[Gdd-gnso-ppsai-impl] PP services for gated access data
gtheo
gtheo at xs4all.nl
Fri Aug 31 08:15:14 UTC 2018
Hi all,
Seems all paths lead to the GNSO.
So I think there are two tracks;
Pause it and wait for the ePDP, if Peter is correct and the UAM is the
answer I do not see a need for the disclosure frameworks as the UAM
will apply to privacy providers and or redacted WHOIS records.
Then there is the existential question, and Greg is correct not for us
to decide on but we can assist the GNSO to gain a better understanding
how the landscape has changed compared to years ago when we started this
group.
Correct?
Theo
Amy Bivins schreef op 2018-08-30 09:52 PM:
> Thanks, Greg!
>
> It’s my understanding that (a) if it is the consensus view of the IRT
> that a Policy issue has come up that is not addressed in the Final
> Recommendations that (b) should or must be addressed (or if it is
> unclear whether the issue should be addressed) before we can proceed,
> then the appropriate vehicle for resolution would be for the Council
> Liaison to escalate the issue to the Council (looking at the IRT
> guidelines, here:
> https://gnso.icann.org/sites/default/files/file/field-file-attach/2016-12/irt-principles-guidelines-23aug16-en.pdf).
>
> I don’t think the Council would necessarily have to reconsider the
> policy itself, but that’s one of the options—I think the Council could
> also use its relatively new guidance process (GGP) or initiate an ePDP
> if the Council decided to do so (that’s my understanding, but I will
> confirm with the Policy team on this). Procedurally, I think any
> change in course would have to come from the Council, as ICANN org is
> currently implementing based on the Council and Board’s instruction to
> proceed to implementation.
>
> Best,
> Amy
>
> From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org> On
> Behalf Of DiBiase, Gregory via Gdd-gnso-ppsai-impl
> Sent: Thursday, August 30, 2018 3:29 PM
> To: gdd-gnso-ppsai-impl at icann.org
> Subject: Re: [Gdd-gnso-ppsai-impl] PP services for gated access data
>
> Hi Peter,
>
> This seems like a substantive policy change that was not envisioned or
> included in the original policy. Accordingly, I don’t think the IRT
> is empowered to make this change.
>
> If you think the changes created by the GDPR necessitate substantive
> changes to the underlying policy (which I think is a reasonable view),
> then I think it would be necessary to pause the IRT and reconsider the
> policy itself. (is that right Amy?)
>
> Thanks,
> Greg
>
> From: Gdd-gnso-ppsai-impl
> [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Roman,
> Peter (CRM)
> Sent: Thursday, August 30, 2018 10:28 AM
> To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>
> Subject: [Gdd-gnso-ppsai-impl] PP services for gated access data
>
> All –
>
> Just to continue the smaller discussion from today’s call:
>
> Putting aside the existential question of whether the business case
> for privacy/proxy makes sense following the implementation of the
> GDPR, and assuming that:
>
> 1) privacy/proxy providers will continue to do business and
>
> 2) the EPDP is going to reach a solution that will give IP rights
> holders, cybersecurity researchers, law enforcement, and other vetted
> people access to the registrant data that is not publicly available;
>
> I propose that the IRT consider that, since the second tier of WHOIS
> data would only be available to vetted, accredited law enforcement,
> cybersecurity, IP rights holders, etc. that have represented that they
> have a legitimate purpose for accessing the data, and since that data
> is merely subscriber data (which under the Council of Europe’s
> CyberCrime Convention, and numerous other legal regimes as well, is
> deserving of the lowest level of privacy protection), and therefore no
> legitimate purpose is served by further hindering access to such data,
> the IRT should add the following language to the draft PPAA:
>
> 3.5.7 Provider shall not provide Services for Customers whose data is
> non-public.
>
> Or
>
> 3.5.7 Provider shall not provide Services for Customers whose data is
> only accessible through gated access in the RDDS system and is not
> publicly available through WHOIS.
>
> Thanks,
>
> Peter Roman
>
> Senior Counsel
> Computer Crime & Intellectual Property Section
> Criminal Division
> Department of Justice
> 1301 New York Ave., NW
> Washington, DC 20530
> (202) 305-1323
> peter.roman at usdoj.gov<mailto:peter.roman at usdoj.gov>
>
> From: Gdd-gnso-ppsai-impl
> [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Theo
> Geurts
> Sent: Thursday, August 30, 2018 3:08 AM
> To:
> gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>;
> Michele Neylon - Blacknight
> <michele at blacknight.com<mailto:michele at blacknight.com>>
> Subject: Re: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT
> meeting are attached
>
>
> Agreed on the moving target part. Not too mention another moving
> target that will render most of our work right down into the trash if
> it happens.
