[gnso-rds-pdp-wg] Dangers of public whois

Sun Feb 19 23:27:44 UTC 2017

/Chuck, Steve, et. al.,/

/As I understand it the purpose of this meeting is to understand their 
views from their context, and not to engage them on our views.
/

/Given the long history of both whois and the data protection 
authorities, might we first simple ask them:
     (a) What do they see as problematic with the existing whois? and
     (b) What would be their recommendations to be considered as we 
develop a new RDS?

While the remaining list of questions (and questioners) will be worked 
out in advance,
I would suggest that the sequence of questions be re-ordered by Chuck, 
on the fly,
in response to the content of the opening comments by the data 
protection authorities.

my two cents...

Sam L./

On 2/19/2017 6:10 PM, Gomes, Chuck wrote:
>
> Steve,
>
> I hope you will contribute some good questions for the data 
> commissioners in Copenhagen so that we as a WG can assess their input 
> and factor it in as we deliberate.
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org 
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Metalitz, Steven
> *Sent:* Sunday, February 19, 2017 4:41 PM
> *To:* 'theo geurts' <gtheo at xs4all.nl>; nathalie coupet 
> <nathaliecoupet at yahoo.com>; gnso-rds-pdp-wg at icann.org; 
> rrasmussen at infoblox.com
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
>
> Let me offer a +3/4 to the chain below.   The following are my 
> personal views.
>
> I don’ t have any fundamental disagreement with Theo’s take on this.  
> Yes, if we (or the original designers of the current RDS) had ready 
> access to time machines, it would certainly have been designed quite 
> differently.
>
> But over 15-20 years, settled expectations have been built up that 
> contact data for domain name registrants will be available to the 
> public without significant restrictions. People in many fields have 
> come to rely on this as an element that promotes transparency, and 
> thus accountability, for activities on the Internet.  Everyone 
> recognizes that it is a highly flawed tool for advancing this goal, 
> but nonetheless it is a tool many people rely on, and many of them 
> would be very unhappy if an organization like ICANN --- still unknown 
> to the vast majority of Internet users – were somehow to take it away 
> for them.
>
> So if we are to move to a new system that will deprive people 
> (entirely or to a great extent) of this tool, then this needs to be 
> accompanied by some clear explanations of why it is absolutely 
> necessary to do so, and how what will replace it will give members of 
> the general public – not just anti-abuse specialists, law enforcement 
> and yes even intellectual property interests --- at least some part of 
> the transparency they have come to associate with the existing system.
>
> And personally, I don’t think that enactment of the GDPR comes close – 
> by itself – to providing that explanation.  The new regulation does 
> not strike me as a quantum leap beyond the EU data protection 
> framework that has been in place for more than 20 years, almost as 
> long as Whois itself.  Ever since at least 2002 in Shanghai and 2003 
> in Montreal we have been hearing at ICANN about the impending train 
> wreck when Whois collides with the data protection authorities.  Those 
> who have been crying wolf on this issue for more than a decade will 
> have to take that into account in crafting the narrative that will be 
> needed to explain a change of the magnitude we are discussing.
>
> *image001*
>
> *Steven J. Metalitz *|***Partner, through his professional corporation*
>
> T: 202.355.7902 | met at msk.com <mailto:met at msk.com>**
>
> *Mitchell Silberberg & Knupp**LLP*|*www.msk.com <http://www.msk.com/>*
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
> *_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY 
> FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED 
> RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, 
> AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS 
> MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY 
> REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS 
> STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR 
> TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM 
> YOUR SYSTEM. THANK YOU.*
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org 
> <mailto:gnso-rds-pdp-wg-bounces at icann.org> 
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *theo geurts
> *Sent:* Saturday, February 18, 2017 4:24 PM
> *To:* nathalie coupet; gnso-rds-pdp-wg at icann.org 
> <mailto:gnso-rds-pdp-wg at icann.org>; rrasmussen at infoblox.com 
> <mailto:rrasmussen at infoblox.com>
> *Subject:* Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
> Hi Rod, Thanks, Nathalie,
>
> @Rod
> That is good info, and I agree this is something we need to keep in mind
> when we get to that stage, but yes as a WG that should compass us.
>
> And even though we should not get ahead of ourselves, but regarding
> solutions, having front row seats assisting LEA's and Intelligence
