[gnso-rds-pdp-wg] another document that might be of interest
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Sun Oct 22 20:02:21 UTC 2017
"We aren’t there yet because the DPAs are only starting to hear from
us." If by us you mean the current members of the anti-cybercrime
community represented in the current RDS group, fine. If you mean the
multi-stakeholder community represented at ICANN (in which there have
always been members of the anti-cybercrime community), I would suggest
that this is not the case.
I would add to David's response that the data protection supervisors
have been in discussions with the non-commercial users constituency
since the birth of ICANN. Rodota (the first Italian DPA, and second
chair of the Article 29 group) wrote about ICANN and WHOIS in 1998.
The Berlin group (of data commissioners) posted their common position on
WHOIS in 2000, the common position of the Article 29 group was in 2003.
Buttarelli, then 2IC in Rome, came to the 2004 meeting (he referred to
this in his remarks in Copenhagen). The NCUC has been in regular
contact with them....I speak without saying "we" here because I was the
one that spoke at the privacy workshop in Vancouver, when I was Director
of Policy at the Canadian DPA.....and it was Kathy Kleiman of the NCUC
who invited the Commissioner, as I recall. [The task was relegated to
me because it was thought that I could better answer the questions,
having crafted the first CIRA policy when I was working in the private
sector.]
Please John, read some of the back history. This is a very long
struggle over privacy in WHOIS, and the data commissioners are certainly
not hearing about this for the first time. Most of the DPAs who signed
the original documents have retired and are now working together,
loosely at a couple of think tanks. The cybercrime-fighting argument
has always been extremely effectively represented in the debate by ICANN
technical staff, the US Commerce department, and various other members
of the security and technical community. The DPAs are very aware of
that aspect of the discussion.
Stephanie Perrin
On 2017-10-22 15:33, David Cake wrote:
>
>> On 22 Oct 2017, at 9:38 pm, John Bambenek <jcb at bambenekconsulting.com
>> <mailto:jcb at bambenekconsulting.com>> wrote:
>>
>> I would argue that their views are uninformed on other points of view
>> or other changes that could be made that would satisfy their
>> objectives which is similar but has important differences. So I
>> disagree we are at the point we are violating EU law.
>
> Lets just say that two law firms with significant GDPR experience have
> now commented, and you seem to disagree with both, and the DPAs.
>
>>
>> EU DPAs may never change their mind. I’ll just get US law changed so
>> that US entities offering domains have to list ownership information
>> which means most if not all of the gTLDs I care about if not ICANN also.
>
> I think it would be for the best if the working group, and you,
> proceeded with current law until you have succeeded in getting US law
> changed. Please let us know when you have achieved that.
>
>
>> We aren’t there yet because the DPAs are only starting to hear from
>> us. Until now these discussions were populated by ICANN and
>> registrars/registries who want whois to go away anyway.
>
> The idea that ICANN wants whois to go away does not accord with
> observed behaviour.
>>
>> This solitary focus on EU law presupposes that people believe that of
>> the laws of the ~200 countries in the world, it is EU law that should
>> be the controlling force of internet governance. Is that what you are
>> saying?
>
> Privacy law in most of the world tends to follow the EU, and it is
> likely that if we designed a system that functioned under EU law it
> would work under the law of the vast majority of the world, Until you
> get US law changed, So you’d better get onto that.
>
> David
>
>>
>> --
>> John Bambenek
>>
>> On Oct 22, 2017, at 01:13, David Cake <dave at davecake.net
>> <mailto:dave at davecake.net>> wrote:
>>
>>> John, if that is you acknowledging that the current advice from DPAs
>>> (and legal advice) does not concur with the position the abuse and
>>> security community (or at least, the part of it that you represent)
>>> that is at least a step forward.
>>>
>>> You may be significantly more optimistic about the chances of the
>>> DPAs changing their position in response to hearing your concerns
>>> than others are. If you could, perhaps, set out some future
>>> circumstances under which you might might acknowledge that this
>>> effort had failed and we could proceed to move discussion forward
>>> under the basis of current EU law rather than a possible future in
>>> which you are able to change it to suit your preferences, that would
>>> be helpful.
>>>
>>> Davud
>>>
>>>
>>>> On 21 Oct 2017, at 8:41 am, John Bambenek via gnso-rds-pdp-wg
>>>> <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>>>>
>>>> Not the last few items discussed, no. That said I have been
>>>> traveling from the past few weeks and need to read them side by
>>>> side for a definitive synthesis. That aside, my primary concern is
>>>> that said officials are not hearing enough from the anti-abuse and
>>>> security community on these tools to have a more fully informed
>>>> discussion. We are working to rectify that.
>>>>
>>>> Sent from my iPad
>>>>
>>>> On Oct 21, 2017, at 2:35 AM, Ayden Férdeline <icann at ferdeline.com
>>>> <mailto:icann at ferdeline.com>> wrote:
>>>>
>>>>> My apologies, John. It was not clear to me that you had read the
>>>>> memo. I am glad to hear that you have. Particularly in relation to
>>>>> consent, I thought the advice that the memo contained (along with
>>>>> the Hamilton memo) was consistent with the advice that we received
>>>>> from the European Data Protection Commissioners earlier this year.
>>>>> Would you agree?
