[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards
Chuck
consult at cgomes.com
Thu Feb 15 14:56:36 UTC 2018
Apparently, ICANN org has been interacting with DPAs regarding a possible
interim solution, so maybe we will get some helpful input from those
efforts. Note Stephanie's suggestion that we could submit questions to the
DP experts that participated in our public meeting last year.
Chuck
From: Paul Keating [mailto:Paul at law.es]
Sent: Thursday, February 15, 2018 6:10 AM
To: Chuck <consult at cgomes.com>; 'Volker Greimann'
<vgreimann at key-systems.net>; gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
backwards
Chuck,
That said I really do like the idea of having interaction and participation
by the DPAs and even someone from Article 29 or other GDPR official groups.
Otherwise we continue to work in a vacuum.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org
<mailto:gnso-rds-pdp-wg-bounces at icann.org> > on behalf of Chuck
<consult at cgomes.com <mailto:consult at cgomes.com> >
Date: Thursday, February 15, 2018 at 2:57 PM
To: 'Volker Greimann' <vgreimann at key-systems.net
<mailto:vgreimann at key-systems.net> >, <gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> >
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
backwards
I'd like to think that the ICANN community effort going on outside this WG
will take note of the cybersecurity concerns that Allison raises as they try
to finalize an interim solution to deal with the GDPR in the near term.
Note this quote from Goren's latest blog that ICANN org is trying to find a
balanced approach: "This single, common interim model that is informed by
input from across the ICANN community would seek to obtain compliance with
both the GDPR and ICANN's contractual requirements related to registration
directory services." Here's the blog:
https://www.icann.org/news/blog/data-protection-privacy-update-latest-develo
pments
Chuck
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf
Of Volker Greimann
Sent: Thursday, February 15, 2018 1:02 AM
To: gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
backwards
DPAs are law enforcement and will enforce the law of the land. They do not
have the option to pick and choose after May 25.
Maybe it is time for you and your colleagues to start looking at other
sources of information to ensure you can continue operation efficiently once
your currently chosen method becomes illegal. Remember, you are a data
processor too and what you do with that data could very well paint a target
on your backs that DPS may have to deal with.
Best,
Volker
Am 15.02.2018 um 02:36 schrieb allison nixon:
Hi everyone,
I have already begun to hear unrest from my colleagues who work in infosec
and network operations about the degradation of WHOIS, as registrars have
already begun to act on their own, stripping everything and blocking bulk
queriers on domains frequently used for attacks. Every day of additional
uncertainty equals an additional day of victimization.
Why has no one approached the DPAs with the evidence of security purposes
for WHOIS? How much network degradation will we tolerate before someone
bothers to give them a little hint? How many more judgments from the DPAs
are we going to read that display clear ignorance of all legitimate
cybersecurity purposes? Did no one see this coming?
Since we are talking about cost benefit analysis, here is a quick one I just
did that I would like to share with the group. I did a quick look for the
value of the domain registration industry as a whole. Seems to be ~$4
billion. The losses incurred by the WanaCry malware are estimated to be at
~$8 billion. A single security incident destroying value equal to double
your entire industry.
In May 2017, the FBI stated that over three years the "business email
compromise" scams have topped ~$5 billion in losses, which would be slightly
more than one domain-industry unit of value, and WHOIS is crucial to
fighting it.
source:
https://www.reuters.com/article/us-cyber-lloyds-report/global-cyber-attack-c
ould-spur-53-billion-in-losses-lloyds-of-london-idUSKBN1A20AB
source:
https://cira.ca/factbook/domain-industry-data-and-canadian-Internet-trends/d
omain-name-industry
source:
https://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-thou
sands-top-5-billion-in-losses-globally.html
Remember, the whole point of GDPR is to force companies to act with more
social responsibility.
On Wed, Feb 14, 2018 at 6:08 PM, Rubens Kuhl <rubensk at nic.br
<mailto:rubensk at nic.br> > wrote:
On 14 Feb 2018, at 20:49, John Horton <john.horton at legitscript.com
<mailto:john.horton at legitscript.com> > wrote:
Hmm, well, perhaps it's because I work for a company that processes quite a
bit of data with a combination of algorithms and some human review, but I
feel pretty confident that there are ways to simplify that with magic
algorithms and forms.
Magic algorithms are fine in pattern detection because there is always a
human review at some point or the cost of error is low, like in raising an
abuse case that contains wording like supposedly", "allegedly" etc. In this
case, every false negative comes with a tremendous liability.
Also, if machine-learning technology and deep pockets for lawsuits become a
requirement for being a registrar, you can count on the number of registrars
dropping to single digits.
Rubens
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
_________________________________
Note to self: Pillage BEFORE burning.
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180215/6b97fc36/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list