[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

Chuck consult at cgomes.com
Wed Oct 4 18:50:36 UTC 2017 

Maxim,

 

As I have already shared, I am not sure it matters whether private security work is a primary or secondary purpose.  Either way, it is a purpose that we have already accepted for the minimum public data set and I don’t think there is anything in the WSGR memo that prevents us from accepting it as a purpose for disclosing personal data for other data elements as long as we consider it to be legitimate. Whether other elements should be completely public is another question.

 

Chuck

 

From: Maxim Alzoba [mailto:m.alzoba at gmail.com] 
Sent: Wednesday, October 04, 2017 7:06 AM
To: Chuck' Gomes <consult at cgomes.com>
Cc: allison nixon <elsakoo at gmail.com>; Jeremy Malcolm <jmalcolm at eff.org>; gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

 

Hello Chuck, 

 

Reading the memo I came to the conclusion that all cyber investigating companies, which do not have accreditation of sorts of at least one EU country 

are pure third parties and police exemptions from personal data legislation will not work for them.

 

(it was page 9)

 

Following this logic, they play no special role according to GDPR and thus I am not sure we can make it a primary purpose (or at least I am not sure it will be accepted by EU DPAs).

 

P.s: I do understand importance of anti-abuse cyber investigations, but not sure how to fit their special role into purposes, compliant with GDPR.

And which might be worse, local Law Enforcement do not fit either (if they are not from EU or there is no special treaty between EU and that country). 

 

Sincerely Yours,

Maxim Alzoba
Special projects manager,
International Relations Department,
FAITID

m. +7 916 6761580(+whatsapp)

skype oldfrogger

 

Current UTC offset: +3.00 (.Moscow)

 

On Oct 4, 2017, at 16:08, Chuck <consult at cgomes.com <mailto:consult at cgomes.com> > wrote:

 

Note that the WG has already reached rough consensus that anti-abuse is a legitimate purpose for at least the minimum public data set.  (WG Agreement 11:  “Criminal Investigation & DNS Abuse Mitigation is a legitimate purpose for “Minimum Public Data Set” collection.”

 

Chuck

 

From:  <mailto:gnso-rds-pdp-wg-bounces at icann.org> gnso-rds-pdp-wg-bounces at icann.org [ <mailto:gnso-rds-pdp-wg-bounces at icann.org> mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of allison nixon
Sent: Tuesday, October 03, 2017 2:57 PM
To: Jeremy Malcolm < <mailto:jmalcolm at eff.org> jmalcolm at eff.org>
Cc:  <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org >>  <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org < <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

 

Thank you for the clarification. I still disagree with it but it makes more sense. 

 

I would like to highlight the ICANN webpage on WHOIS:

 

 <https://whois.icann.org/en/what-whois-data-used> https://whois.icann.org/en/what-whois-data-used

 

What is WHOIS data used for?

WHOIS is indispensable to the smooth operation of the DNS and is used for many legitimate purposes, including:

*	To contact network administrators for resolution of technical matters related to networks associated with a domain name (e.g., DNS or routing matter, origin and path analysis of DoS and other network-based attacks).
*	To obtain the real world identity, business location and contact information of an online merchant or business, or generally, any organization that has an online presence.
*	To establish or look into an identity in cyberspace, and as part of an incident response following an Internet or computer attack. (Security professionals and law enforcement agents use WHOIS to identify points of contact for a domain name.)
*	To gather investigative leads (i.e., to identify parties from whom additional information might be obtained). Law enforcement agents use WHOIS to find email addresses and attempt to identify the location of an alleged perpetrator of a crime involving fraud.
*	To investigate spam, law enforcement agents look to the WHOIS database to collect information on the website advertised in the spam.

Those and others are currently listed on ICANN's website as uses for WHOIS data. To reject anti-abuse as a purpose would be to shift away from the currently accepted purposes of WHOIS. 

 

 

 

 

 

 

 

 

 

 

On Tue, Oct 3, 2017 at 5:41 PM, Jeremy Malcolm < <mailto:jmalcolm at eff.org> jmalcolm at eff.org> wrote:

On 3/10/17 2:31 pm, John Bambenek via gnso-rds-pdp-wg wrote:
>
> To confirm and clarify your meaning... you don't think there should be
> a WHOIS/RDS and the only means to contact a domain owner should be on
> their website. Is that correct?
>

No, we are fine with registrants making some information available
through WHOIS/RDS subject to data protection law (eg. informed consent,
etc).  But we don't think that a starting point for the design of the
RDS has to take the requirements of anti-abuse specialists or reputation
systems as an essential element.


--
Jeremy Malcolm
Senior Global Policy Analyst
Electronic Frontier Foundation
 <https://eff.org/> https://eff.org
 <mailto:jmalcolm at eff.org> jmalcolm at eff.org

Tel:  <tel:415.436.9333%20ext%20161> 415.436.9333 ext 161

:: Defending Your Rights in the Digital World ::

Public key:  <https://www.eff.org/files/2016/11/27/key_jmalcolm.txt> https://www.eff.org/files/2016/11/27/key_jmalcolm.txt
PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122







_______________________________________________
gnso-rds-pdp-wg mailing list
 <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
 <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg





 

-- 

_________________________________
Note to self: Pillage BEFORE burning.

_______________________________________________
gnso-rds-pdp-wg mailing list
 <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
 <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171004/964e6224/attachment.html>

More information about the gnso-rds-pdp-wg mailing list