[gnso-rds-pdp-wg] Dangers of public whois
Sam Lanfranco
sam at lanfranco.net
Sun Feb 19 23:27:44 UTC 2017
/Chuck, Steve, et. al.,/
/As I understand it the purpose of this meeting is to understand their
views from their context, and not to engage them on our views.
/
/Given the long history of both whois and the data protection
authorities, might we first simple ask them:
(a) What do they see as problematic with the existing whois? and
(b) What would be their recommendations to be considered as we
develop a new RDS?
While the remaining list of questions (and questioners) will be worked
out in advance,
I would suggest that the sequence of questions be re-ordered by Chuck,
on the fly,
in response to the content of the opening comments by the data
protection authorities.
my two cents...
Sam L./
On 2/19/2017 6:10 PM, Gomes, Chuck wrote:
>
> Steve,
>
> I hope you will contribute some good questions for the data
> commissioners in Copenhagen so that we as a WG can assess their input
> and factor it in as we deliberate.
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Metalitz, Steven
> *Sent:* Sunday, February 19, 2017 4:41 PM
> *To:* 'theo geurts' <gtheo at xs4all.nl>; nathalie coupet
> <nathaliecoupet at yahoo.com>; gnso-rds-pdp-wg at icann.org;
> rrasmussen at infoblox.com
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
>
> Let me offer a +3/4 to the chain below. The following are my
> personal views.
>
> I don’ t have any fundamental disagreement with Theo’s take on this.
> Yes, if we (or the original designers of the current RDS) had ready
> access to time machines, it would certainly have been designed quite
> differently.
>
> But over 15-20 years, settled expectations have been built up that
> contact data for domain name registrants will be available to the
> public without significant restrictions. People in many fields have
> come to rely on this as an element that promotes transparency, and
> thus accountability, for activities on the Internet. Everyone
> recognizes that it is a highly flawed tool for advancing this goal,
> but nonetheless it is a tool many people rely on, and many of them
> would be very unhappy if an organization like ICANN --- still unknown
> to the vast majority of Internet users – were somehow to take it away
> for them.
>
> So if we are to move to a new system that will deprive people
> (entirely or to a great extent) of this tool, then this needs to be
> accompanied by some clear explanations of why it is absolutely
> necessary to do so, and how what will replace it will give members of
> the general public – not just anti-abuse specialists, law enforcement
> and yes even intellectual property interests --- at least some part of
> the transparency they have come to associate with the existing system.
>
> And personally, I don’t think that enactment of the GDPR comes close –
> by itself – to providing that explanation. The new regulation does
> not strike me as a quantum leap beyond the EU data protection
> framework that has been in place for more than 20 years, almost as
> long as Whois itself. Ever since at least 2002 in Shanghai and 2003
> in Montreal we have been hearing at ICANN about the impending train
> wreck when Whois collides with the data protection authorities. Those
> who have been crying wolf on this issue for more than a decade will
> have to take that into account in crafting the narrative that will be
> needed to explain a change of the magnitude we are discussing.
>
> *image001*
>
> *Steven J. Metalitz *|***Partner, through his professional corporation*
>
> T: 202.355.7902 | met at msk.com <mailto:met at msk.com>**
>
> *Mitchell Silberberg & Knupp**LLP*|*www.msk.com <http://www.msk.com/>*
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
> *_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY
> FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED
> RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION,
> AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS
> MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY
> REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS
> STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR
> TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM
> YOUR SYSTEM. THANK YOU.*
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *theo geurts
> *Sent:* Saturday, February 18, 2017 4:24 PM
> *To:* nathalie coupet; gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>; rrasmussen at infoblox.com
> <mailto:rrasmussen at infoblox.com>
> *Subject:* Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
> Hi Rod, Thanks, Nathalie,
>
> @Rod
> That is good info, and I agree this is something we need to keep in mind
> when we get to that stage, but yes as a WG that should compass us.
>
> And even though we should not get ahead of ourselves, but regarding
> solutions, having front row seats assisting LEA's and Intelligence
> agencies as a Registrar in several high-profile investigations like
> terrorism, IS, bounty kill lists and a lot more, I am pretty sure we as
> a WG can honor the principle that privacy is a human right as laid out
> by the UN, and yet make sure, we have the technical solutions. I think
> creating the technical solutions is the least of our worries. Engineers
> can code a solution for everything; we just need lawyers and privacy
> guidelines to help us out. So perhaps we cannot show you X as it is
> personal data we can show you A and how A is involved in tons of
> criminal activities and map out an entire botnet...