> agencies as a Registrar in several high-profile investigations like
> terrorism, IS, bounty kill lists and a lot more, I am pretty sure we as
> a WG can honor the principle that privacy is a human right as laid out
> by the UN, and yet make sure, we have the technical solutions. I think
> creating the technical solutions is the least of our worries. Engineers
> can code a solution for everything; we just need lawyers and privacy
> guidelines to help us out. So perhaps we cannot show you X as it is
> personal data we can show you A and how A is involved in tons of
> criminal activities and map out an entire botnet...
>
>
> Have a good weekend or what is left of it.
>
> Theo
>
>
>
>
>
>
>
>
>
>
> On 18-2-2017 21:44, nathalie coupet via gnso-rds-pdp-wg wrote:
> > I was holding my breath to see what the reaction would be. +2 to Theo!
> >
> > Sent from my iPhone
> >
> >> On Feb 18, 2017, at 2:10 PM, Rod Rasmussen <rrasmussen at infoblox.com 
> <mailto:rrasmussen at infoblox.com>> wrote:
> >>
> >> I cannot PLUS ONE this comment enough - thank you Theo!
> >>
> >> One thing that I would like to point out that we covered in the EWG 
> and I think is one of many keys to solving many of the issues exposed 
> here but is missing from this current debate is the concept that we do 
> not have to come up with a “one size fits all” solution. For example, 
> there are different requirements under privacy law for business 
> entities vs. private individuals, there are different amounts of 
> information people and businesses may want to provide to various 
> parties both publicly and privately, and those of us who deal with 
> abuse and domain reputation can make different decisions on actions 
> (blocking, take-down, LE involvement, etc.) based on what is occurring 
> and what is published in an RDS. Everyone in the ecosystem already 
> does this with the current whois system, but inconsistently, with 
> varying degrees of knowledge, and without formal “rules of the road”. 
> I think it would be helpful for everyone, no matter what your primary 
> issues are to keep this in mind, as it allows you to better conceive 
> solutions to the myriad issues we have to address. Make the system 
> flexible to accommodate different kinds of use cases and desires for 
> “transparency” around domain ownership, contactabilty, and accountability.
> >>
> >> Cheers,
> >>
> >> Rod
> >>
> >>
> >> Rod Rasmussen
> >> VP, Cybersecurity
> >> Infoblox
> >>
> >>> On Feb 17, 2017, at 1:09 PM, theo geurts <gtheo at xs4all.nl 
> <mailto:gtheo at xs4all.nl>> wrote:
> >>>
> >>> Mark,
> >>>
> >>> Thank you for your comment. I think you are nailing the problem 
> here; this is very good IMO.
> >>>
> >>> "and the need to mitigate them does not eliminate the need to have 
> public data."
> >>>
> >>> This is the issue here. That data should have never been public if 
> we look at the EU GDPR and many other data privacy laws around the 
> globe, and this is what causes Registries and Registrars having 
> massive problems regarding complying with the law.
> >>>
> >>> So we with the RDS we are starting from scratch. So and I think 
> this is KEY here, how do we ensure privacy and yet make sure we can 
> still effectively combat abuse.
> >>>
> >>> Speaking personally, I think privacy is very important, and I do 
> not like the fact my personal data is being processed all over the 
> place by shady folks.
> >>> As a Registrar, I find it very important that we should not go 
> backward in fighting abuse. For the simple reason, abuse costs us 
> money, and we should never be in a situation that it becomes harder to 
> battle child porn, or taking down terrorists, or sinkhole botnets.
> >>>
> >>> So what we cannot do is ignore all these privacy laws. That would 
> be insane as we would be piling up in tons of fines here.
> >>> We do not want to reduce effectiveness regarding abuse because 
> that is costing money also. And to be clear here, the registrants will 
> be soaking it all up one way or another.
> >>>
> >>> So my take on this is, we make sure that we move on and address 
> BOTH issues and this is our task as a WG. Our task is to solve these 
> problems as we start from scratch with RDS. We learned our lessons 
> from the current WHOIS, now we need to make sure that we can avoid all 
> these pitfalls within RDS.
> >>>
> >>> Thank you for making it this far.
> >>>
> >>> Have a good weekend,
> >>>
> >>> Theo
> >>> Registrar
> >>>
> >>>
> >> _______________________________________________
> >> gnso-rds-pdp-wg mailing list
> >> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- 
------------------------------------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
  邦有道，贫且贱焉，耻也。邦无道，富且贵焉，耻也
------------------------------------------------
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: Lanfran at Yorku.ca   Skype: slanfranco
blog:  https://samlanfranco.blogspot.com
Phone: +1 613-476-0429 cell: +1 416-816-2852

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170219/34a48d10/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 8304 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170219/34a48d10/attachment-0001.png>