[gnso-rds-pdp-wg] a suggestion for "purpose in detail"

John Bambenek jcb at bambenekconsulting.com
Wed Mar 22 13:48:31 UTC 2017 

This is exactly my point. This control can be given to consumers for free and it SHOULD be free. That solves almost everything we are talking about.

Sent from my iPhone

On Mar 22, 2017, at 05:30, Ayden Férdeline <icann at ferdeline.com> wrote:

>> If we are driving this by regulatory burden of DP authorities the fact that they will be dramatically less concerned if the consumer has a true choice is highly relevant up front. 
>> 
> 
> If consumers have a “true choice” over how their data is used — that is, a genuine choice, obtained through a very clear and specific statement of consent, with granular consent obtained for distinct processing operations, along with ongoing control over how their data is used, including the right to revoke previously granted consent — that would be one thing. There would still be questions to be answered around the over-collection of data, cross-jurisdictional transfers, etc. But if granting ‘consent’ becomes a precondition of using a service, it is inherently unfair and not a “true choice”. You don’t need to be a Data Protection Commissioner to see that. If you are doing things with my personal data that I don’t understand or want, or you make it difficult for me to control how my own data is used or shared, you are eroding my trust in your organisation.
> 
> Best wishes,
> 
> Ayden Férdeline
> linkedin.com/in/ferdeline
> 
> 
>> -------- Original Message --------
>> Subject: Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"
>> Local Time: 22 March 2017 3:42 AM
>> UTC Time: 22 March 2017 03:42
>> From: gnso-rds-pdp-wg at icann.org
>> To: Andrew Sullivan <ajs at anvilwalrusden.com>
>> gnso-rds-pdp-wg at icann.org
>> 
>> Inline
>> 
>> Sent from my iPhone
>> 
>> > On Mar 21, 2017, at 22:31, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>> > 
>> >> On Tue, Mar 21, 2017 at 09:16:45PM -0500, John Bambenek wrote:
>> >> 
>> >> I guess I am speaking of masking in a broad sense. What do we allow the consumer to mask and on what terms. 
>> > 
>> > Right. I thought that answering that question was part of our job.
>> 
>> I agree. I postulated one possible answer. 
>> > 
>> >> I would disagree on they being separate issues. No matter what
>> >> technology is created, some things will have to be fully public and
>> >> some things are subject to debate here.
>> > 
>> > What to collect and what can be disclosed are obviously _related_
>> > issues, but they are separable and I think usefully separated here.
>> > We'll never get anywhere unless we break these things into manageable
>> > chunks.
>> > 
>> If we are driving this by regulatory burden of DP authorities the fact that they will be dramatically less concerned if the consumer has a true choice is highly relevant up front. 
>> 
>> 
>> >> For instance, if we don't make authoritative nameservers fully public without gates, we break the internet. I don't mean that as hyperbole, I mean no internet except for the savants who can us IP addresses for everything. 
>> >> 
>> > 
>> > I don't think anyone has been arguing that nameservers ought to be
>> > private data, and they clearly need to be collected in order to feed
>> > the DNS in order to make it work. But that particular example isn't
>> > really an interesting one, is it? Indeed, as I think my lengthy email
>> > demonstrated, I find it pretty hard to suggest that any "thin" data is
>> > private; it all certainly needs to be collected to make the system
>> > work at all. The same arguments are obviously harder to make for
>> > people's names and addresses, so there's more to do in that case.
>> 
>> It was an example to prove the point. 
>> > 
>> >>>> To enable third-parties to communicate directly to resolve and troubleshoot problems. 
>> >>> 
>> >>> I suggest that's already there.
>> >> 
>> >> Not in what I saw in the poll. 
>> > 
>> > We discussed this bit at some length last week, and my sense of the
>> > room was that everyone agreed that is a purpose.
>> 
>> Not every stakeholder has an unlimited travel budget to hop on a plane for these events. I had a baby last week. We are doing this by email because global consensus cant be solely a function of who is in a room at one specific event. 
>> > 
>> >> But I am not a fair target. I work in investigations and intelligence. So you can send me an email from say citibankcreditcards.com and I'll check the address in whois to compare to a corp registry, or known good domains. I imagine the brand protection investigators could chime in here on their thoughts too. 
>> >> 
>> > 
>> > I think what you're saying is that you use the whois data as one
>> > piece of input to heuristics that allow you to develop a view about
>> > the legitimacy of the domain name. I thought your original wording
>> > was a little too positivist about the value of the data, but if it's
>> > instead input to some heuristic mechanism I withdraw that objection. 
>> > 
>> >> X.509 certs are more maliciously pointless.
>> > 
>> > I'm certainly not going to attempt to argue that the PKI has worked as
>> > intended. But in terms of an ordinary user's ability to do anything
>> > with information, they're what people really use. (Yes, to their
>> > peril.)
>> 
>> Fair point. Probably it was an aside to my contempt of the ssl mafia anyway. Let's encrypt is the only honest broker there. 
>> > 
>> >> I'd be interested in why you say that? How isn't the domain registration regime a commons? Does ICANN not contractually require certain behaviors of various parties?
>> >> 
>> > 
>> > I think that's rather off topic here, but if you want I'll follow up
>> > off-list.
>> 
>> Please do. 
>> > 
>> > A
>> > 
>> > -- 
>> > Andrew Sullivan
>> > ajs at anvilwalrusden.com
>> > _______________________________________________
>> > gnso-rds-pdp-wg mailing list
>> > gnso-rds-pdp-wg at icann.org
>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> 
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170322/1cfa4e3f/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list