[CPWG] [registration-issues-wg] [GTLD-WG] Next possible move related to GDPR

Holly Raiche h.raiche at internode.on.net
Tue Sep 4 11:58:23 UTC 2018 

Folks

First - Carlton, while I almost always agree with you, I”m afraid that, this time, I think Bastiaan has made a very good argument and I agree with his statement - which is even more impressive since English is not his first language.  Well done Bastiaan.

And for Carlton - I still think we are on the same page - or close to.  

And to borrow from a presentation I recently attended:  the issue isn’t privacy versus security; it is really an issue of one aspect of security versus another - both are necessary.

Holly
On 4 Sep 2018, at 8:43 pm, Bastiaan Goslings <bastiaan.goslings at ams-ix.net> wrote:

> 
>> On 4 Sep 2018, at 12:22, Carlton Samuels <carlton.samuels at gmail.com> wrote:
>> 
>> Bastiaan:
>> You seem adept at destroying context to feed your allergy.
> 
> 
> I ’seem adept at destroying’?
> 
> Ok, thank you… I am not an English native speaker so I had to look it up just to confirm what you might mean. You have a talent for (‘seem adept at’) phrasing your sentences quite archaically ;-)
> 
> Anyway, perception is of course in the eye of the beholder, which I’ll have to respect and therefore cannot comment on. Suffice to say I completely disagree, I have no intention whatsoever to consciously destroy anything, I could have easily quoted someone else to make my point. One that still stands btw.
> 
> 
>> My phrasing was in context of defining what I meant by majority. Your interpretation blithely ignored the contextual meaning..There  is a word for that I cannot recall at the minute.
>> 
>> Kindly,
>> -Carlton
> 
> 
> Right. Not very ‘kind’ from where I sit, but I am not going to take offence here.
> 
> -Bastiaan
> 
> 
> 
> 
> 
>> 
>> On Tue, 4 Sep 2018, 3:54 am Bastiaan Goslings, <bastiaan.goslings at ams-ix.net> wrote:
>> Unless I am mistaken I do not think we have to make a ‘decision that will favour either the protection of registrants OR the protection of end users’.
>> 
>> Following this thread I am probably somewhat in the middle here: I definitely agree with the call for ‘balance’ but also think we have to be pragmatic and therefor need to establish what this required ’balance’ means in practical terms in order to help our EPDP members and alternates form a position.
>> 
>> (Fyi I am somewhat allergic to statements like ‘we as end users advocates are morally bound to prioritize the interests of the majority’. Personally I automatically tend to go for the underdog position, I am not going to elaborate on how minority groups everywhere suffer from apparent political, religious and/or commercial majority viewpoints. No need to respond to that, it just a personal thing)
>> 
>> In this case I don’t think are fundamentally disagreeing though, I think it is more a matter of tone. It does seem as if we are continuously emphasising that certain third parties should have access to non-public WHOIS data in the public interest, as if that is the only concern and it is bad enough that GDPR and the like make gated access even a requirement in the first place. Like, who cares about privacy, that is just a ‘minority’ interest. The false security versus privacy paradigma I referred to before, combined with a ‘there are many more users than registrants’ rationale. And I know we hat is not what we think and/or are saying, but in terms of tone that is what sticks, at least with me.
>> 
>> I am of the opinion that a more balanced approach is indeed necessary. In practical terms I think we can do so by on the one hand seeing to it that ICANN becomes compliant with applicable data protection legislation like the GDPR, which in my opinion is not ‘a given’ looking at the current Temp Spec, advise from the EDPB, and what certain stakeholders within the EPDP are striving for. Of course I also am convinced that third party access based on legitimate interests are a no brainer. But even if that is the case, we need to see to it that WHOIS data are ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’ as art 5.1 (b) of the GDPR says. If that is not taken care of properly then we might be looking at a future scenario where e.g. LEAs with certified access to non-public WHOIS data will not be able to get all the data required as they’ll no longer be collected…
>> 
>> -Bastiaan
>> 
>> 
>>> On 4 Sep 2018, at 10:02, Evan Leibovitch <evanleibovitch at gmail.com> wrote:
>>> 
>>> Hi Tijani,
>>> 
>>> When nuance is possible, I have faith in our people to understand and work with that. Ideally we want both domain owners and domain users to be free from abuse. However, when there are decisions that will favour either the protection of registrants OR the protection of end users, our scale is balanced 98 to 2. Such hard choices - such as the very definitions of "harm" or "abuse"- will not be avoidable and we cannot shirk from that.
>>> 
>>> Cheers,
>>> Evan
>>> 
>>> PS: I am not sure that AFNIC/.fr is a good example, since well-run ccTLDs with residency requirements are typically not sources of significant end-user abuse. Were ICANN run like AFNIC or CIRA it's likely that gTLDs might not be such sources of abuse and this debate would be unnecessary.
>>> _______________________________________________
>>> CPWG mailing list
>>> CPWG at icann.org
>>> https://mm.icann.org/mailman/listinfo/cpwg
>> 
> 
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg

More information about the CPWG mailing list