[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
John Horton
john.horton at legitscript.com
Tue Feb 20 17:51:34 UTC 2018
Uh...that's not a universal requirement. I know a lot of EU (some? a lot?
not sure) of EU countries have that for commercial websites, and Japan does
too (something we actually monitor for) but it's not like that's a
requirement in the majority of countries. It's a minority approach,
actually.
John Horton
President and CEO, LegitScript
*Follow LegitScript*: LinkedIn
<http://www.linkedin.com/company/legitscript-com> | Facebook
<https://www.facebook.com/LegitScript> | Twitter
<https://twitter.com/legitscript> | *Blog <http://blog.legitscript.com/>*
| Newsletter <http://go.legitscript.com/Subscription-Management.html>
On Tue, Feb 20, 2018 at 9:45 AM, Volker Greimann <vgreimann at key-systems.net>
wrote:
> We are also thinking about what is right for registrants and their right
> to data privacy that have been violated for too long.
>
> Volker
>
> If LEAs and governments want publicly accessible whois databases, they
> should legislate it, just like they have legislated imprints on websites,
> land registries, company registers, car registration registries and many
> more.
>
> But they have not and seem to be disinclined to do so. That in and of
> itself should tell you something.
>
> Why do they legislate what has to be on a website but not what has to be
> in whois? Take a guess!
>
> Volker
>
>
> On 16. Feb 2018, at 20:11, John Horton via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
>
> And herein lies the exact problem: too many people on this group are
> thinking about what's right for registrars and registries, not internet
> users as a whole. (Which, obviously, is more than just registrants.)
>
> ICANN policy isn't supposed to serve the interests of registrars. It's
> supposed to serve the broader public interest.
>
> Benny, sorry -- I don't understand your email. :)
>
> John Horton
> President and CEO, LegitScript
>
>
> *Follow LegitScript*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com> | Facebook
> <https://www.facebook.com/LegitScript> | Twitter
> <https://twitter.com/legitscript> | *Blog
> <http://blog.legitscript.com/>* | Newsletter
> <http://go.legitscript.com/Subscription-Management.html>
>
>
>
> On Fri, Feb 16, 2018 at 11:01 AM, Ayden Férdeline <icann at ferdeline.com>
> wrote:
>
>> Such a distinction sounds complex for a registrar to make, and even more
>> burdensome for a registrar to implement. Who could afford to do this? I
>> would also worry that such costs would be passed on to domain name
>> registrants.
>>
>> — Ayden
>>
>>
>> -------- Original Message --------
>> On 16 February 2018 7:52 PM, John Horton via gnso-rds-pdp-wg <
>> gnso-rds-pdp-wg at icann.org> wrote:
>>
>> I think quite a bit in this WG and certainly in the prior privacy/proxy
>> PDP, and absolutely what we're seeing with GoDaddy. To make sure I'm being
>> clear about what I mean, GoDaddy isn't only redacting Whois information
>> (via Port 43) where it's an EU natural citizen or natural resident. The
>> information is being redacted for....everyone. All registrants. There's
>> simply no justification for that.
>>
>> I predict you'd see (I'm not speaking for anyone here, just me) a real
>> willingness on the security and compliance community's part to compromise
>> and support a system where, IF a registrant is an EU natural person (yes, I
>> know we need to define it accurately -- citizen, resident, we can get
>> granular later) then...hey, let's set up a system in involving redaction of
>> some fields, access to those fields in legitimate cases, etc. I want to
>> support registrars' compliance with the GDPR. But we're seeing the
>> registrar community say: We want to apply this globally. To all domain name
>> registrations. Doesn't matter if the registrant is the intended beneficiary
>> of the new law, or in scope, or not. We're going to just change global
>> policy.
>>
>> I think that viewpoint has been pretty repeatedly represented in this
>> working group, but I'd love to hear from registrars that would support a
>> more targeted solution where only the intended beneficiaries of the GDPR
>> (that is, in-scope registrants) are covered under the policy.
>>
>> John Horton
>> President and CEO, LegitScript
>>
>>
>> *Follow LegitScript*: LinkedIn
>> <http://www.linkedin.com/company/legitscript-com> | Facebook
>> <https://www.facebook.com/LegitScript> | Twitter
>> <https://twitter.com/legitscript> | *Blog
>> <http://blog.legitscript.com/>* | Newsletter
>> <http://go.legitscript.com/Subscription-Management.html>
>>
>>
>>
>> On Fri, Feb 16, 2018 at 10:44 AM, benny at nordreg.se <benny at nordreg.se>
>> wrote:
>>
>>> Please refer to where registrars have been unwilling to explore this
>>> option?
