[Gnso-epdp-team] 4.4.9 (and 4.4.2)

Alan Greenberg alan.greenberg at mcgill.ca
Sat Sep 15 02:55:38 UTC 2018 

Thanks Laureen. Well said. I definitely agree.

Alan

At 13/09/2018 03:24 PM, Kapin, Laureen via Gnso-epdp-team wrote:

>Dear colleagues:
>
>Following up on Tuesday’s discussion, I wanted 
>to focus on the range of legitimate purposes for 
>the ICANN organization.  As there continues to 
>be confusion and disagreement on the distinction 
>between third party interests and ICANN 
>purposes, and we’ve been asked to weigh on a 
>proposed chart that lists legitimate purposes, I 
>thought it would be helpful to set out our views 
>in more detail.  Simply put, ICANN’s Bylaws show 
>that ICANN’s legitimate purposes in processing 
>gTLD registration data include the following:
>
>·       facilitating the resilience, security, 
>and/or stability of the DNS (Section 1.1, Mission)
>·       preserving and enhancing the operational 
>stability, reliability, security, global 
>interoperability, resilience, and openness of 
>the DNS and the Internet (Section 1.2 (a) Commitments)
>·       address issues of competition, consumer 
>protection, malicious abuse, sovereignty 
>concerns, and rights protection (Section 4.6 
>(d), Specific Reviews, Competition, Consumer Trust and Consumer Choice)
>·       assess whether registry directory service implementation:
>o   meets the legitimate needs of law enforcement
>o   promotes consumer trust
>o   safeguards registrant data  (Section 4.6 
>(e), Specific Reviews, Registration Directory Service Review)
>
>As a result, ICANN’s own legitimate purposes 
>must include processing registrant data to meet 
>ICANN’s mission, mandate, commitments and 
>responsibilities set forth in the 
>Bylaws.  Therefore, while Ashley’s proposed language for Temp. Spec. 4.4.9 --
>
>Enabling the prevention and detection of 
>cybercrime and illegal DNS abuse to promote the 
>resilience, security, stability and/or 
>reliability of the DNS and the 
>Internet.  Enabling the prevention of unlawful 
>conduct to meet the legitimate needs of law 
>enforcement and public authorities promoting 
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>
>-- relates to third parties, such as those 
>involved in detecting cybercrime, investigating 
>DNS abuse and other unlawful conduct, it does 
>NOT constitute a third-party purpose.  Rather, 
>the proposal reflects ICANN’s Bylaw-mandated 
>responsibility to (among other tasks) facilitate 
>the security and stability of the DNS and the 
>Internet which includes processing a defined set 
>of RDS information which may under certain 
>circumstances, be disclosed to third-parties.
>
>I also note that ICANN commits to duly taking 
>into account the public policy advice of 
>governments and public authorities (among other 
>stakeholders) and that ICANN must act for the 
>benefit of the public. (Art. 1.2 (a) 
>Commitments).  The Bylaw mandated 
>responsibilities to protect the security and 
>stability of the DNS and the Internet, address 
>issues of consumer protection and DNS abuse, 
>promote consumer trust, and safeguard registrant 
>data go to the heart of the public interest.
>
>Best regards,
>Laureen Kapin
>Counsel for International Consumer Protection
>Office of International Affairs
>Federal Trade Commission
><tel:(202)%20326-3237>(202) 326-3237
><mailto:lkapin at ftc.gov>lkapin at ftc.gov
>
>
>
>
>On: 05 September 2018 16:47,
>"Heineman, Ashley" 
><<mailto:AHeineman at ntia.doc.gov>AHeineman at ntia.doc.gov> wrote:
>
>Dear all.  Please find below proposed edits to 
>4.4.9, which should be considered initial input 
>as further discussion is welcomed.  Also 
>included below are some recommended edits to 
>4.4.2, which I realize is being reviewed/modified by someone else.
>
>Regarding 4.4.9, the proposed text is:
>
>Enabling the prevention and detection of 
>cybercrime and illegal DNS abuse to promote the 
>resilience, security, stability and/or 
>reliability of the DNS and the 
>Internet.  Enabling the prevention of unlawful 
>conduct to meet the legitimate needs of law 
>enforcement and public authorities promoting 
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>
>After a lot of deliberation and thought, we 
>decided that this text should remain under 
>section 4.4 (not be moved) as this section is a 
>list of ICANN’s and the Contracted Parties’ 
>legitimate purposes for processing data and 
>accordingly we want a reference to this purpose 
>as we believe it influences/touches upon at 
>least two stages of their processing (collection and disclosure).
>
>That being said, let it be clear that we are not 
>seeking the collection of additional WHOIS data 
>elements.  However, we do want to ensure that 
>the collection of existing WHOIS data fields continue to be maintained.
>
>Further, it is our view that the collection and 
>disclosure of information, as it aligns with 
>efforts to combat cybercrime and other illegal 
>DNS abuse, is fully consistent with ICANN bylaws 
>and therefore fits within ICANN’s 
>purposes.  (see specific bylaw references below).
>
>Lastly, our initial text reflects a concerted 
>effort not to conflate ICANN’s purposes with 
>that of LEA/government authorities.  It is our 
>view that the interests and lawful basis of 
>third parties (such as LEA/government 
>authorities) should be articulated elsewhere as appropriate.
>
>ICANN Bylaws (excerpts)
>Section 1.2. COMMITMENTS AND CORE VALUES
>In performing its Mission, ICANN will act in a 
>manner that complies with and reflects ICANN’s 
>Commitments and respects ICANN’s Core Values, each as described below.
>
>(a)    COMMITMENTS
>***
>(i) Preserve and enhance the administration of 
>the DNS and the operational stability, 
>reliability, security, global interoperability, 
>resilience, and openness of the DNS and the Internet.
>
>Section 4.6. SPECIFIC REVIEWS
>***
>      (e) Registration Directory Service Review
>
>(ii) The Board shall cause a periodic review to 
>assess the effectiveness of the then current 
>gTLD registry directory service and whether its 
>implementation meets the legitimate needs of law enforcement,
>promoting consumer trust and safeguarding registrant data.
>
>
>Regarding 4.4.2, we offer the following edits 
>for consideration.  We believe this provides the 
>necessary specificity required under GDPR:
>
>Providing collection and disclosure of accurate, 
>reliable, and uniform Registration Data based on 
>lawful basis, consistent with GDPR, to ensure 
>resilience, security, and/or stability of the 
>DNS.  In the case of legitimate interest as a 
>basis, collection and disclosure must not 
>outweigh the fundamental rights of relevant data subjects.
>
>_______________________________________________
>Gnso-epdp-team mailing list
>Gnso-epdp-team at icann.org
>https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180914/d28f0f36/attachment.html>

More information about the Gnso-epdp-team mailing list