[gnso-rds-pdp-wg] Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Dotzero dotzero at gmail.com
Fri Feb 16 08:37:28 UTC 2018 

Oh yeah, ICANN didn't exist either. Perhaps you are suggesting we ditch
ICANN.

Michael Hammer

On Fri, Feb 16, 2018 at 3:36 AM, Dotzero <dotzero at gmail.com> wrote:

> Ayden,
>
> If original scope and intent are the metric we are using, I'll point out
> that today's Internet is well beyond the original scope and intent. Were
> you around for NSF and AUP? HTTP/HTTPS protocol didn't exist. Perhaps we
> should all go back to using gopher.
>
> Michael Hammer
>
> On Fri, Feb 16, 2018 at 3:31 AM, Ayden Férdeline <icann at ferdeline.com>
> wrote:
>
>> Hi, Nathalie-
>>
>> I don't think this is a technical question, but a policy one. If I am
>> understanding correctly, you are asking, in a tiered-access system, how
>> would an Internet end-user be able to retrieve the personally identifiable
>> information of a domain name registrant, like he or she can today? I know
>> we are getting ahead of ourselves here, because as a Working Group we have
>> not started to deliberate on this question, but I wouldn't think that the
>> "general public" would satisfy authentication requirements.
>>
>> Nor do I think they should. A tiered-access system that anyone could use
>> would be no different to what we have today in WHOIS. I feel very strongly
>> that we need to put an end to the over collection and over publication of
>> information that exposes domain name registrants to harm by virtue of their
>> online speech. WHOIS data today is being used beyond its narrow, original
>> scope and purpose (e.g. to rapidly find a contact to help resolve a
>> technical problem related to a domain name), a purpose that was
>> unquestionably within the scope and mission of ICANN. The expansion of the
>> WHOIS to solve, resolve, threaten, exploit, or 'ascertain the
>> trustworthiness' of any type of Internet domain name speaker for any type
>> of reason goes far beyond ICANN's narrow technical mission and scope, in my
>> opinion.
>>
>> Kind regards,
>>
>> Ayden
>>
>>
>> -------- Original Message --------
>> On 16 February 2018 6:19 AM, nathalie coupet via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>>
>>
>> To technical people on this list:
>> In a tiered-system with authenticated access, how could the general
>> public satisfy authentication requirements and what would those be, in
>> order to have access to information about the trustworthiness of a website
>> (what would this data be)?
>> Would it be possible to mandate someone who is duly authorized within the
>> registrar to look up the data on her behest? Is there a way to automatize
>> this process?
>>
>> Personal thought: I keep on thinking we will find a silver bullet in the
>> principles set by the law of the sea, the mechanisms of the EEZ or natural
>> law. Still looking.
>>
>> Thanks,
>>
>> Nathalie
>>
>>
>> On Thursday, February 15, 2018 7:59 PM, Chuck <consult at cgomes.com> wrote:
>>
>>
>> Good points Chris.  Thanks again.
>>
>> Chuck
>>
>> *From:* Chris Pelling [mailto:chris at netearth.net]
>> *Sent:* Thursday, February 15, 2018 1:16 PM
>> *To:* Chuck <consult at cgomes.com>
>> *Cc:* Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>;
>> gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org>
>> *Subject:* Re: [gnso-rds-pdp-wg] Equifax hack worse than previously
>> thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>>
>> No issue Chuck, although, June is very optimistic in my opinion simply
>> because the month prior - all hell breaks loose with GDPR :)  At least if
>> we look at October, we can get the info out to as many DPA's as poss to get
>> them there, plus, being Barcelona, it will be a lot cheaper for the
>> countries to send them to Spain than the other side of the world (as
>> governmetns dont like paying for very much to start with) :)
>>
>> Kind regards,
>>
>> Chris
>>
>> ------------------------------
>>
>> *From: *"Chuck" <consult at cgomes.com>
>> *To: *"Chris Pelling" <chris at netearth.net>
>> *Cc: *"Stephanie Perrin" <stephanie.perrin at mail.utoronto.ca>,
>> "gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
>> *Sent: *Thursday, 15 February, 2018 21:12:23
>> *Subject: *RE: [gnso-rds-pdp-wg] Equifax hack worse than previously
>> thought:        Biz kissed goodbye to card expiry dates, tax IDs etc
>>
>> My mistake Chris.  Thanks for setting me straight.  I am probably too
>> optimistic, but it would be nice if it could happen in Panama in June.
