[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
John Horton
john.horton at legitscript.com
Fri Feb 16 19:11:21 UTC 2018
And herein lies the exact problem: too many people on this group are
thinking about what's right for registrars and registries, not internet
users as a whole. (Which, obviously, is more than just registrants.)
ICANN policy isn't supposed to serve the interests of registrars. It's
supposed to serve the broader public interest.
Benny, sorry -- I don't understand your email. :)
John Horton
President and CEO, LegitScript
*Follow LegitScript*: LinkedIn
<http://www.linkedin.com/company/legitscript-com> | Facebook
<https://www.facebook.com/LegitScript> | Twitter
<https://twitter.com/legitscript> | *Blog <http://blog.legitscript.com/>*
| Newsletter <http://go.legitscript.com/Subscription-Management.html>
On Fri, Feb 16, 2018 at 11:01 AM, Ayden Férdeline <icann at ferdeline.com>
wrote:
> Such a distinction sounds complex for a registrar to make, and even more
> burdensome for a registrar to implement. Who could afford to do this? I
> would also worry that such costs would be passed on to domain name
> registrants.
>
> — Ayden
>
>
> -------- Original Message --------
> On 16 February 2018 7:52 PM, John Horton via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
>
> I think quite a bit in this WG and certainly in the prior privacy/proxy
> PDP, and absolutely what we're seeing with GoDaddy. To make sure I'm being
> clear about what I mean, GoDaddy isn't only redacting Whois information
> (via Port 43) where it's an EU natural citizen or natural resident. The
> information is being redacted for....everyone. All registrants. There's
> simply no justification for that.
>
> I predict you'd see (I'm not speaking for anyone here, just me) a real
> willingness on the security and compliance community's part to compromise
> and support a system where, IF a registrant is an EU natural person (yes, I
> know we need to define it accurately -- citizen, resident, we can get
> granular later) then...hey, let's set up a system in involving redaction of
> some fields, access to those fields in legitimate cases, etc. I want to
> support registrars' compliance with the GDPR. But we're seeing the
> registrar community say: We want to apply this globally. To all domain name
> registrations. Doesn't matter if the registrant is the intended beneficiary
> of the new law, or in scope, or not. We're going to just change global
> policy.
>
> I think that viewpoint has been pretty repeatedly represented in this
> working group, but I'd love to hear from registrars that would support a
> more targeted solution where only the intended beneficiaries of the GDPR
> (that is, in-scope registrants) are covered under the policy.
>
> John Horton
> President and CEO, LegitScript
>
>
> *Follow LegitScript*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com> | Facebook
> <https://www.facebook.com/LegitScript> | Twitter
> <https://twitter.com/legitscript> | *Blog
> <http://blog.legitscript.com/>* | Newsletter
> <http://go.legitscript.com/Subscription-Management.html>
>
>
>
>
> On Fri, Feb 16, 2018 at 10:44 AM, benny at nordreg.se <benny at nordreg.se>
> wrote:
>
>> Please refer to where registrars have been unwilling to explore this
>> option?
>>
>>
>>
>> --
>> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>>
>> Benny Samuelsen
>> Registry Manager - Domainexpert
>>
>> Nordreg AB - ICANN accredited registrar
>> IANA-ID: 638
>> Phone: +46.42197000
>> Direct: +47.32260201
>> Mobile: +47.40410200
>>
>> > On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>> >
>> > Just imagine how much of all of this could be avoided if registrars
>> were willing to agree to a commercial/individual distinction.
>> >
>> > John Horton
>> > President and CEO, LegitScript
>> >
>> >
>> > Follow LegitScript: LinkedIn | Facebook | Twitter | Blog |
>> Newsletter
>> >
>> >
>> >
>> > On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>> > GDPR taken to its logical extreme very well could require us to abandon
>> IP reputation and to emptying our firewalls. I mean, no consumer authorized
>> me to process their IP just by attacking me, right?
>> >
>> > Privacy absolutism is not the answer unless you basically want to
>> mandate the internet backbone be converted to tor.
>> >
>> > --
>> > John Bambenek
>> >
>> > On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight <
>> michele at blacknight.com> wrote:
>> >
>> >> It’s an interesting read, but it has several flaws.
>> >>
>> >> It refers to registrars solely and ignores registries.
>> >>
>> >> It also makes it sound like issues around whois are “new”, which we
>> all know isn’t true.
>> >>
>> >> The comments about IP addresses make it sound like it’s a theoretical
>> concern, yet there is case law eg:
>> >>
>> >> https://www.irishtimes.com/business/technology/european-cour
>> t-of-justice-rules-ip-addresses-are-personal-data-1.2835704
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >>
>> >> Mr Michele Neylon
>> >>
>> >> Blacknight Solutions
>> >>
>> >> Hosting, Colocation & Domains
>> >>
>> >> https://www.blacknight.com/
>> >>
>> >> http://blacknight.blog/
>> >>
>> >> Intl. +353 (0) 59 9183072
>> >>
>> >> Direct Dial: +353 (0)59 9183090
>> >>
>> >> Personal blog: https://michele.blog/
>> >>
>> >> Some thoughts: https://ceo.hosting/
>> >>
>> >> -------------------------------
>> >>
>> >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>> Park,Sleaty
>> >>
>> >> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>> >>
>> >> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf
>> of Dotzero <dotzero at gmail.com>
>> >> Date: Friday 16 February 2018 at 00:07
>> >> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>> >> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>> >>
>> >>
>> >>
>> >>
>> >> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-
>> weaken-security/
>> >>
>> >> Michael Hammer
>> >>
>> >> _______________________________________________
>> >> gnso-rds-pdp-wg mailing list
>> >> gnso-rds-pdp-wg at icann.org
>> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> >
>> > _______________________________________________
>> > gnso-rds-pdp-wg mailing list
>> > gnso-rds-pdp-wg at icann.org
>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> >
>> > _______________________________________________
>> > gnso-rds-pdp-wg mailing list
>> > gnso-rds-pdp-wg at icann.org
>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180216/d7991e67/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list