[gnso-rds-pdp-wg] Dangers of public whois
Sam Lanfranco
sam at lanfranco.net
Mon Feb 20 01:59:12 UTC 2017
/Chuck, //
/
/I am in complete agreement here with regard to your personal hopes
about this session. //
//It is for us to hear from them with regard to their concerns, and
hopefully some with regard to our questions.//
//If my statement of hopes look to be at cross purposes to that, I
clearly failed to make my comments clear enough./
/Sam /
On 2/19/2017 7:52 PM, Gomes, Chuck wrote:
>
> Sam,
>
> Although I provided some input regarding the public session to Peter
> and Stephanie in the early stages of planning, I do not have any
> direct influence over the planning for the cross community session.
>
> My personal hope was that the cross community session panel would be
> mainly data protection commissioners so that we can take full
> advantage of having them with us in-person and so that the community
> and especially the RDS PDP WG could ask clarifying questions. Here
> are some of my reasons in no particular order:
>
> ·90 minutes is not very much time for a subject like this.
>
> ·It may be unlikely that we will have another opportunity in the near
> future where we can talk with European Data Commissioners in person.
>
> ·The WG is deliberating on Data Protection now.
>
> ·A cross community session is not the venue for deliberation; the WG
> is tasked with that.
>
> ·It will be easy for us to get experts from law enforcement, IP
> holders, etc. in the near future (and we will).
>
> ·My goal would be to improve our understanding of the European Data
> Protection requirements as much as possible, not to make any decisions
> though; we cannot fully deliberate until we have looked at all sides
> of the issues.
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Sam Lanfranco
> *Sent:* Sunday, February 19, 2017 6:28 PM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
>
> /Chuck, Steve, et. al.,/
>
> /As I understand it the purpose of this meeting is to understand their
> views from their context, and not to engage them on our views. /
>
> /Given the long history of both whois and the data protection
> authorities, might we first simple ask them:
> (a) What do they see as problematic with the existing whois? and
> (b) What would be their recommendations to be considered as we
> develop a new RDS?
>
> While the remaining list of questions (and questioners) will be worked
> out in advance,
> I would suggest that the sequence of questions be re-ordered by Chuck,
> on the fly,
> in response to the content of the opening comments by the data
> protection authorities.
>
> my two cents...
>
> Sam L./
>
> On 2/19/2017 6:10 PM, Gomes, Chuck wrote:
>
> Steve,
>
> I hope you will contribute some good questions for the data
> commissioners in Copenhagen so that we as a WG can assess their
> input and factor it in as we deliberate.
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>[mailto:gnso-rds-pdp-wg-bounces at icann.org]
> *On Behalf Of *Metalitz, Steven
> *Sent:* Sunday, February 19, 2017 4:41 PM
> *To:* 'theo geurts' <gtheo at xs4all.nl> <mailto:gtheo at xs4all.nl>;
> nathalie coupet <nathaliecoupet at yahoo.com>
> <mailto:nathaliecoupet at yahoo.com>; gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>; rrasmussen at infoblox.com
> <mailto:rrasmussen at infoblox.com>
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
>
> Let me offer a +3/4 to the chain below. The following are my
> personal views.
>
> I don’ t have any fundamental disagreement with Theo’s take on
> this. Yes, if we (or the original designers of the current RDS)
> had ready access to time machines, it would certainly have been
> designed quite differently.
>
> But over 15-20 years, settled expectations have been built up that
> contact data for domain name registrants will be available to the
> public without significant restrictions. People in many fields
> have come to rely on this as an element that promotes
> transparency, and thus accountability, for activities on the
> Internet. Everyone recognizes that it is a highly flawed tool for
> advancing this goal, but nonetheless it is a tool many people rely
> on, and many of them would be very unhappy if an organization like
> ICANN --- still unknown to the vast majority of Internet users –
> were somehow to take it away for them.
>
> So if we are to move to a new system that will deprive people
> (entirely or to a great extent) of this tool, then this needs to
> be accompanied by some clear explanations of why it is absolutely
> necessary to do so, and how what will replace it will give members
> of the general public – not just anti-abuse specialists, law
> enforcement and yes even intellectual property interests --- at
> least some part of the transparency they have come to associate
> with the existing system.
>
> And personally, I don’t think that enactment of the GDPR comes
> close – by itself – to providing that explanation. The new
> regulation does not strike me as a quantum leap beyond the EU data
> protection framework that has been in place for more than 20
> years, almost as long as Whois itself. Ever since at least 2002 in
> Shanghai and 2003 in Montreal we have been hearing at ICANN about
> the impending train wreck when Whois collides with the data
> protection authorities. Those who have been crying wolf on this
> issue for more than a decade will have to take that into account
> in crafting the narrative that will be needed to explain a change
> of the magnitude we are discussing.
>
> *image001*
>
> *Steven J. Metalitz *|** *Partner, through his professional
> corporation*
>
> T: 202.355.7902 | met at msk.com <mailto:met at msk.com>
>
> *Mitchell Silberberg & Knupp**LLP*|*www.msk.com* <http://www.msk.com/>
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
> *_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED
> ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED
> RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT
> COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE
> READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE
> HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR
> COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US
> IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL
> MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>[mailto:gnso-rds-pdp-wg-bounces at icann.org]
> *On Behalf Of *theo geurts
> *Sent:* Saturday, February 18, 2017 4:24 PM
> *To:* nathalie coupet; gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>; rrasmussen at infoblox.com
> <mailto:rrasmussen at infoblox.com>
> *Subject:* Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
> Hi Rod, Thanks, Nathalie,
>
> @Rod
> That is good info, and I agree this is something we need to keep
> in mind
> when we get to that stage, but yes as a WG that should compass us.
