[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Volker Greimann
vgreimann at key-systems.net
Wed Feb 21 10:33:05 UTC 2018
I am aware it is not a universal requirement, yet it is still a valid
example of governments takeing action and legislating a requirement to
publish certain information in a certain format. While they did so for
content, they did not do so for domain name registrations even though
they could have.
If governments feel they this information should be public, they have
the option of legislating it. Until they do, the general rules on the
protection of personal information apply.
Best,
Volker
Am 20.02.2018 um 18:51 schrieb John Horton:
> Uh...that's not a universal requirement. I know a lot of EU (some? a
> lot? not sure) of EU countries have that for commercial websites, and
> Japan does too (something we actually monitor for) but it's not like
> that's a requirement in the majority of countries. It's a minority
> approach, actually.
>
> John Horton
> President and CEO, LegitScript
>
>
> *FollowLegitScript*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com> | Facebook
> <https://www.facebook.com/LegitScript> | Twitter
> <https://twitter.com/legitscript> | _Blog
> <http://blog.legitscript.com/>_ |Newsletter
> <http://go.legitscript.com/Subscription-Management.html>
>
>
>
>
> On Tue, Feb 20, 2018 at 9:45 AM, Volker Greimann
> <vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>> wrote:
>
> We are also thinking about what is right for registrants and their
> right to data privacy that have been violated for too long.
>
> Volker
>
> If LEAs and governments want publicly accessible whois databases,
> they should legislate it, just like they have legislated imprints
> on websites, land registries, company registers, car registration
> registries and many more.
>
> But they have not and seem to be disinclined to do so. That in and
> of itself should tell you something.
>
> Why do they legislate what has to be on a website but not what has
> to be in whois? Take a guess!
>
> Volker
>
>
>> On 16. Feb 2018, at 20:11, John Horton via gnso-rds-pdp-wg
>> <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>>
>> And herein lies the exact problem: too many people on this group
>> are thinking about what's right for registrars and registries,
>> not internet users as a whole. (Which, obviously, is more than
>> just registrants.)
>>
>> ICANN policy isn't supposed to serve the interests of registrars.
>> It's supposed to serve the broader public interest.
>>
>> Benny, sorry -- I don't understand your email. :)
>>
>> John Horton
>> President and CEO, LegitScript
>>
>>
>> *FollowLegitScript*: LinkedIn
>> <http://www.linkedin.com/company/legitscript-com> | Facebook
>> <https://www.facebook.com/LegitScript> | Twitter
>> <https://twitter.com/legitscript> | _Blog
>> <http://blog.legitscript.com/>_ |Newsletter
>> <http://go.legitscript.com/Subscription-Management.html>
>>
>>
>>
>> On Fri, Feb 16, 2018 at 11:01 AM, Ayden Férdeline
>> <icann at ferdeline.com <mailto:icann at ferdeline.com>> wrote:
>>
>> Such a distinction sounds complex for a registrar to make,
>> and even more burdensome for a registrar to implement. Who
>> could afford to do this? I would also worry that such costs
>> would be passed on to domain name registrants.
>>
>> — Ayden
>>
>>
>> -------- Original Message --------
>> On 16 February 2018 7:52 PM, John Horton via gnso-rds-pdp-wg
>> <gnso-rds-pdp-wg at icann.org
>> <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>>
>>> I think quite a bit in this WG and certainly in the prior
>>> privacy/proxy PDP, and absolutely what we're seeing with
>>> GoDaddy. To make sure I'm being clear about what I mean,
>>> GoDaddy isn't only redacting Whois information (via Port 43)
>>> where it's an EU natural citizen or natural resident. The
>>> information is being redacted for....everyone. All
>>> registrants. There's simply no justification for that.
>>>
>>> I predict you'd see (I'm not speaking for anyone here, just
>>> me) a real willingness on the security and compliance
>>> community's part to compromise and support a system where,
>>> IF a registrant is an EU natural person (yes, I know we need
>>> to define it accurately -- citizen, resident, we can get
>>> granular later) then...hey, let's set up a system in
>>> involving redaction of some fields, access to those fields
>>> in legitimate cases, etc. I want to support registrars'
>>> compliance with the GDPR. But we're seeing the registrar
>>> community say: We want to apply this globally. To all domain
>>> name registrations. Doesn't matter if the registrant is the
>>> intended beneficiary of the new law, or in scope, or not.
>>> We're going to just change global policy.
>>>
>>> I think that viewpoint has been pretty repeatedly
>>> represented in this working group, but I'd love to hear from
>>> registrars that would support a more targeted solution where
>>> only the intended beneficiaries of the GDPR (that is,
>>> in-scope registrants) are covered under the policy.
>>>
>>> John Horton
>>> President and CEO, LegitScript
>>>
>>>
>>> *FollowLegitScript*: LinkedIn
>>> <http://www.linkedin.com/company/legitscript-com> |
>>> Facebook <https://www.facebook.com/LegitScript> | Twitter
>>> <https://twitter.com/legitscript> | _Blog
>>> <http://blog.legitscript.com/>_ |Newsletter
>>> <http://go.legitscript.com/Subscription-Management.html>
>>>
>>>
>>>
>>> On Fri, Feb 16, 2018 at 10:44 AM, benny at nordreg.se
>>> <mailto:benny at nordreg.se> <benny at nordreg.se
>>> <mailto:benny at nordreg.se>> wrote:
>>>
>>> Please refer to where registrars have been unwilling to
>>> explore this option?
