[gnso-rds-pdp-wg] List topics for this week

[Dotzero]

Apologies to Greg and the group as the discussion is currently supposed to
be about "thin" or "public" data but the current discussion just seems to
refuse to go away.

Rob has asserted that he should have the right to control his data as a
private individual and that having any registrant information published in
whois or a replacement for whois is a violation of his rights as a private
individual registering gTLDs. Let's examine these assertions a bit.

The first question is whether Rob is acting as a private individual. I
would assert not. He is registering domains as part of a fairly large scale
commercial activity. One only need go to the astutium.com website to see
the commercial activity involved.

If we look at the astutium.com domain registration information pulled from
the ICANN whois site (https://whois.icann.org/en/lookup?name=astutium.com)
we find the following:

Contact Information
Registrant Contact
Name: Domain Admin
Organization:
Mailing Address: 1st Floor, London London EC2R 8JR GB
Phone: +44.8712776875
Ext:
Fax: +44.8712776875
Fax Ext:
Email:domain.admin at astutium.com
Admin Contact
Name: Domain Admin
Organization:
Mailing Address: 1st Floor, London London EC2R 8JR GB
Phone: +44.8712776875
Ext:
Fax: +44.8712776875
Fax Ext:
Email:domain.admin at astutium.com
Tech Contact
Name: Domain Admin
Organization:
Mailing Address: 1st Floor, London London EC2R 8JR GB
Phone: +44.8712776875
Ext:
Fax: +44.8712776875
Fax Ext:
Email:domain.admin at astutium.com

Is anyone going to assert that his personal and private information has
been disclosed in the above registration information?

I would also point out that apart from website hosting and other services
offered, he/his company is acting as a registrar. Rob is also using whois
as a mechanism for advertising additional services provided by his company
(Again, pulled from the ICANN whois website):

"Now Available - VPS and Cloud Servers from http://www.astutium.com"


I'd also like to point out the terms of use that Rob asserts applies to
whois provided by astutium.com:

TERMS OF USE: You are not authorised to access or query our WHOIS
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in Astutium Limited's ("Astutium")
WHOIS database is provided by Astutium for information purposes only, and
to assist persons in obtaining information about or related to a domain
name registration record. Astutium does not guarantee its accuracy. By
submitting a WHOIS query, you agree to abide by the following terms of
use: You agree that you may use this Data only for lawful purposes and
that under no circumstances will you use this Data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via e-mail, telephone, or facsimile; or (2)
enable high volume, automated, electronic processes that apply to Astutium
(or its computer systems). The compilation, repackaging, dissemination or
other use of this Data is expressly prohibited without the prior written
consent of Astutium. You agree not to use electronic processes that are
automated and high-volume to access or query the WHOIS database except as
reasonably necessary to register domain names or modify existing
registrations. Astutium reserves the right to restrict your access to the
WHOIS database in its sole discretion to ensure operational stability.
Astutium may restrict or terminate your access to the WHOIS database for
failure to abide by these terms of use. Astutium reserves the right to
modify these terms at any time.

Lastly, I would point out that Rob, on his commercial website, puts
his personal
information out there for the world to see on this page by posting his
name, title
and a link to his LinkedIn page:
https://www.astutium.com/company/about-astutium.php

To summarize, while Rob is making assertions in this group about his
personal privacy and the
importance of not allowing whois, or it's replacement,  to infringe on
that privacy, his ongoing practices

as both an individual and as a commercial enterprise show the following:

1) That as a knowledgeable individual and business person he has shown
that one can complete a

domain registration without







On Thu, Jun 15, 2017 at 7:39 AM, Rob Golding <rob.golding at astutium.com>
wrote:

> Hi
>
> There's a huge difference between domains and telephone numbers
>>
>
> The type of directory is irrelevant to my rights to control my data
>
> I don't think an article dated from 2000 brings relevant points.
>>
>
> That we've still not brought policy or technology upto almost 20 year old
> legislation just shows how unfit for purpose WHOIS has become
>
> Much of that is because enforcement of existing legislation has been lax,
> but the Snowden issue, repealling on the Data Retention Directive,
> scrapping of Safe-Harbour and a need to toughen up both the rules and the
> enforcement are what's led to the GDPR, which is now in force, and next
> year will be actively enforced.
>
> Multi-million $ fines rather than slap-on-wrists with 20k fines might
> start to change attitudes a bit as the penalties have been inflation
> adjusted, and now the data-subject is also entitled to compensation for the
> unauthorised use of their data - so there will be an "incentive" to start
> sueing people
>
> The local supermarket will pay me £44 (appx $60) for my postal address [
> in vouchers, discounts, freebies etc ] - that 's the "value" of my data to
> one user - if there was suitable recompense to registrants & registrars &
> registries for access to whois data , I'm sure there would be less
> objection to the system !
>
>
>
> -Social norms regarding handling spam have drastically shifted in the
>> past decades
>>
>
> Spam is just one of the numerous (ab)uses of the data. I imagine very few
> people have "consented" to spam, even if it was listed as a "proposed
> legitimate use" for which they could actively consent.
>
> If you don't choose to disclose
>> your information in whois, then no one has a right to it
>>
>
> Whether I choose to be listed in a directory (which I dont _really_ have
> much choice over as a registrant of numerous gtlds) or not doesn't change
> that it's *MY* data, nor that most of the (tld dependant) "privacy" options
> now available are relatively new (whois has been there for 30 years)
>
> If you do
>> disclose, knowing full well that whois is public, you shouldn't be
>> surprised at the results.
>>
>
> And therein lies what I think is the mindset problem, the "results" are
> (legally) ONLY what I give explicit permission for it to be used for, any
> other use is not permitted, and I have the right to revoke that permission,
> free of charge (to me) at any stage.
>
> The entitlements you listed(control over sharing, how data is used), on
>> the Internet in
>> 2017, are wholly unenforceable for anything publicly available.
>>
>
> Google pay thousands of times as much as ICANN to lawyers and yet they
> lost over the "right to be forgotten" issue under the older and much laxer
> legislation - so we'll see what is "enforceable"
>
> If we want to talk about ways to prevent abuse of whois data, first of
>> all, the "reverse lookup" and "historical" directories in their
>> current state are unlikely to be involved in abuse at all-
>>
>
> The directories themselves would constitute an "abuse" - in the main
> they've breached both law and contract to obtain that data
>
> Maybe we need a definition of what "public" means ?
>
> Rob
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170615/f49489c4/attachment.html>