWG at icann.org<mailto:CPWG at icann.org>
>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>
>>>
>>>
>>> _______________________________________________
>>> CPWG mailing list
>>> CPWG at icann.org
>>> https://mm.icann.org/mailman/listinfo/cpwg
>>> _______________________________________________
>>> GTLD-WG mailing list
>>> GTLD-WG at atlarge-lists.icann.org
>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
>>>
>>> Working Group direct URL:
>>> https://community.icann.org/display/atlarge/New+GTLDs
>>
>>
>
> --
> Greg Shatan
> greg at isoc-ny.org
>
> "The Internet is for everyone"
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180809/72da82ce/attachment-0001.html>
More information about the CPWG
mailing list