>>
>> Chuck
>>
>> *From:* Chris Pelling [mailto:chris at netearth.net <chris at netearth.net>]
>> *Sent:* Thursday, February 15, 2018 1:10 PM
>> *To:* Chuck <consult at cgomes.com>
>> *Cc:* Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>;
>> gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org>
>> *Subject:* Re: [gnso-rds-pdp-wg] Equifax hack worse than previously
>> thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>>
>> Hi Chuck,
>>
>> Barcelona is ICANN 63 in October, in June its ICANN 62 in Panama City :
>> https://www.google.co.uk/search?hl=en&q=icann+meetings+2018&meta=
>>
>>
>> Kind regards,
>>
>> Chris
>>
>> ------------------------------
>>
>> *From: *"Chuck" <consult at cgomes.com>
>> *To: *"Stephanie Perrin" <stephanie.perrin at mail.utoronto.ca>,
>> "gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
>> *Sent: *Thursday, 15 February, 2018 18:14:24
>> *Subject: *Re: [gnso-rds-pdp-wg] Equifax hack worse than previously
>> thought:        Biz kissed goodbye to card expiry dates, tax IDs etc
>>
>> Because of the long lead time for scheduling workshops, it’s not too
>> early to explore the value of one in Barcelona in June.  It would be
>> helpful if we could get to our charter question on Gated Access well before
>> then if possible.
>>
>> Chuck
>>
>> *From:* gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
>> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Stephanie Perrin
>> *Sent:* Thursday, February 15, 2018 9:45 AM
>> *To:* gnso-rds-pdp-wg at icann.org
>> *Subject:* Re: [gnso-rds-pdp-wg] Equifax hack worse than previously
>> thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>>
>> I agree with Sara wholeheartedly.  I would like to propose a workshop at
>> the Barcelona meeting to discuss accreditation requirements for
>> cybersecurity an IP actors who want to retain access to personal data in a
>> tiered access solution.  Release of data in such a system will require
>> standards, and I (as mentioned in Abu, on the public panel on GDPR, and in
>> my own comments on the 3 models) I think we should get on with developing
>> those standards, preferably ISO standards with possibility for independent
>> audit.
>> Stephanie Perrin
>> On 2018-02-15 11:34, Sara Bockey wrote:
>>
>> Our job is now to cooperate in good faith to build a new universal system
>> that still fits most needs but also takes data protection as its core
>> principle.
>>
>> EXACTLY! And what’s lacking from most of our conversations are
>> SOLUTIONS.  We understand that many of you have come to rely on various
>> types of data from WHOIS.  We get it.  We’ve heard you.  What we have NOT
>> heard is “we understand the changing landscape, and while we are concerned
>> about losing X data, perhaps if we do Y, we can improve RDS and still have
>> access OR if we do Z, we can _________.”
>>
>> Given the number of really smart people on this list, I am frustrated by
>> the lack of innovative, forward thinking.  Change doesn’t have to be
>> scary.  Change can be better - an improvement.  We need to stop with the
>> myopia.  We need to stop looking backward.  We need to stop demonizing.  If
>> you are not saying something NEW, something to move this PDP *forward*,
>> you are part of the problem.
>>
>> Sara
>>
>> *sara bockey*
>> *sr. policy manager | **Go**Daddy™*
>> *sbockey at godaddy.com <sbockey at godaddy.com>  480-366-3616
>> <(480)%20366-3616>*
>> *skype: sbockey*
>>
>> *This email message and any attachments hereto is intended for use only
>> by the addressee(s) named herein and may contain confidential information.