>
> http://domainincite.com/23371-could-a-new-us-law-make-gdpr-irrelevant
>
> This draft seems to be in direct conflict with some of the WG's
> recommendations;
> https://via.hypothes.is/https://www.internetgovernance.org/wp-content/uploads/Draft-WHOIS-Legislation-as-of-Aug-16-2018.pdf<https://via.hypothes.is/https:/www.internetgovernance.org/wp-content/uploads/Draft-WHOIS-Legislation-as-of-Aug-16-2018.pdf>
>
> Thanks,
>
> Theo
>
> On 30-8-2018 7:55, Michele Neylon - Blacknight wrote:
> I won’t be able to attend as I’m at an event.
>
> I also agree with the concerns raised by others about pegging
> *anything* to a moving target, which the Temp Spec is
>
> TLDR – it’s not policy – it’s a stopgap. Baking it into anything else
> is a really bad idea
>
> Regards
>
> Michele
>
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> http://blacknight.blog/
> Intl. +353 (0) 59 9183072
> Direct Dial: +353 (0)59 9183090
> Personal blog: https://michele.blog/
> Some thoughts: https://ceo.hosting/
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
>
> From: Gdd-gnso-ppsai-impl
> <gdd-gnso-ppsai-impl-bounces at icann.org><mailto:gdd-gnso-ppsai-impl-bounces at icann.org>
> on behalf of Amy Bivins
> <amy.bivins at icann.org><mailto:amy.bivins at icann.org>
> Reply-To:
> "gdd-gnso-ppsai-impl at icann.org"<mailto:gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org><mailto:gdd-gnso-ppsai-impl at icann.org>
> Date: Wednesday 29 August 2018 at 16:22
> To:
> "gdd-gnso-ppsai-impl at icann.org"<mailto:gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org><mailto:gdd-gnso-ppsai-impl at icann.org>
> Subject: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting
> are attached
>
> Dear Colleagues,
>
> This is a reminder that the PP IRT will meet tomorrow, Thursday, 30
> August, at 1600 UTC.
>
> A draft markup of the PPAA is attached. This markup is for discussion
> purposes only—it is not a final proposal and remains subject to
> revision. The draft is being circulated, without further delay, to
> continue the conversation. It has not been approved by senior
> management and is for discussion only.
>
> We would like to begin discussing the following topics tomorrow (but
> please feel free to comment before then on the list):
>
>
> 1. Some suggested edits track what’s in the Temporary Specification
> for gTLD Registration Data. For example, section 3.5.3.3. How should
> we approach drafting provisions modeled on the Temp Spec, given that
> its language is subject to change in the near future?
> 2. The disclosure frameworks seem to be written from the position
> that there’s no discretion for the Provider to not provide the
> underlying customer data if the conditions in the framework are met.
> Is this the intent? This could potentially cause issues under the
> GDPR, because this doesn’t seem to leave room to balance the interests
> of the data subjects with the legitimate interest of the parties
> requesting personal data.
> 3. The disclosure frameworks raise additional GDPR-related
> questions that are similar to questions raised in the Draft Framework
> Elements of a Potential Unified Access
> Model<https://www.icann.org/en/system/files/files/framework-elements-unified-access-model-for-discussion-20aug18-en.pdf>
> paper published by ICANN org. For example, what would the requirements
> be for logging requests for disclosure made under the frameworks (or
> even requests not governed by the frameworks)?
> 4. Do you see any other issues that you believe must be addressed
> related to GDPR that were not addressed in this markup?
> 5. Following the completion of the IRT’s review of this draft
> accreditation agreement and related matters, we believe are ready to
> proceed to public comment. Do you believe there is any reason why the
> IRT should not proceed to public comment?
> 6. We have heard questions from various members of the community
> about how the proposed accreditation program requirements will operate
> within the current Temp Spec RDDS environment. These proposed program
> requirements do not address how PP registrations interact with a gated
> access model or how they might be impacted, if at all, by the results
> of the EPDP. Is this an issue that the IRT believes should be explored
> at this stage? If any member of the IRT wishes to raise any comments
> or points about this topic, you are encouraged to do so during the IRT
> call or via the list.
>
>
> One area that may need further attention in the agreement is
> specifically defining what data is to be collected and for what
> purpose. In addition, the new Specification 8 contains some data
> processing requirements, but additional discussion is needed on the
> appropriate controller arrangements that are needed between ICANN, the
> registrar and the Provider.
>
> Best,
> Amy
>
> Amy E. Bivins
> Registrar Services and Engagement Senior Manager
> Registrar Services and Industry Relations
> Internet Corporation for Assigned Names and Numbers (ICANN)
> Direct: +1 (202) 249-7551
> Fax: +1 (202) 789-0104
> Email: amy.bivins at icann.org<mailto:amy.bivins at icann.org>
> www.icann.org<http://www.icann.org>
>
>
>
> _______________________________________________
>
> Gdd-gnso-ppsai-impl mailing list
>
> Gdd-gnso-ppsai-impl at icann.org<mailto:Gdd-gnso-ppsai-impl at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing list
> Gdd-gnso-ppsai-impl at icann.org
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
More information about the Gdd-gnso-ppsai-impl
mailing list