>
>
> Have a good weekend or what is left of it.
>
> Theo
>
>
>
>
>
>
>
>
>
>
> On 18-2-2017 21:44, nathalie coupet via gnso-rds-pdp-wg wrote:
> > I was holding my breath to see what the reaction would be. +2 to Theo!
> >
> > Sent from my iPhone
> >
> >> On Feb 18, 2017, at 2:10 PM, Rod Rasmussen <rrasmussen at infoblox.com
> <mailto:rrasmussen at infoblox.com>> wrote:
> >>
> >> I cannot PLUS ONE this comment enough - thank you Theo!
> >>
> >> One thing that I would like to point out that we covered in the EWG
> and I think is one of many keys to solving many of the issues exposed
> here but is missing from this current debate is the concept that we do
> not have to come up with a “one size fits all” solution. For example,
> there are different requirements under privacy law for business
> entities vs. private individuals, there are different amounts of
> information people and businesses may want to provide to various
> parties both publicly and privately, and those of us who deal with
> abuse and domain reputation can make different decisions on actions
> (blocking, take-down, LE involvement, etc.) based on what is occurring
> and what is published in an RDS. Everyone in the ecosystem already
> does this with the current whois system, but inconsistently, with
> varying degrees of knowledge, and without formal “rules of the road”.
> I think it would be helpful for everyone, no matter what your primary
> issues are to keep this in mind, as it allows you to better conceive
> solutions to the myriad issues we have to address. Make the system
> flexible to accommodate different kinds of use cases and desires for
> “transparency” around domain ownership, contactabilty, and accountability.
> >>
> >> Cheers,
> >>
> >> Rod
> >>
> >>
> >> Rod Rasmussen
> >> VP, Cybersecurity
> >> Infoblox
> >>
> >>> On Feb 17, 2017, at 1:09 PM, theo geurts <gtheo at xs4all.nl
> <mailto:gtheo at xs4all.nl>> wrote:
> >>>
> >>> Mark,
> >>>
> >>> Thank you for your comment. I think you are nailing the problem
> here; this is very good IMO.
> >>>
> >>> "and the need to mitigate them does not eliminate the need to have
> public data."
> >>>
> >>> This is the issue here. That data should have never been public if
> we look at the EU GDPR and many other data privacy laws around the
> globe, and this is what causes Registries and Registrars having
> massive problems regarding complying with the law.
> >>>
> >>> So we with the RDS we are starting from scratch. So and I think
> this is KEY here, how do we ensure privacy and yet make sure we can
> still effectively combat abuse.
> >>>
> >>> Speaking personally, I think privacy is very important, and I do
> not like the fact my personal data is being processed all over the
> place by shady folks.
> >>> As a Registrar, I find it very important that we should not go
> backward in fighting abuse. For the simple reason, abuse costs us
> money, and we should never be in a situation that it becomes harder to
> battle child porn, or taking down terrorists, or sinkhole botnets.
> >>>
> >>> So what we cannot do is ignore all these privacy laws. That would
> be insane as we would be piling up in tons of fines here.
> >>> We do not want to reduce effectiveness regarding abuse because
> that is costing money also. And to be clear here, the registrants will
> be soaking it all up one way or another.
> >>>
> >>> So my take on this is, we make sure that we move on and address
> BOTH issues and this is our task as a WG. Our task is to solve these
> problems as we start from scratch with RDS. We learned our lessons
> from the current WHOIS, now we need to make sure that we can avoid all
> these pitfalls within RDS.
> >>>
> >>> Thank you for making it this far.
> >>>
> >>> Have a good weekend,
> >>>
> >>> Theo
> >>> Registrar
> >>>
> >>>
> >> _______________________________________________
> >> gnso-rds-pdp-wg mailing list
> >> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
------------------------------------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
------------------------------------------------
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: Lanfran at Yorku.ca Skype: slanfranco
blog: https://samlanfranco.blogspot.com
Phone: +1 613-476-0429 cell: +1 416-816-2852
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170219/34a48d10/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 8304 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170219/34a48d10/attachment-0001.png>
More information about the gnso-rds-pdp-wg
mailing list