[gnso-rds-pdp-wg] Dangers of public whois
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Tue Feb 14 04:35:45 UTC 2017
I am not quite sure which arguments Alex is labelling obstructive, but I
feel compelled (at the risk of being called obstructive) to clarify a
couple of things. As a non lawyer, I would add.
1. Proportionality is a pretty well known concept in EU law, as is the
reasonable person test I talked about last week, in common law. It does
not mean that by introducing those concepts into the law, we are
punching a hole in the bottom of the bucket. It does not mean that all
a party has to claim is "I need that data" "I have a business that was
founded on harvesting that data" or "if I don't get that data my auto
bots will not be able to send out letters automatically, I will have to
hire people to do work", and a data commissioner is supposed to fold and
say "why shucks, you need that data you just go right ahead and take
it. Chances are the individuals will never know". Not saying that
doesn't happen, of course, humanity being what it is....
2. We are supposed to be finding out what the right thing to do is. I
do not expect anyone on the IP/BC to stop arguing that they need the
data, (although I do pray for conversions on a biblical scale in my
private moments) and I will not label you or John Horton or anyone else,
I hope, obstructive for continuing to insist on the same arguments.
Happy to have it pointed out if I am getting shrill, sometimes we all
get short tempered. But repeating the same argument and refusing to fold
is not obstructive. (I believe the BC or the IPC even added similar
language into their comments on the recent draft anti-harassment policy,
for which I congratulate them.)
3. As for bread crumb data. This is a very difficult area. For those
of us who are not prepared to give up on privacy, the fact that you can
find anything about anybody today without their consent, if you know
where to look and what identifiers to use is not okay. As we move into
the IOT (following some of Sam's examples) we do get closer to that
world, and if we dont hurry up it will be hard to have any privacy about
our most intimate affairs. So privacy advocates (and not just the lone
nutter volunteering on this group who is speaking at the moment) are
determined to set limits on bread crumb data. (see the 2014 paper by the
Art 29, which touches on some of these issues
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf).
Those of us who also administered the access to information acts when
those acts were in their infancy, heard a lot of earnest argument from
defence/intelligence/law enforcement agencies that we could not release
seemingly innocuous crumbs of data lest they contribute to the "mosaic
effect", whereby a dangerous picture of intelligence gathering/law
enforcement techniques etc could be deduced from small elements
released, once combined with others. Obviously this is true. The same
agencies, again quite logically, argued that the same did not apply to
personal data they needed. Personally, I find it hard to agree with
that. Sadly, in the internet world, individuals are on their own in a
largely unregulated universe. They are the victims of "information
asymmetry", anyone with a life is too busy to be focused on what is
happening to their personal data. We are past the point where someone
can say "caveat emptor, it is up to the individual to read everything
and find out what is happening to their data." Bread crumb data is
therefore much more important now than it was when the original deal for
a wide open WHOIS was hatched.
4. AS for authentication to get access to thick data, which you have
pointed out correctly lies ahead of us.....we should not substitute one
completely insecure open data trove with one with a weak authenticator
that only stops bots. You and Scott Hollenbeck and many others would
know better than I what we need, but given we only tweak this thing
every 20 years we had better think ahead and make it better than an
email address. We need to be able to arrest those who are committing
fraud to get access to PI, what standard of evidence would that take?
Stephanie Perrin
On 2017-02-13 20:23, Deacon, Alex wrote:
> All,
>
> So it seems the debate has progressed from “thin data” to “thick data” (i.e. data that includes email). I know we are all super excited to talk about “thick data” but I don’t think we are there yet (are we? Hopefully I didn’t miss the party…)
>
> Focusing on thin data for the moment I struggle to understand how it is personal data. I do not believe it is. As for the odd logic proposed by some that the property of privacy is transitive (i.e. Because “thin data” can be used to link/point/discover other data then “thin data” equals “personal data”) I just don’t buy it.
>
> I don’t disagree with much of what was expressed in this thread, however we must keep in mind that balance and proportionality are important concepts in many (all?) data privacy laws. Any arguments that imply that no such balance exists (or should exist) is obstructive IMO.
>
> Alex
>
>
> On 2/13/17, 5:42 AM, <gnso-rds-pdp-wg-bounces at icann.org on behalf of michele at blacknight.com> wrote:
>
> I agree and I know from how I’ve used various email addresses that they are actively being harvested and spammed.
>
> Also it’s one of the biggest sources of complaints we get from our clients (registrants)
>
> It’s definitely not an “edge case”.
>
> Regards
>
> Michele
>
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> http://blacknight.blog/
> Intl. +353 (0) 59 9183072
> Direct Dial: +353 (0)59 9183090
> Social: http://mneylon.social
> Some thoughts: http://ceo.hosting/
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170213/efde6624/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list