[gnso-rds-pdp-wg] "access to whois" vs supporting a service (was Re: a suggestion for "purpose in detail")

John Bambenek jcb at bambenekconsulting.com
Thu Mar 23 17:35:51 UTC 2017 

I am setting up an INGO for the purpose. I am happy to work with whomever but considering the hostility for registrars I am not sure the GAC will be viable for me. I am friends with many congressmen and several DP authorities in the US are former students of mine so I already have access in the US. I will need to do footwork for other countries but that shouldn't be a heavy lift. 

Sent from my iPhone

> On Mar 23, 2017, at 12:11, nathalie coupet <nathaliecoupet at yahoo.com> wrote:
> 
> Hi John, 
> 
> I also think this is the way to go. There is clearly a big chunk of legislation missing: the area of conflict resolution of local laws and the Internet. I don't think this WG can make legislation (who are we to do so?), give advice to governments and working directly with governments is the best approach. Would you be working with the GAC on this issue?
> 
>  
> Nathalie 
> 
> 
> On Thursday, March 23, 2017 1:02 PM, John Bambenek <jcb at bambenekconsulting.com> wrote:
> 
> 
> Take on is a strong way of putting it. Public policy is about balancing of interests. DP authorities know that. So I intend to use my expertise to show them the best way to solve the problem. 
> 
> I don't expect the entire WG to fall in line. I intend to work with governments directly on that. 
> 
> Sent from my iPhone
> 
>> On Mar 23, 2017, at 11:47, nathalie coupet via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:
>> 
>> I must say I am overwhelmed by the scope of this task. Can this WG really take on governments and challenge their practices? 
>> If so, I think I'll need a drink first. (Not really). 
>>  
>> Nathalie 
>> 
>> 
>> On Thursday, March 23, 2017 12:21 PM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>> 
>> 
>> Hi,
>> 
>> On Thu, Mar 23, 2017 at 09:08:59AM -0400, allison nixon wrote:
>> > The problems have nothing to do with your code, unless your code somehow
>> > simulates the cost of bureaucratic overhead of a bunch of
>> > already-overworked FBI agents "certifying" tens of thousands of people
>> > across the country who just want to get back to work.
>> 
>> I would encourage you to read Scott's messages on this a little more
>> carefully, because I don't think that he's claiming he is covering
>> those costs.  What he is doing is demonstrating that the technology
>> for different groups of people to be authenticated by various
>> providers is available, already widely deployed in other parts of the
>> Internet, and applicable to this case.  That technology was heretofore
>> unavailable for RDS the way it was for other things, because the
>> historic RDS relies on the ancient whois protocol -- a protocol
>> designed for a world where it was literally possible to get a list, on
>> paper, of every single person who was connected to the Internet.
>> (Some people in this effort have reported to me that they still have
>> old copies lying around.)
>> 
>> If your argument is instead, "But we don't have to pay the overhead of
>> authentiction and authorization today, so it should remain that way
>> forever," then I think you are going to have to do a better job
>> arguing for that position.  Because to me it is plainly absurd.  The
>> world has changed partly because the Internet has changed a great
>> deal.  Indeed, the very fact that the Internet can be instrumental in
>> fraud in ways that it certainly could not have been instrumental in
>> 1982 (when RFC 812 was published) suggests to me that appropriate
>> authorization and authentication protocols around the RDS ought to
>> have been embraced -- by law enforcement and others -- quite a long
>> time ago.  We ought to be ashamed it has taken us this long, when even
>> Google is concerned about leaking this kind of data.
>> 
>> > Also how will the need for historical whois be fulfilled?
>> 
>> This is in part an excellent question because it is not plain that all
>> "historical whois" services are actually ok under existing policy.
>> But of course, this WG is in a position to specify retention periods
>> about data as part of the collection policies that we were working on.
>> RDAP could easily work to provide a picture of something at some time
>> in the past, assuming that the data is available.  Whether the data
>> ought to be is a different question, and one we should discuss rather
>> than assume.  There is a cost to be paid for collecting, keeping, and
>> ensuring appropriate authorization in the disclosure of data.  The
>> existing practices externalize some of those costs onto the
>> individuals whose data is being collected.  I recognize that it might
>> not be convenient to have those costs borne by the people who want
>> access, but one of the things markets are good at is allocating
>> resources according to how much value something brings.  Perhaps if
>> people had to endure the costs of their desire for access to the data,
>> they would do a better job evaluating the balance of costs versus
>> benefits.
>> 
>> > Also, this gated access reminds me of how we treat personal data in the
>> > United States.
>> 
>> Speaking as a reluctant citizen of the US, I am sorry to say that US
>> personal data protection is no sort of standard worth emulating.  I
>> believe it is only a matter of time before the legal system catches up
>> with the frankly negligent handling of personal data in the US, and
>> that the costs of insurance and liability will get to the point where
>> corporations will get better at it.
>> 
>> Even the USG has had major breaches of its databases.  In my opinion,
>> those breaches were made easier because the USG it collects too much,
>> saves too much, and handles that collected stuff in a way that is too
>> convenient to those who like to have all the data hanging around in
>> the service of the security state.  Peter Wayner's _Translucent
>> Databases_ provides an excellent discussion of the general issues, and
>> is not too long; it came out in 2002 and was hardly at the cutting
>> edge of these discussions even then.  I am not sure why the ICANN
>> community has taken 15 years to get with the program, but I think this
>> WG needs to find a way to do so.
>> 
>> 
>> Best regards,
>> 
>> A
>> 
>> -- 
>> Andrew Sullivan
>> ajs at anvilwalrusden.com
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> 
>> 
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170323/b78f2595/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list