>
> And even though we should not get ahead of ourselves, but regarding
> solutions, having front row seats assisting LEA's and Intelligence
> agencies as a Registrar in several high-profile investigations like
> terrorism, IS, bounty kill lists and a lot more, I am pretty sure
> we as
> a WG can honor the principle that privacy is a human right as laid
> out
> by the UN, and yet make sure, we have the technical solutions. I
> think
> creating the technical solutions is the least of our worries.
> Engineers
> can code a solution for everything; we just need lawyers and privacy
> guidelines to help us out. So perhaps we cannot show you X as it is
> personal data we can show you A and how A is involved in tons of
> criminal activities and map out an entire botnet...
>
>
> Have a good weekend or what is left of it.
>
> Theo
>
>
>
>
>
>
>
>
>
>
> On 18-2-2017 21:44, nathalie coupet via gnso-rds-pdp-wg wrote:
> > I was holding my breath to see what the reaction would be. +2 to
> Theo!
> >
> > Sent from my iPhone
> >
> >> On Feb 18, 2017, at 2:10 PM, Rod Rasmussen
> <rrasmussen at infoblox.com <mailto:rrasmussen at infoblox.com>> wrote:
> >>
> >> I cannot PLUS ONE this comment enough - thank you Theo!
> >>
> >> One thing that I would like to point out that we covered in the
> EWG and I think is one of many keys to solving many of the issues
> exposed here but is missing from this current debate is the
> concept that we do not have to come up with a “one size fits all”
> solution. For example, there are different requirements under
> privacy law for business entities vs. private individuals, there
> are different amounts of information people and businesses may
> want to provide to various parties both publicly and privately,
> and those of us who deal with abuse and domain reputation can make
> different decisions on actions (blocking, take-down, LE
> involvement, etc.) based on what is occurring and what is
> published in an RDS. Everyone in the ecosystem already does this
> with the current whois system, but inconsistently, with varying
> degrees of knowledge, and without formal “rules of the road”. I
> think it would be helpful for everyone, no matter what your
> primary issues are to keep this in mind, as it allows you to
> better conceive solutions to the myriad issues we have to address.
> Make the system flexible to accommodate different kinds of use
> cases and desires for “transparency” around domain ownership,
> contactabilty, and accountability.
> >>
> >> Cheers,
> >>
> >> Rod
> >>
> >>
> >> Rod Rasmussen
> >> VP, Cybersecurity
> >> Infoblox
> >>
> >>> On Feb 17, 2017, at 1:09 PM, theo geurts <gtheo at xs4all.nl
> <mailto:gtheo at xs4all.nl>> wrote:
> >>>
> >>> Mark,
> >>>
> >>> Thank you for your comment. I think you are nailing the
> problem here; this is very good IMO.
> >>>
> >>> "and the need to mitigate them does not eliminate the need to
> have public data."
> >>>
> >>> This is the issue here. That data should have never been
> public if we look at the EU GDPR and many other data privacy laws
> around the globe, and this is what causes Registries and
> Registrars having massive problems regarding complying with the law.
> >>>
> >>> So we with the RDS we are starting from scratch. So and I
> think this is KEY here, how do we ensure privacy and yet make sure
> we can still effectively combat abuse.
> >>>
> >>> Speaking personally, I think privacy is very important, and I
> do not like the fact my personal data is being processed all over
> the place by shady folks.
> >>> As a Registrar, I find it very important that we should not go
> backward in fighting abuse. For the simple reason, abuse costs us
> money, and we should never be in a situation that it becomes
> harder to battle child porn, or taking down terrorists, or
> sinkhole botnets.
> >>>
> >>> So what we cannot do is ignore all these privacy laws. That
> would be insane as we would be piling up in tons of fines here.
> >>> We do not want to reduce effectiveness regarding abuse because
> that is costing money also. And to be clear here, the registrants
> will be soaking it all up one way or another.
> >>>
> >>> So my take on this is, we make sure that we move on and
> address BOTH issues and this is our task as a WG. Our task is to
> solve these problems as we start from scratch with RDS. We learned
> our lessons from the current WHOIS, now we need to make sure that
> we can avoid all these pitfalls within RDS.
> >>>
> >>> Thank you for making it this far.
> >>>
> >>> Have a good weekend,
> >>>
> >>> Theo
> >>> Registrar
> >>>
> >>>
> >> _______________________________________________
> >> gnso-rds-pdp-wg mailing list
> >> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> --
> ------------------------------------------------
> "It is a disgrace to be rich and honoured
> in an unjust state" -Confucius
> 邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
> ------------------------------------------------
> Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
> Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
> email:Lanfran at Yorku.ca <mailto:Lanfran at Yorku.ca> Skype: slanfranco
> blog:https://samlanfranco.blogspot.com
> Phone: +1 613-476-0429 cell: +1 416-816-2852
--
------------------------------------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
------------------------------------------------
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: Lanfran at Yorku.ca Skype: slanfranco
blog: https://samlanfranco.blogspot.com
Phone: +1 613-476-0429 cell: +1 416-816-2852
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170219/997a3208/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 8304 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170219/997a3208/attachment-0001.png>
More information about the gnso-rds-pdp-wg
mailing list