[gnso-rds-pdp-wg] gnso-rds-pdp-wg at icann.org

[Stephanie Perrin]

"ICANN has no power independent of the agreement of everyone
to use the ICANN policies for the IANA DNS root.  Ask MySpace or the
authors of Gopher whether there are any permanent favourites on the
Internet."

Actually, ICANN has a monopoly over who is an accredited registrar for 
the gTLDs.  With respect to the contracts between registries and 
registrars, I would argue that the community has historically had very 
little opportunity to influence those contracts, with the exception of 
the IPC who got their requirements in to the DOC prior to the 
establishment of ICANN. At the moment we are expending a great deal of 
our valuable time designing the public interface that contains the data 
we deem acceptable to share.  Inherent in the concept of tiered access, 
which some ccTLDS already employ, and which the DPAs have already said 
(in documents in our repository which clearly some of us need to reread) 
is the concept of discrimination....you need to identify who you are and 
why you want the data to get more access, possibly untraced access (to 
enable investigations etc) and bulk data.  I do understand that there is 
no "centre" there, but I certainly think that ICANN has influence over 
who gets access to the next tier of data. Let me repeat for greater 
clarity: I am not talking about thin data.

I have taken the time to plough through the Interpol data protection 
handbook.  Some may recall that Caroline Goemans, the Data Protection 
Officer for Interpol came to Copenhagen.   I hesitate to even mention 
their handbook because folks will choose to believe that I want the 
Interpol rules for data sharing to apply to those tireless fighters who 
report abuse, across the globe...so let me immediately say relax, I am 
not suggesting this.  However, a mini version of how trusted parties 
share data needs, in my view, to be developed. I was just accused of 
suggesting something that is "impractical in the developed world, and 
deeply chauvinistic, patronizing and exclusionary to our colleagues in 
emerging nations where capacity building is exactly what’s needed to 
deal with next-gen abuse."  Frankly, it should be admissible to suggest 
that we need a system that is slightly more organized and less open to 
anti-competitive behaviour than the club-of-folks-who-know-each-other 
under which we are operating now.  It is precisely because we are global 
and a lot of the criminal behaviour emanates from countries where nobody 
has any mlats or has signed and implemented the Budapest Convention that 
I would suggest we should think about some kind of accreditation for 
access to data. Otherwise, registrars who surrender personal data of 
their registrants are likely in violation of more law than mere data 
protection law.  [for non-english speakers, the use of the word "mere" 
was intended to be ironic"].

Cheers Stephanie