>>>>>
>>>>> —Ayden
>>>>>
>>>>>
>>>>>> -------- Original Message --------
>>>>>> Subject: Re: [gnso-rds-pdp-wg] another document that might be of
>>>>>> interest
>>>>>> Local Time: 21 October 2017 1:27 AM
>>>>>> UTC Time: 21 October 2017 00:27
>>>>>> From: jcb at bambenekconsulting.com <mailto:jcb at bambenekconsulting.com>
>>>>>> To: Ayden Férdeline <icann at ferdeline.com
>>>>>> <mailto:icann at ferdeline.com>>
>>>>>> Victoria Sheckler <vsheckler at riaa.com
>>>>>> <mailto:vsheckler at riaa.com>>, GNSO RDS PDP
>>>>>> <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>
>>>>>> Yes, I believe I pointed out on this very list that among other
>>>>>> things, the notion the EU law should reign supreme globally even
>>>>>> when it conflicts with local laws as patently offensive, among
>>>>>> other things.
>>>>>>
>>>>>> Is there a particular outcome that you are trying to achieve by
>>>>>> insinuating that I am ignorant and not reading the mounds of
>>>>>> paperwork generated by this group? I mean besides the continual,
>>>>>> consistent, and vigorous disrespect shown to those who work in
>>>>>> anti-abuse or security?
>>>>>>
>>>>>> And if you’d like an analysis of the legal memo it is this: it is
>>>>>> always better to take the word of the regulators over merely that
>>>>>> of some lawfirm. Which is what I thought we were actually talking
>>>>>> about in the first place.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> John Bambenek
>>>>>>
>>>>>> On Oct 20, 2017, at 19:10, Ayden Férdeline <icann at ferdeline.com
>>>>>> <mailto:icann at ferdeline.com>> wrote:
>>>>>>> John,
>>>>>>>
>>>>>>> Have you read the legal memo that we received from Wilson
>>>>>>> Sonsini Goodrich & Rosati?
>>>>>>>
>>>>>>> It states on page 14, "asking for consent would not be simple,
>>>>>>> would not solve all data protection issues, and would pose a
>>>>>>> number of organizational challenges."
>>>>>>>
>>>>>>> The rationale behind this statement is contained within the memo.
>>>>>>>
>>>>>>> —Ayden
>>>>>>>
>>>>>>>
>>>>>>>> -------- Original Message --------
>>>>>>>> Subject: Re: [gnso-rds-pdp-wg] another document that might be
>>>>>>>> of interest
>>>>>>>> Local Time: 21 October 2017 1:06 AM
>>>>>>>> UTC Time: 21 October 2017 00:06
>>>>>>>> From: jcb at bambenekconsulting.com
>>>>>>>> <mailto:jcb at bambenekconsulting.com>
>>>>>>>> To: Ayden Férdeline <icann at ferdeline.com
>>>>>>>> <mailto:icann at ferdeline.com>>
>>>>>>>> Victoria Sheckler <vsheckler at riaa.com
>>>>>>>> <mailto:vsheckler at riaa.com>>, GNSO RDS PDP
>>>>>>>> <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>>>
>>>>>>>> So, in short, if we create a consent system, we are fine.
>>>>>>>>
>>>>>>>> Am I missing something?
>>>>>>>>
>>>>>>>> --
>>>>>>>> John Bambenek
>>>>>>>>
>>>>>>>> On Oct 20, 2017, at 17:31, Ayden Férdeline <icann at ferdeline.com
>>>>>>>> <mailto:icann at ferdeline.com>> wrote:
>>>>>>>>> I would like to flag two extracts from this Regulation that
>>>>>>>>> may be relevant to our work:
>>>>>>>>>
>>>>>>>>> * "The Registry should also comply with the relevant data
>>>>>>>>> protection rules, principles, guidelines and best
>>>>>>>>> practices, notably concerning the amount and type of data
>>>>>>>>> displayed in the WHOIS database." (page 3)
>>>>>>>>> * "The WHOIS database shall contain information about the
>>>>>>>>> holder of a domain name that is relevant and not excessive
>>>>>>>>> in relation to the purpose of the database. In as far as
>>>>>>>>> the information is not strictly necessary in relation to
>>>>>>>>> the purpose of the database, and *if the domain name
>>>>>>>>> holder is a natural person, the information that is to be
>>>>>>>>> made publicly available shall be subject to the
>>>>>>>>> unambiguous consent of the domain name holder*." (page 10
>>>>>>>>> - emphasis added)
>>>>>>>>>
>>>>>>>>> Thank you,
>>>>>>>>>
>>>>>>>>> Ayden Férdeline
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -------- Original Message --------
>>>>>>>>>> Subject: [gnso-rds-pdp-wg] another document that might be of
>>>>>>>>>> interest
>>>>>>>>>> Local Time: 20 October 2017 10:47 PM
>>>>>>>>>> UTC Time: 20 October 2017 21:47
>>>>>>>>>> From: vsheckler at riaa.com <mailto:vsheckler at riaa.com>
>>>>>>>>>> To: GNSO RDS PDP <gnso-rds-pdp-wg at icann.org
>>>>>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I think we missed this document when we were reviewing
>>>>>>>>>> documents for this WG back in the day, and thought some of
>>>>>>>>>> you might find it of interest given our current discussions
>>>>>>>>>> on GDPR
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> COMMISSION REGULATION (EC) No 874/2004 of 28 April 2004
>>>>>>>>>> laying down public policy rules concerning the implementation
>>>>>>>>>> and functions of the .eu Top Level Domain and the principles
>>>>>>>>>> governing registration, available at
>>>>>>>>>> http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2004R0874:20051011:EN:PDF
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>>>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171022/d41847bc/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list