[Gnso-epdp-team] Materials for agenda item #4

Greg Aaron greg at illumintel.com
Mon Jul 22 20:25:28 UTC 2019 

As I mentioned on Thursday's call, criminal acts on the Internet are not dealt with exclusively by law enforcement.  The vast majority of cases are dealt with by private entities, such as in-house investigators at networks, security companies dealing with phishing, private investigators, etc. etc.  See also Recital 49.

 

So, a fruitful approach to finding  commonalities is to begin with the WHAT: WHAT is being investigated and WHAT the goals of the exercise are.  In many cases, both a private party and an LE agent may use similar methods, and may be trying to accomplish similar goals.   For example see the attached use case from SSAC – both LE and private entities go through these kinds of steps, with similar goals.

 

Then perhaps comes the issue WHO is looking into it, and what differences that entails.  The differences:  Law Enforcement has a special status under the law, and may have a special GDPR basis when requesting data.  And LE has some powers that private entities cannot deploy – such as arresting people and obtaining search warrants.  

  

So, I hope the team can consider these ideas at it proceeds.

 

All best,

--greg

 

From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of Mueller, Milton L
Sent: Wednesday, July 17, 2019 5:40 PM
To: Janis Karklins <karklinsj at gmail.com>
Cc: gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] Materials for agenda item #4

 

Janis:

 

> We are using cases to identify commonalities that would allow us, the Team, 

> to develop policy recommendations how to best implement provisions of GDPR.

 

I know that. That is exactly why I have proposed to consolidate them in the way I have. It seems to me that the commonalities in the cases I proposed to merge are fairly obvious. If it is a criminal case, for example, it really doesn’t matter a lot whether it is a copyright crime or a trademark crime or a phishing crime, the point is that you will have a government LEA requesting information needed to attribute and capture the criminal, which might be obtained through RDS or through subpoenas or other means. If someone can explain how the use case differs substantially in ways that affect the application of GDPR, let them do so. 

 

Use cases are just a method that allows us to focus our attention to all necessary aspects of future policy recommendations. Therefore, cases need not be ideally drafted but rather represent/outline real life situations and help us understand concerns of different groups. 

 

This comment is completely off the mark. Nothing in my document takes issue with any case because it is not “perfectly drafted.” It does not address the drafting at all. It talks about commonalities in their substance. You said: “we should not try to agree on every word in the case,  but rather to seek common understanding/ touch-points.” Which is exactly why I proposed to consolidate cases on more general terms. 

 

> I would propose that we look at your proposal of use cases merger by e-mail 

> exchange and in the meantime, take most supported cases and discuss them 

> thru as suggested - thoroughly but quickly.

 

This is not an acceptable proposal. In effect you are saying that you will ignore my proposed consolidation, and that we will waste time going case by case through all the cases anyway, based on an illegitimate survey that excluded half of the team. 

 

And when you say “thoroughly but quickly” you are living in a fantasy world. That will not  happen. Think of how much time we spent on a single TM case. If the use cases have any value we need carefully consider the problems they pose. That will happen more efficiently if the cases are more general. That is why we need to consolidate the cases. We will raise this issue on the call tomorrow. 

 

> I invite other Team members to join the conversation on Milton's proposal.

 

We will have that conversation tomorrow on the call.

 

Dr. Milton L Mueller

Georgia Institute of Technology

School of Public Policy

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190722/76bc9d45/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SSAC Crime-Abuse Investigation Use Case.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 65684 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190722/76bc9d45/SSACCrime-AbuseInvestigationUseCase-0001.docx>

More information about the Gnso-epdp-team mailing list