>>>
>>>
>>>
>>> --
>>> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>>>
>>> Benny Samuelsen
>>> Registry Manager - Domainexpert
>>>
>>> Nordreg AB - ICANN accredited registrar
>>> IANA-ID: 638
>>> Phone: +46.42197000 <tel:%2B46.42197000>
>>> Direct: +47.32260201 <tel:%2B47.32260201>
>>> Mobile: +47.40410200 <tel:%2B47.40410200>
>>>
>>> > On 16 Feb 2018, at 19:38, John Horton via
>>> gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org
>>> <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>>> >
>>> > Just imagine how much of all of this could be avoided
>>> if registrars were willing to agree to a
>>> commercial/individual distinction.
>>> >
>>> > John Horton
>>> > President and CEO, LegitScript
>>> >
>>> >
>>> > Follow LegitScript: LinkedIn | Facebook | Twitter
>>> | Blog | Newsletter
>>> >
>>> >
>>> >
>>> > On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via
>>> gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org
>>> <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>>> > GDPR taken to its logical extreme very well could
>>> require us to abandon IP reputation and to emptying our
>>> firewalls. I mean, no consumer authorized me to process
>>> their IP just by attacking me, right?
>>> >
>>> > Privacy absolutism is not the answer unless you
>>> basically want to mandate the internet backbone be
>>> converted to tor.
>>> >
>>> > --
>>> > John Bambenek
>>> >
>>> > On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight
>>> <michele at blacknight.com <mailto:michele at blacknight.com>>
>>> wrote:
>>> >
>>> >> It’s an interesting read, but it has several flaws.
>>> >>
>>> >> It refers to registrars solely and ignores registries.
>>> >>
>>> >> It also makes it sound like issues around whois are
>>> “new”, which we all know isn’t true.
>>> >>
>>> >> The comments about IP addresses make it sound like
>>> it’s a theoretical concern, yet there is case law eg:
>>> >>
>>> >>
>>> https://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704
>>> <https://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >>
>>> >> Mr Michele Neylon
>>> >>
>>> >> Blacknight Solutions
>>> >>
>>> >> Hosting, Colocation & Domains
>>> >>
>>> >> https://www.blacknight.com/
>>> >>
>>> >> http://blacknight.blog/
>>> >>
>>> >> Intl. +353 (0) 59 9183072
>>> <tel:%2B353%20%280%29%2059%20%209183072>
>>> >>
>>> >> Direct Dial: +353 (0)59 9183090
>>> <tel:%2B353%20%280%2959%209183090>
>>> >>
>>> >> Personal blog: https://michele.blog/
>>> >>
>>> >> Some thoughts: https://ceo.hosting/
>>> >>
>>> >> -------------------------------
>>> >>
>>> >> Blacknight Internet Solutions Ltd, Unit
>>> 12A,Barrowside Business Park,Sleaty
>>> >>
>>> >> Road,Graiguecullen,Carlow,R93 X265,Ireland Company
>>> No.: 370845
>>> >>
>>> >> From: gnso-rds-pdp-wg
>>> <gnso-rds-pdp-wg-bounces at icann.org
>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of
>>> Dotzero <dotzero at gmail.com <mailto:dotzero at gmail.com>>
>>> >> Date: Friday 16 February 2018 at 00:07
>>> >> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org
>>> <mailto:gnso-rds-pdp-wg at icann.org>>
>>> >> Subject: [gnso-rds-pdp-wg] Krebs On Security article
>>> RE whois and GDRP
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/
>>> <https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/>
>>> >>
>>> >> Michael Hammer
>>> >>
>>> >> _______________________________________________
>>> >> gnso-rds-pdp-wg mailing list
>>> >> gnso-rds-pdp-wg at icann.org
>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>> >
>>> > _______________________________________________
>>> > gnso-rds-pdp-wg mailing list
>>> > gnso-rds-pdp-wg at icann.org
>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>> >
>>> > _______________________________________________
>>> > gnso-rds-pdp-wg mailing list
>>> > gnso-rds-pdp-wg at icann.org
>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> 66386 St. Ingbert
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
> Email: vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
> Web: www.key-systems.net <http://www.key-systems.net> /
> www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /
> www.BrandShelter.com <http://www.BrandShelter.com>
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den
> angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe,
> Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist
> unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so
> bitten wir Sie, sich mit uns per E-Mail oder telefonisch in
> Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to
> contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> 66386 St. Ingbert
> <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&source=g>
> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
> Email: vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
> Web: www.key-systems.net <http://www.key-systems.net> /
> www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /
> www.BrandShelter.com <http://www.BrandShelter.com>
>
> Follow us on Twitter or join our fan community on Facebook and
> stay updated:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
>
> This e-mail and its attachments is intended only for the person to
> whom it is addressed. Furthermore it is not permitted to publish
> any content of this email. You must not use, disclose, copy, print
> or rely on this e-mail. If an addressing or transmission error has
> misdirected this e-mail, kindly notify the author by replying
> to this e-mail or contacting us by telephone.
>
>
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180221/aaac82e4/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list