[gnso-rds-pdp-wg] FW: IMPORTANT

jonathan matkowsky jonathan.matkowsky at riskiq.net
Sat Oct 14 04:16:34 UTC 2017 

Thanks- i have to think more about the point you explained regarding the
government perspective, and followed all the other feedback, with one
exception: The Privacy Directove is not law in Europe? I didn’t hear that
from anyone clearly, just that the regulation amending it is subject to
intense debate. And we know that the eprivacy directive is supposed to be
consistent with GDPR as GDPR doesn’t supersede it. So if eprivacy directive
is law, and has an exception for public databases, then we may need to
address this to interpret the applicable law correctly.

On Fri, Oct 13, 2017 at 3:52 PM Chuck <consult at cgomes.com> wrote:

> Jonathan,
>
>
>
> Please see my responses below.
>
>
>
> Chuck
>
>
>
> *From:* jonathan matkowsky [mailto:jonathan.matkowsky at riskiq.net]
> *Sent:* Friday, October 13, 2017 5:51 AM
> *To:* Chuck <consult at cgomes.com>; gnso-rds-pdp-wg at icann.org
>
>
> *Subject:* Re: [gnso-rds-pdp-wg] FW: IMPORTANT
>
>
>
> Chuck, I don’t understand how anyone can share government perspective, and
> not represent a group in doing so.
>
> *[Chuck Gomes] I don’t understand what you are saying. Why would someone
> have to represent a group to be able to share a government perspective?  If
> they have experience working with a government or governments or the GAC,
> they could have an understanding of how some governments might respond.  It
> is important to understand that individuals including employees of a
> government organization can rarely ever speak for their government; we have
> heard over and over again in the GAC that GAC reps cannot speak for their
> governments in policy work.  That understood, it is still helpful if they
> can share their own personal understanding of what they think is a
> government’s perspective.  We just have to be careful never to conclude
> that it the government’s official view or the GAC’s view.  At the same
> time, having individual’s views has the potential of helping us avoid
> pitfalls later in the process when the GAC gets involved and hopefully
> developing policy that may be less concerning to the GAC or at least
> showing that we tried to consider their perspectives. *
>
>
>
> I wanted to know whether leadership team has decided to conduct a DPIA,
> and if so, whether you are using the UK’s guide. I would think while it
> makes sense to be looking at the purposes of collection, what is primary
> and secondary cannot be the focus because that presupposes knowing who the
> controller is. We have not yet decided that as a working group. The memo
> did not necessarily take into account the role of offering accreditation
> services and ICANN’s mission.
>
> *[Chuck Gomes] The leadership team has NOT decided to conduct a DPIA nor
> would it be the place of the leadership team to pursue that without
> involving the WG. If the WG decided to initiate a DPIA, the leadership team
> would support what the WG wanted as possible.*
>
>
>
> But it appears whether it’s primary or secondary doesn’t matter for
> purposes of defining purposes of collecting each data element.
>
> *[Chuck Gomes] I agree with you on this point and I believe that WSGR
> confirmed that, especially in their last clarification on this issue.*
>
>
>
> We are not defining the purposes of collecting Whois data but the data
> elements of the next generation of Whois. That’s what I meant the other day
> regarding RDS.
>
> *[Chuck Gomes] It seems to me that we will have to define the purposes of
> collecting Whois/RDS data in addition to deciding what data elements are
> included in that data.*
>
>
>
> To do that, we are not limited to the data elements that currently exist
> as when we go through this exercise to fulfill ICANN’s mission from ICANN’s
> perspective including all those involved in cybersecurity, or to offer
> accredited registration services. The primary purpose of accredited
> services is to fulfill the mission, and to provide that staple of a service
> to those that register names with an accredited registrar. It seems we need
> to carefully consider not only Spec 3 to the 2013 RAA but also Paragraph 14
> to the 2017 global amendment to the registry agreement which says unique
> DNS records may be supportable in the RDS if RDAP supports it. We therefore
> need to know what RDAP can support, and at the very least need to consider
> all elements from RFC 7485. This is not a simple exercise, and will take
> **significant** time.
>
> *[Chuck Gomes] What do you mean by accredited registration services?  Do
> you mean registration services accredited by ICANN for registries and
> registrar to perform?  You are correct that we are not limited to currently
> collected data elements or to the current RAA.  We have several well
> qualified members who know what RDAP supports; if we make any
> recommendations that require RDAP upgrades we would need to take that into
> consideration and if we believe the recommendations are warranted, we would
> need to seek support from the technical community in that regard. *
>
>
>
> As we undertake this, we must know from WS law firm what role the public
> directory service plays in the Privacy Directive, as I understand it is not
> superseded by GDPR, and Whois is a public directory. This is critical
> analysis we are possibly missing. Can you ask them to address this ASAP
> please?
>
> *[Chuck Gomes] We cannot ask WSGR new questions and there is a limit to
> how many clarifications we can expect from them.  I suspect that the funds
> in the agreement we had with them are used up.  We can of course seek
> additional funding but I am not convinced we are ready for that yet.  I am
> sure we will need additional expert advice in the future.  As others have
> pointed out, the Privacy Directive is not law.*
>
>
>
> Thanks
>
> Jonathan
>
>
>
> On Wed, Oct 11, 2017 at 11:35 AM Chuck <consult at cgomes.com> wrote:
>
> We have 34 volunteers at present; it would help a lot if we could get a
> lot more so that teams will not have to cover more than one of the nine
> purposes.
>
>
>
> Thanks much to the 34 of you who have volunteered.  I hope many more will
> complete the poll and volunteer in the remaining 6 or so hours of the poll.
>
>
>
> We are particularly low for the government perspective.  Remember, team
> members are not being asked to represent any group but rather to share
> their understanding of the perspective.
>
>
>
> Chuck
>
>
>
> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:
> gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Lisa Phifer
> *Sent:* Tuesday, October 10, 2017 10:19 AM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 10
> October Meeting
> *Importance:* High
>
>
>
> Dear all,
>
>
>
> In follow-up to this week’s WG meeting, *all RDS PDP WG Members* are
> encouraged to participate in the following poll:
>
>
>
> https://www.surveymonkey.com/r/5LXJRF3
>
>
>
> Responses should be submitted through the above URL. For offline
> reference, a PDF of poll questions can also be found at:
>
>
>
>
> https://community.icann.org/download/attachments/66086772/Poll-from-10OctoberCall.pdf
>
>
>
> *This poll will close at COB Wednesday 11 October.  Expressions of
> interest gathered through this poll will be used form drafting teams.*
>
>
>
> Please note that you *must be a WG Member* to participate in polls. If
> you are a WG Observer wishing to participate in polls, you must first
> contact gnso-secs at icann.org to upgrade to WG Member.
>
>
>
> Regards,
>
> Lisa
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> --
>
> Jonathan Matkowsky
>
>
> *******************************************************************
> This message was sent from RiskIQ, and is intended only for the designated
> recipient(s). It may contain confidential or proprietary information and
> may be subject to confidentiality protections. If you are not a designated
> recipient, you may not review, copy or distribute this message. If you
> receive this in error, please notify the sender by reply e-mail and delete
> this message. Thank you.
>
> *******************************************************************
>
-- 
Jonathan Matkowsky

-- 
*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated 
recipient(s). It may contain confidential or proprietary information and 
may be subject to confidentiality protections. If you are not a designated 
recipient, you may not review, copy or distribute this message. If you 
receive this in error, please notify the sender by reply e-mail and delete 
this message. Thank you.

*******************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171014/c8232a0b/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list