[Gnso-epdp-team] Section 4.4.8
Alan Greenberg
alan.greenberg at mcgill.ca
Thu Sep 13 13:01:17 UTC 2018
Amr, my point was the uses the expression "legal bases" which can have multiple competing definitions and that is not a good basis (pun intended) for agreement.
Alan
--
Sent from my mobile. Please excuse brevity and typos.
On September 13, 2018 7:44:47 AM EDT, Amr Elsadr <aelsadr at icannpolicy.ninja> wrote:
>Hi Alan,
>
>The intention here was to state a principle on which further work down
>the road may be developed when we eventually get to deliberation on an
>access model. The principle is meant to provide guidance on a set of
>specific circumstances, that if met, should allow specific portions of
>non-public gTLD Registration Data to be shared with specific
>third-parties, to address specific issues. The objective is to allow
>this while maintaining compliance with GDPR, or possibly other privacy
>laws/regulations.
>
>This is not to say that a third-party requires the kind of legal rights
>or mandate I believe you are describing, as in your comparison between
>LEAs and independent cybersecurity workers. So yes, ICANN’s Mission
>does come into play here. In fact, I believe it to be a key factor of
>consideration. At some point, we’re going to have to deliberate on how
>that Mission does or does not allow third-parties access non-public
>Registration Data.
>
>I hope this was helpful.
>
>Thanks.
>
>Amr
>
>> On Sep 13, 2018, at 4:55 AM, Alan Greenberg
><alan.greenberg at mcgill.ca> wrote:
>>
>> I am generally in support of this, but I question the term "grounded
>in legal bases". It this the legal basis in reference to GDPR (ie that
>there needs to be a legitimate demonstrable need to access otherwise
>private information). Or a legal basis as in reference to law
>enforcement having a right to demand certain information.
>>
>> I can accept the former (if it is made clear), but not the latter.
>ICANN's Mission-defined interest in ensuring that security and
>stability of the DNS (and by implication, the trusted nature of the
>DNS) may create a need for cybersecurity workers to have access to
>certain data, but there is no LAW that gives them that right.
>>
>> Alan
>>
>> At 11/09/2018 04:33 PM, Alex Deacon wrote:
>>
>>> Hi All,
>>>
>>> As you know a group of us has been working to recommend an update to
>Section 4.4.8 of the temp spec.
>>>
>>> While we haven't come to full agreement on the update, we are pretty
>close and wanted to share the current/tentative output of the volunteer
>team with the broader team.
>>>
>>> 4.4.8 Supporting a framework that enables identification of
>third-parties with legitimate interests grounded in legal bases, and
>providing these third-parties with access to Registration Data relevant
>to addressing specific issues involving domain name registrations
>related to consumer protection, investigation of cybercrime, DNS abuse
>and intellectual property protection.
>>>
>>> The non-bold text was suggested by Amr/NCSG and the added bold text
>was an updated suggested by me/IPC and supported by the BC.
>>>
>>> Giving it a re-read again today I think additional word-smithing
>could be warranted, but for now I will resist and step away and let
>others share their thoughts.
>>>
>>> Alex
>>>
>>> --
>>> ___________
>>> Alex Deacon
>>> Cole Valley Consulting
>>> alex at colevalleyconsulting.com
>>> +1.415.488.6009
>>>
>>> _______________________________________________
>>> Gnso-epdp-team mailing list
>>> Gnso-epdp-team at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180913/b8d0874f/attachment.html>
More information about the Gnso-epdp-team
mailing list