>>>
>>>
>>>
>>> --
>>> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>>>
>>> Benny Samuelsen
>>> Registry Manager - Domainexpert
>>>
>>> Nordreg AB - ICANN accredited registrar
>>> IANA-ID: 638
>>> Phone: +46.42197000
>>> Direct: +47.32260201
>>> Mobile: +47.40410200
>>>
>>> > On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg <
>>> gnso-rds-pdp-wg at icann.org> wrote:
>>> >
>>> > Just imagine how much of all of this could be avoided if registrars
>>> were willing to agree to a commercial/individual distinction.
>>> >
>>> > John Horton
>>> > President and CEO, LegitScript
>>> >
>>> >
>>> > Follow LegitScript: LinkedIn | Facebook | Twitter | Blog |
>>> Newsletter
>>> >
>>> >
>>> >
>>> > On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via gnso-rds-pdp-wg <
>>> gnso-rds-pdp-wg at icann.org> wrote:
>>> > GDPR taken to its logical extreme very well could require us to
>>> abandon IP reputation and to emptying our firewalls. I mean, no consumer
>>> authorized me to process their IP just by attacking me, right?
>>> >
>>> > Privacy absolutism is not the answer unless you basically want to
>>> mandate the internet backbone be converted to tor.
>>> >
>>> > --
>>> > John Bambenek
>>> >
>>> > On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight <
>>> michele at blacknight.com> wrote:
>>> >
>>> >> It’s an interesting read, but it has several flaws.
>>> >>
>>> >> It refers to registrars solely and ignores registries.
>>> >>
>>> >> It also makes it sound like issues around whois are “new”, which we
>>> all know isn’t true.
>>> >>
>>> >> The comments about IP addresses make it sound like it’s a theoretical
>>> concern, yet there is case law eg:
>>> >>
>>> >> https://www.irishtimes.com/business/technology/european-cour
>>> t-of-justice-rules-ip-addresses-are-personal-data-1.2835704
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >>
>>> >> Mr Michele Neylon
>>> >>
>>> >> Blacknight Solutions
>>> >>
>>> >> Hosting, Colocation & Domains
>>> >>
>>> >> https://www.blacknight.com/
>>> >>
>>> >> http://blacknight.blog/
>>> >>
>>> >> Intl. +353 (0) 59 9183072
>>> >>
>>> >> Direct Dial: +353 (0)59 9183090
>>> >>
>>> >> Personal blog: https://michele.blog/
>>> >>
>>> >> Some thoughts: https://ceo.hosting/
>>> >>
>>> >> -------------------------------
>>> >>
>>> >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>>> Park,Sleaty
>>> >>
>>> >> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>> >>
>>> >> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf
>>> of Dotzero <dotzero at gmail.com>
>>> >> Date: Friday 16 February 2018 at 00:07
>>> >> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>>> >> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-w
>>> eaken-security/
>>> >>
>>> >> Michael Hammer
>>> >>
>>> >> _______________________________________________
>>> >> gnso-rds-pdp-wg mailing list
>>> >> gnso-rds-pdp-wg at icann.org
>>> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> >
>>> > _______________________________________________
>>> > gnso-rds-pdp-wg mailing list
>>> > gnso-rds-pdp-wg at icann.org
>>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> >
>>> > _______________________________________________
>>> > gnso-rds-pdp-wg mailing list
>>> > gnso-rds-pdp-wg at icann.org
>>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>>
>>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> 66386 St. Ingbert
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
> Email: vgreimann at key-systems.net <vgreimann at key-systems.net>
>
> Web: www.key-systems.net / www.RRPproxy.net
> www.domaindiscount24.com / www.BrandShelter.com
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen
> Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder
> Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese
> Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per
> E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact
> us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> 66386 St. Ingbert
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.net
> www.domaindiscount24.com / www.BrandShelter.com
>
> Follow us on Twitter or join our fan community on Facebook and stay
> updated:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu
>
> This e-mail and its attachments is intended only for the person to whom it
> is addressed. Furthermore it is not permitted to publish any content of
> this email. You must not use, disclose, copy, print or rely on this e-mail.
> If an addressing or transmission error has misdirected this e-mail, kindly
> notify the author by replying to this e-mail or contacting us by telephone.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180220/3e8ffa87/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list