[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP

John Horton john.horton at legitscript.com
Fri Feb 16 18:52:51 UTC 2018 

I think quite a bit in this WG and certainly in the prior privacy/proxy
PDP, and absolutely what we're seeing with GoDaddy. To make sure I'm being
clear about what I mean, GoDaddy isn't only redacting Whois information
(via Port 43) where it's an EU natural citizen or natural resident. The
information is being redacted for....everyone. All registrants. There's
simply no justification for that.

I predict you'd see (I'm not speaking for anyone here, just me) a real
willingness on the security and compliance community's part to compromise
and support a system where, IF a registrant is an EU natural person (yes, I
know we need to define it accurately -- citizen, resident, we can get
granular later) then...hey, let's set up a system in involving redaction of
some fields, access to those fields in legitimate cases, etc. I want to
support registrars' compliance with the GDPR. But we're seeing the
registrar community say: We want to apply this globally. To all domain name
registrations. Doesn't matter if the registrant is the intended beneficiary
of the new law, or in scope, or not. We're going to just change global
policy.

I think that viewpoint has been pretty repeatedly represented in this
working group, but I'd love to hear from registrars that would support a
more targeted solution where only the intended beneficiaries of the GDPR
(that is, in-scope registrants) are covered under the policy.

John Horton
President and CEO, LegitScript


*Follow LegitScript*: LinkedIn
<http://www.linkedin.com/company/legitscript-com>  |  Facebook
<https://www.facebook.com/LegitScript>  |  Twitter
<https://twitter.com/legitscript>  |  *Blog <http://blog.legitscript.com/>*
  |  Newsletter <http://go.legitscript.com/Subscription-Management.html>




On Fri, Feb 16, 2018 at 10:44 AM, benny at nordreg.se <benny at nordreg.se> wrote:

> Please refer to where registrars have been unwilling to explore this
> option?
>
>
>
> --
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>
> Benny Samuelsen
> Registry Manager - Domainexpert
>
> Nordreg AB - ICANN accredited registrar
> IANA-ID: 638
> Phone: +46.42197000
> Direct: +47.32260201
> Mobile: +47.40410200
>
> > On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
> >
> > Just imagine how much of all of this could be avoided if registrars were
> willing to agree to a commercial/individual distinction.
> >
> > John Horton
> > President and CEO, LegitScript
> >
> >
> > Follow LegitScript: LinkedIn  |  Facebook  |  Twitter  |  Blog  |
> Newsletter
> >
> >
> >
> > On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
> > GDPR taken to its logical extreme very well could require us to abandon
> IP reputation and to emptying our firewalls. I mean, no consumer authorized
> me to process their IP just by attacking me, right?
> >
> > Privacy absolutism is not the answer unless you basically want to
> mandate the internet backbone be converted to tor.
> >
> > --
> > John Bambenek
> >
> > On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight <
> michele at blacknight.com> wrote:
> >
> >> It’s an interesting read, but it has several flaws.
> >>
> >> It refers to registrars solely and ignores registries.
> >>
> >> It also makes it sound like issues around whois are “new”, which we all
> know isn’t true.
> >>
> >> The comments about IP addresses make it sound like it’s a theoretical
> concern, yet there is case law eg:
> >>
> >> https://www.irishtimes.com/business/technology/european-
> court-of-justice-rules-ip-addresses-are-personal-data-1.2835704
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Mr Michele Neylon
> >>
> >> Blacknight Solutions
> >>
> >> Hosting, Colocation & Domains
> >>
> >> https://www.blacknight.com/
> >>
> >> http://blacknight.blog/
> >>
> >> Intl. +353 (0) 59 9183072
> >>
> >> Direct Dial: +353 (0)59 9183090
> >>
> >> Personal blog: https://michele.blog/
> >>
> >> Some thoughts: https://ceo.hosting/
> >>
> >> -------------------------------
> >>
> >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
> >>
> >> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
> >>
> >> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
> Dotzero <dotzero at gmail.com>
> >> Date: Friday 16 February 2018 at 00:07
> >> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> >> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
> >>
> >>
> >>
> >>
> >> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-
> may-weaken-security/
> >>
> >> Michael Hammer
> >>
> >> _______________________________________________
> >> gnso-rds-pdp-wg mailing list
> >> gnso-rds-pdp-wg at icann.org
> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180216/b98964a6/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list