[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards
Paul Keating
Paul at law.es
Thu Feb 15 16:24:32 UTC 2018
Seriously, more personal data is collected by smart TVs and your mobile
phone!!
Lets get back on topic please.
From: Volker Greimann <vgreimann at key-systems.net>
Date: Thursday, February 15, 2018 at 4:56 PM
To: Paul Keating <paul at law.es>, Chuck <consult at cgomes.com>,
<gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
backwards
>
>
>
> I imagine you would. Anyone who needs big data for their job does. And that is
> not necessarily a bad thing as big data can be used for wonderful things.
>
>
>
> Unless it conflicts with the personal rights of those you are collecting data
> on. Because they also do not like their data being available for anyone to
> see, forever.
>
>
>
> Volker
>
>
>
> Am 15.02.2018 um 16:47 schrieb Paul Keating:
>
>
>>
>> Paraphrasing a person I know.
>>
>>
>>
>>
>> The more data input the better as long as it is carefully considered.
>>
>>
>>
>>
>> I do NOT like the idea of relying on ICANN to receive input provided via
>> their interacting with a third party. I would prefer to obtain the
>> unfiltered data.
>>
>>
>>
>>
>> Paul
>>
>>
>>
>>
>> From: Chuck <consult at cgomes.com> on behalf of Chuck <consult at cgomes.com>
>> Date: Thursday, February 15, 2018 at 3:56 PM
>> To: Paul Keating <paul at law.es>, 'Volker Greimann'
>> <vgreimann at key-systems.net>, <gnso-rds-pdp-wg at icann.org>
>> Subject: RE: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
>> backwards
>>
>>
>>
>>
>>
>>>
>>>
>>>
>>>
>>>
>>> Apparently, ICANN org has been interacting with DPAs regarding a possible
>>> interim solution, so maybe we will get some helpful input from those
>>> efforts. Note Stephanie¹s suggestion that we could submit questions to the
>>> DP experts that participated in our public meeting last year.
>>>
>>>
>>>
>>> Chuck
>>>
>>>
>>>
>>>
>>>
>>>
>>> From: Paul Keating [mailto:Paul at law.es]
>>> Sent: Thursday, February 15, 2018 6:10 AM
>>> To: Chuck <consult at cgomes.com>; 'Volker Greimann'
>>> <vgreimann at key-systems.net>; gnso-rds-pdp-wg at icann.org
>>> Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
>>> backwards
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Chuck,
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> That said I really do like the idea of having interaction and participation
>>> by the DPAs and even someone from Article 29 or other GDPR official groups.
>>> Otherwise we continue to work in a vacuum.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Chuck
>>> <consult at cgomes.com>
>>> Date: Thursday, February 15, 2018 at 2:57 PM
>>> To: 'Volker Greimann' <vgreimann at key-systems.net>,
>>> <gnso-rds-pdp-wg at icann.org>
>>> Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
>>> backwards
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>> I¹d like to think that the ICANN community effort going on outside this WG
>>>> will take note of the cybersecurity concerns that Allison raises as they
>>>> try to finalize an interim solution to deal with the GDPR in the near term.
>>>> Note this quote from Goren¹s latest blog that ICANN org is trying to find a
>>>> balanced approach: ³This single, common interim model that is informed by
>>>> input from across the ICANN community would seek to obtain compliance with
>>>> both the GDPR and ICANN's contractual requirements related to registration
>>>> directory services.² Here¹s the blog:
>>>> https://www.icann.org/news/blog/data-protection-privacy-update-latest-devel
>>>> opments
>>>>
>>>>
>>>>
>>>> Chuck
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf
>>>> Of Volker Greimann
>>>> Sent: Thursday, February 15, 2018 1:02 AM
>>>> To: gnso-rds-pdp-wg at icann.org
>>>> Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
>>>> backwards
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> DPAs are law enforcement and will enforce the law of the land. They do not
>>>> have the option to pick and choose after May 25.
>>>>
>>>>
>>>> Maybe it is time for you and your colleagues to start looking at other
>>>> sources of information to ensure you can continue operation efficiently
>>>> once your currently chosen method becomes illegal. Remember, you are a data
>>>> processor too and what you do with that data could very well paint a target
>>>> on your backs that DPS may have to deal with.
>>>>
>>>>
>>>> Best,
>>>>
>>>>
>>>> Volker
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Am 15.02.2018 um 02:36 schrieb allison nixon:
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>> Hi everyone,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I have already begun to hear unrest from my colleagues who work in infosec
>>>>> and network operations about the degradation of WHOIS, as registrars have
>>>>> already begun to act on their own, stripping everything and blocking bulk
>>>>> queriers on domains frequently used for attacks. Every day of additional
>>>>> uncertainty equals an additional day of victimization.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Why has no one approached the DPAs with the evidence of security purposes
>>>>> for WHOIS? How much network degradation will we tolerate before someone
>>>>> bothers to give them a little hint? How many more judgments from the DPAs
>>>>> are we going to read that display clear ignorance of all legitimate
>>>>> cybersecurity purposes? Did no one see this coming?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Since we are talking about cost benefit analysis, here is a quick one I
>>>>> just did that I would like to share with the group. I did a quick look for
>>>>> the value of the domain registration industry as a whole. Seems to be ~$4
>>>>> billion. The losses incurred by the WanaCry malware are estimated to be at
>>>>> ~$8 billion. A single security incident destroying value equal to double
>>>>> your entire industry.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> In May 2017, the FBI stated that over three years the "business email
>>>>> compromise" scams have topped ~$5 billion in losses, which would be
>>>>> slightly more than one domain-industry unit of value, and WHOIS is crucial
>>>>> to fighting it.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> source:
>>>>> https://www.reuters.com/article/us-cyber-lloyds-report/global-cyber-attack
>>>>> -could-spur-53-billion-in-losses-lloyds-of-london-idUSKBN1A20AB
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> source:
>>>>> https://cira.ca/factbook/domain-industry-data-and-canadian-Internet-trends
>>>>> /domain-name-industry
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> source:
>>>>> https://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-th
>>>>> ousands-top-5-billion-in-losses-globally.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Remember, the whole point of GDPR is to force companies to act with more
>>>>> social responsibility.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Feb 14, 2018 at 6:08 PM, Rubens Kuhl <rubensk at nic.br> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 14 Feb 2018, at 20:49, John Horton <john.horton at legitscript.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hmm, well, perhaps it's because I work for a company that processes
>>>>>>> quite a bit of data with a combination of algorithms and some human
>>>>>>> review, but I feel pretty confident that there are ways to simplify that
>>>>>>> with magic algorithms and forms.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Magic algorithms are fine in pattern detection because there is always a
>>>>>> human review at some point or the cost of error is low, like in raising
>>>>>> an abuse case that contains wording like supposedly", "allegedly" etc. In
>>>>>> this case, every false negative comes with a tremendous liability.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Also, if machine-learning technology and deep pockets for lawsuits become
>>>>>> a requirement for being a registrar, you can count on the number of
>>>>>> registrars dropping to single digits.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Rubens
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> gnso-rds-pdp-wg mailing list
>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>> _________________________________
>>>>> Note to self: Pillage BEFORE burning.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> gnso-rds-pdp-wg mailing list
>>>>>
>>>>> gnso-rds-pdp-wg at icann.org
>>>>>
>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________ gnso-rds-pdp-wg mailing
>>>> list gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>
>>>
>>>
>>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180215/4d679878/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list