[gnso-rds-pdp-wg] Dangers of public whois
James Galvin
jgalvin at afilias.info
Thu Feb 9 22:15:57 UTC 2017
I have to say that my beliefs about private data have been evolving for
as long as this working group has existed.
One thing I believe now is that asking the question, “What is
private/personal/PII data?” is not the best way to approach the
problem.
In my opinion, in this world of “big data”, a case could be made
that everything is personal information. This includes the “thin
data” we’ve been talking about. The reality is that doing
“reverse lookups” with one or more bits of information can be quite
revealing, much more so for folks like Sean Spicer than others perhaps,
but nonetheless true.
As Greg A. pointed out later in this thread, different people have
different risk profiles and frankly there’s a limit to how much you
can protect people from their own ignorance.
In my opinion, our focus should be on what information we need and why,
i.e., what is the purpose of the registration data? We should be taking
a minimalist approach, to start, followed by extended discussion about
what else we might collect and why?
Although we need to keep in mind access and visibility of information,
as Chuck so often reminds us, that’s a separate discussion to be had
“next”, in the not too distant future I hope.
Discussions about what is personal data and what is not are distracting.
Let’s assume it all is and move forward from there. Understanding
the “why” collecting the data will quite naturally drive the
discussion of whether or not it needs to be “public” or in some way
be subject to “restricted access”.
Jim
More information about the gnso-rds-pdp-wg
mailing list