[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

Greg Shatan gregshatanipc at gmail.com
Wed Oct 4 14:42:17 UTC 2017 

In response to Maxim's remarks, I don't think we need to define primary or
secondary purpose by considering the "third party's" relationship to the
EU.  What we need to do is come to a worldwide and generic determination as
to the purposes of RDS.

Greg Shatan

On Wed, Oct 4, 2017 at 10:06 AM, allison nixon <elsakoo at gmail.com> wrote:

> >>Allison – I have one clarifying question for you: Do you support keeping
> personal information public in jurisdictions where that would be illegal?
> I assume not and, if I am correct in assuming that, then I think that we
> need to focus on how to deal with that.  Your suggestions for informed
> consent could help in that regard.
>
> What a complicated question. First, obviously, I don't support breaking
> the law, but laws in different countries are going to conflict, so we ARE
> going to contractually obligate someone to break the law somewhere.
>
> Second, it's still not clear that this breaks the law. As has been said
> time and time again, data collection is not legal but only if there is no
> worthy purpose behind it. When the data protection commissioners, and
> outside counsel were both asked about WHOIS, they were not supplied with
> any of the many many worthy purposes that were discussed on this list, and
> no realistic conversation was actually had about the anti-abuse use of
> WHOIS. This is why I objected so much to the re-use of those questions.
> Apparently others asked to give input in the questions asked of outside
> counsel and they were not given the opportunity to either.
>
> Third, a number of people on this list who want nothing more than to
> remove WHOIS entirely have declared it illegal, but from the overall
> patterns on this list, it appears that many making that argument are happy
> to ignore and misinterpret facts and even basic English sentences so long
> as it allows them to declare that removing WHOIS is what needs to be done.
> So their legal opinions are highly suspect, and I do not believe they are
> the actual legal opinions of the EU regulators.
>
> Fourth, I know a number of exemptions exist within the GDPR that allows
> companies to retain data to protect themselves, and for national security,
> criminal investigations, public safety, etc. Despite WHOIS fulfilling a
> critical role in all of those issues, this has never been seriously
> discussed here, and certainly wouldn't have been acknowledged by the people
> who only use their legal knowledge to find reasons to declare WHOIS
> illegal. I don't know how ICANN can seek or obtain an exemption, but I'm
> hoping someone with legal knowledge and less bias could illuminate this. If
> an exemption can be issued, many legal concerns become moot.
>
>
>
> and re: Paul Keating's email:
>
> >> Is there a purpose that could support the public display of PID such
> that consent could be requested and provided?
>
> I don't know what PID stands for
>
>
>
>
>
>
> On Wed, Oct 4, 2017 at 8:45 AM, Chuck <consult at cgomes.com> wrote:
>
>> I have similar views to Allison’s with regard to primary versus secondary
>> purposes.  It is not at all clear to me that it matters.  One of the
>> clarifying questions we have asked WSGR relates to this.  I hope they will
>> respond because I think it would help us as we deliberate further on users
>> and purposes.
>>
>>
>>
>> Allison – I have one clarifying question for you: Do you support keeping
>> personal information public in jurisdictions where that would be illegal?
>> I assume not and, if I am correct in assuming that, then I think that we
>> need to focus on how to deal with that.  Your suggestions for informed
>> consent could help in that regard.
>>
>>
>>
>> Chuck
>>
>>
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounce
>> s at icann.org] *On Behalf Of *allison nixon
>> *Sent:* Tuesday, October 03, 2017 3:32 PM
>> *To:* Jeremy Malcolm <jmalcolm at eff.org>
>> *Cc:* gnso-rds-pdp-wg at icann.org >> gnso-rds-pdp-wg at icann.org <
>> gnso-rds-pdp-wg at icann.org>
>> *Subject:* Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to
>> have (was Re: What we want redux)
>>
>>
>>
>> Thank you for the additional clarification Jeremy as I think I understand
>> youall's position better. Those of us from the anti-abuse side are pretty
>> happy with the imperfect, redacted, and fake info we currently have access
>> to. We aren't interested in coercing reluctant people into disclosing
>> things they don't want to. We want to keep the available information
>> public, not gated, for the same reasons why you described a "vetting"
>> process as prone to problems. We don't want the collected information
>> reduced, and we are very adamant about this. We agree on informed consent
>> and really anything that can help people keep themselves safer online.
>>
>>
>>
>> The distinction between "primary" and "secondary" purpose seems less
>> important to me since no one here is seriously pushing for an expansion of
>> collected information. We just don't want it reduced to uselessness which
>> is what this group is still in danger of doing, since this working group
>> has for the most part treated anti-abuse as completely irrelevant. I am
>> fine with anti-abuse being listed as a secondary purpose. So long as it is
>> listed as a purpose.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Oct 3, 2017 at 6:04 PM, Jeremy Malcolm <jmalcolm at eff.org> wrote:
>>
>> On 3/10/17 2:56 pm, allison nixon wrote:
>> > Those and others are currently listed on ICANN's website as uses for
>> > WHOIS data. To reject anti-abuse as a purpose would be to shift away
>> > from the currently accepted purposes of WHOIS.
>>
>> I'm arguing that it's a secondary purpose, not the primary purpose.  A
>> secondary purpose is a purpose for which information, that was gathered
>> for a primary purpose, can also legitimately be used.  So for ICANN to
>> call these uses of WHOIS data "legitimate" does not imply for purposes
>> of data protection law that they are the primary purpose for collection
>> of that data.
>>
>> The distinction is that if anti-abuse is a primary purpose, we would be
>> collecting a lot more information than if it is a secondary purpose.  (I
>> accept you're not arguing for the collection of additional information,
>> but my opposition to anti-abuse as a primary purpose is to counter such
>> arguments.)
>>
>>
>> --
>> Jeremy Malcolm
>> Senior Global Policy Analyst
>> Electronic Frontier Foundation
>> https://eff.org
>> jmalcolm at eff.org
>>
>> Tel: 415.436.9333 ext 161
>>
>> :: Defending Your Rights in the Digital World ::
>>
>> Public key: https://www.eff.org/files/2016/11/27/key_jmalcolm.txt
>> PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122
>>
>>
>>
>>
>>
>> --
>>
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171004/7a05b176/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list