>> If you have received this email in error, please immediately notify
>> the sender and permanently delete the original and any copy of this message
>> and its attachments.*
>>
>>
>> *From: *gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org>
>> <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Volker Greimann
>> <vgreimann at key-systems.net> <vgreimann at key-systems.net>
>> *Date: *Thursday, February 15, 2018 at 4:30 AM
>> *To: *Greg Shatan <gregshatanipc at gmail.com> <gregshatanipc at gmail.com>
>> *Cc: *"gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
>> <gnso-rds-pdp-wg at icann.org> <gnso-rds-pdp-wg at icann.org>
>> *Subject: *Re: [gnso-rds-pdp-wg] Equifax hack worse than previously
>> thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>>
>> That would be problematic, as you should know, since there is no clear
>> cut line of what would constitute over-enforcement or under-enforcement.
>> Well, the latter will resolve itself due to the incoming DPA actions.
>> I also never heard of fees to be paid into a fund by those simply trying
>> to remain compliant with their applicable laws.
>> Contracted parties have been stating for years, if not over a decade that
>> publication whois details in the current form and shape is problematic from
>> a data protection perspective. We have repeatedly tried to drive home the
>> point that the current system is not sustainable. We were ignored or
>> ridiculed, or asked to get sued to prove our point. Now that we are forced
>> to take action, everybody is protesting as if this were something new. It
>> is not. Now we have to do a short-term fix, that will hurt more than it
>> would have needed to if everyone had cooperated in good faith to reform
>> whois years ago. The status quo will change.
>> Our job is now to cooperate in good faith to build a new universal system
>> that still fits most needs but also takes data protection as its core
>> principle.
>> Volker out!
>>
>>
>> Am 15.02.2018 um 05:14 schrieb Greg Shatan:
>>
>> In a similar vein, ICANN could establish an “Over-enforce the GDPR Fund,”
>> in which everyone who thinks the GDPR’s data blackout should be extended to
>> the data of non-EU and legal persons would pay in, and it would be used to
>> defray the expenses incurred by those who should have access to information
>> and instead must expend additional time, money and effort, and often incur
>> additional harm, due GDPR over-enforcement.
>>
>> On Wed, Feb 14, 2018 at 5:03 AM Volker Greimann <
>> vgreimann at key-systems.net> wrote:
>>
>> Maybe you are hitting on something here.
>> ICANN could just establish a "Leave-Whois-as-it-is" legal defense fund.
>> Everyone who argues that whois should remain as it is has to pay into that
>> fund and everyone who is fined by data protection violations can take the
>> fines and their legal costs out of that fund. Of course, that would
>> necessitate huge investments to set up the fund from mainly volunteer
>> organizations that do not actually have the means to support it.
>> Best,
>> Volker
>>
>> Am 14.02.2018 um 02:21 schrieb Rubens Kuhl:
>>
>>
>>
>>
>> On 13 Feb 2018, at 20:32, John Horton <john.horton at legitscript.com>
>> wrote:
>>
>> Thanks, Rubens -- I don't agree with that interpretation. (I think you
>> mean the Q&A memo Section 2, right?) See memo here
>> <https://www.icann.org/en/system/files/files/gdpr-memorandum-part2-18dec17-en.pdf>.
>> Let me know if you meant the first or a different one.
>>
>>
>>
>> It's exactly that memo.
>> Since you don't agree, does that mean that your organisation is willing
>> to pay every GDPR fine contracted parties get from following your
>> interpretation ? Because if you are unwilling to do that, then your belief
>> in that interpretation is not rock solid.
>>
>> What I can tell you is that this risk has been flagged by that paper, by
>> the eco model and by internal analysis of some registries, all
>> independently of each other; which means you will likely see a good number
>> of contracted parties following exactly the path I outlined in order to
>> mitigate this risk.
>>
>> If you see things differently, get Europeans DPAs to put that in writing,
>> and we are all good to go.
>>
>>
>>
>> Rubens
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> gnso-rds-pdp-wg mailing list
>>
>> gnso-rds-pdp-wg at icann.org
>>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> gnso-rds-pdp-wg mailing list
>>
>> gnso-rds-pdp-wg at icann.org
>>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180216/55bc170f/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list