[Gnso-epdp-team] 4.4.9 (and 4.4.2)
Alan Greenberg
alan.greenberg at mcgill.ca
Sat Sep 15 02:55:38 UTC 2018
Thanks Laureen. Well said. I definitely agree.
Alan
At 13/09/2018 03:24 PM, Kapin, Laureen via Gnso-epdp-team wrote:
>Dear colleagues:
>
>Following up on Tuesdays discussion, I wanted
>to focus on the range of legitimate purposes for
>the ICANN organization. As there continues to
>be confusion and disagreement on the distinction
>between third party interests and ICANN
>purposes, and weve been asked to weigh on a
>proposed chart that lists legitimate purposes, I
>thought it would be helpful to set out our views
>in more detail. Simply put, ICANNs Bylaws show
>that ICANNs legitimate purposes in processing
>gTLD registration data include the following:
>
>· facilitating the resilience, security,
>and/or stability of the DNS (Section 1.1, Mission)
>· preserving and enhancing the operational
>stability, reliability, security, global
>interoperability, resilience, and openness of
>the DNS and the Internet (Section 1.2 (a) Commitments)
>· address issues of competition, consumer
>protection, malicious abuse, sovereignty
>concerns, and rights protection (Section 4.6
>(d), Specific Reviews, Competition, Consumer Trust and Consumer Choice)
>· assess whether registry directory service implementation:
>o meets the legitimate needs of law enforcement
>o promotes consumer trust
>o safeguards registrant data (Section 4.6
>(e), Specific Reviews, Registration Directory Service Review)
>
>As a result, ICANNs own legitimate purposes
>must include processing registrant data to meet
>ICANNs mission, mandate, commitments and
>responsibilities set forth in the
>Bylaws. Therefore, while Ashleys proposed language for Temp. Spec. 4.4.9 --
>
>Enabling the prevention and detection of
>cybercrime and illegal DNS abuse to promote the
>resilience, security, stability and/or
>reliability of the DNS and the
>Internet. Enabling the prevention of unlawful
>conduct to meet the legitimate needs of law
>enforcement and public authorities promoting
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>
>-- relates to third parties, such as those
>involved in detecting cybercrime, investigating
>DNS abuse and other unlawful conduct, it does
>NOT constitute a third-party purpose. Rather,
>the proposal reflects ICANNs Bylaw-mandated
>responsibility to (among other tasks) facilitate
>the security and stability of the DNS and the
>Internet which includes processing a defined set
>of RDS information which may under certain
>circumstances, be disclosed to third-parties.
>
>I also note that ICANN commits to duly taking
>into account the public policy advice of
>governments and public authorities (among other
>stakeholders) and that ICANN must act for the
>benefit of the public. (Art. 1.2 (a)
>Commitments). The Bylaw mandated
>responsibilities to protect the security and
>stability of the DNS and the Internet, address
>issues of consumer protection and DNS abuse,
>promote consumer trust, and safeguard registrant
>data go to the heart of the public interest.
>
>Best regards,
>Laureen Kapin
>Counsel for International Consumer Protection
>Office of International Affairs
>Federal Trade Commission
><tel:(202)%20326-3237>(202) 326-3237
><mailto:lkapin at ftc.gov>lkapin at ftc.gov
>
>
>
>
>On: 05 September 2018 16:47,
>"Heineman, Ashley"
><<mailto:AHeineman at ntia.doc.gov>AHeineman at ntia.doc.gov> wrote:
>
>Dear all. Please find below proposed edits to
>4.4.9, which should be considered initial input
>as further discussion is welcomed. Also
>included below are some recommended edits to
>4.4.2, which I realize is being reviewed/modified by someone else.
>
>Regarding 4.4.9, the proposed text is:
>
>Enabling the prevention and detection of
>cybercrime and illegal DNS abuse to promote the
>resilience, security, stability and/or
>reliability of the DNS and the
>Internet. Enabling the prevention of unlawful
>conduct to meet the legitimate needs of law
>enforcement and public authorities promoting
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>
>After a lot of deliberation and thought, we
>decided that this text should remain under
>section 4.4 (not be moved) as this section is a
>list of ICANNs and the Contracted Parties
>legitimate purposes for processing data and
>accordingly we want a reference to this purpose
>as we believe it influences/touches upon at
>least two stages of their processing (collection and disclosure).
>
>That being said, let it be clear that we are not
>seeking the collection of additional WHOIS data
>elements. However, we do want to ensure that
>the collection of existing WHOIS data fields continue to be maintained.
>
>Further, it is our view that the collection and
>disclosure of information, as it aligns with
>efforts to combat cybercrime and other illegal
>DNS abuse, is fully consistent with ICANN bylaws
>and therefore fits within ICANNs
>purposes. (see specific bylaw references below).
>
>Lastly, our initial text reflects a concerted
>effort not to conflate ICANNs purposes with
>that of LEA/government authorities. It is our
>view that the interests and lawful basis of
>third parties (such as LEA/government
>authorities) should be articulated elsewhere as appropriate.
>
>ICANN Bylaws (excerpts)
>Section 1.2. COMMITMENTS AND CORE VALUES
>In performing its Mission, ICANN will act in a
>manner that complies with and reflects ICANNs
>Commitments and respects ICANNs Core Values, each as described below.
>
>(a) COMMITMENTS
>***
>(i) Preserve and enhance the administration of
>the DNS and the operational stability,
>reliability, security, global interoperability,
>resilience, and openness of the DNS and the Internet.
>
>Section 4.6. SPECIFIC REVIEWS
>***
> (e) Registration Directory Service Review
>
>(ii) The Board shall cause a periodic review to
>assess the effectiveness of the then current
>gTLD registry directory service and whether its
>implementation meets the legitimate needs of law enforcement,
>promoting consumer trust and safeguarding registrant data.
>
>
>Regarding 4.4.2, we offer the following edits
>for consideration. We believe this provides the
>necessary specificity required under GDPR:
>
>Providing collection and disclosure of accurate,
>reliable, and uniform Registration Data based on
>lawful basis, consistent with GDPR, to ensure
>resilience, security, and/or stability of the
>DNS. In the case of legitimate interest as a
>basis, collection and disclosure must not
>outweigh the fundamental rights of relevant data subjects.
>
>_______________________________________________
>Gnso-epdp-team mailing list
>Gnso-epdp-team at icann.org
>https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180914/d28f0f36/attachment.html>
More information about the Gnso-epdp-team
mailing list