From m.yakushev at corp.mail.ru Mon Aug 15 09:18:11 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Mon, 15 Aug 2011 09:18:11 +0000 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> Message-ID: <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> Dear Sharon, Thank you very much for your valuable work. I mostly share Bill's views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the "Applicable Laws" definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment - based on Bill's methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data - indeed, it's legal force is much weaker, that the Human Rights Declaration. However, Lexinta's reference to the 'applicable' laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110815/fae788ed/attachment.html From emily at emilytaylor.eu Mon Aug 15 09:26:00 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Mon, 15 Aug 2011 10:26:00 +0100 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> Message-ID: Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not *exclude* other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev wrote: > Dear Sharon,**** > > Thank you very much for your valuable work.**** > > I mostly share Bill?s views (see his separate e-mail) on most comments and > I think there is no proven necessity to make any substantial changes in any > of the definitions.**** > > As for the ?Applicable Laws? definition:**** > > **(a) **The feedback was mostly positive,**** > > **(b) **I am ready to prepare a short response for each comment ? based > on Bill?s methodology J,**** > > **(c) **I think it is possible to agree with Lexinta proposal and to > remove the reference to the UN Guidelines on Personal Data ? indeed, it?s > legal force is much weaker, that the Human Rights Declaration. However, > Lexinta?s reference to the ?applicable? laws (making an unfortunate > cross-reference definition) should also be omitted.**** > > Regards,**** > > Michael**** > > ** ** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *LEMON, Sharon > *Sent:* Friday, August 05, 2011 1:04 PM > *To:* rt4-whois at icann.org > *Subject:* [Rt4-whois] Help required - NOW EVEN EASIER!!**** > > ** ** > > *NOT PROTECTIVELY MARKED ***** > > Hello Everyone,**** > > **** > > Last week I sent out my part of the report - definitions for comment and > assistance. Response was **** > > limited ;-), but I still need your help.**** > > **** > > So - to make it even easier I have subdivided the work into three and you > only need to look at the one which relates to the subgroup you were in. I > would like you to look at the definition, the feedback received and let me > know if you think we should change it in light of that feedback. The first > document is the key for those who fedback, the second the defination and > comments and the third the longer version, should you be interested. I have > now incorporated the LE feedback from both Peter and I and summarised the > comments, rather than just listed them.**** > > **** > > This will only take minutes PROMISE - and I would really like to feedback > at our next conference call and I am off next week - so you have until > Monday 15th!.**** > > **** > > So - Producers and Maintainers - James, Susan and Wilfried**** > > Applicable Laws -Kim, Omar, Michael, Lynn**** > > Law Enforcement - Kim, Lutz, Peter. **** > > **** > > Here's hoping,**** > > **** > > Sharon**** > > **** > > **** > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 **** > > **** > > This information is supplied in confidence by SOCA, and is exempt from > disclosure under the Freedom of Information Act 2000. It may also be subject > to exemption under other UK legislation. Onward disclosure may be unlawful, > for example, under the Data Protection Act 1998. Requests for disclosure > to the public must be referred to the SOCA FOI single point of contact, by > email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677.* > *** > > **** > > All E-Mail sent and received by SOCA is scanned and subject to assessment. > Messages sent or received by SOCA staff are not private and may be the > subject of lawful business monitoring. E-Mail may be passed at any time and > without notice to an appropriate branch within SOCA, on authority from the > Director General or his Deputy for analysis. This E-Mail and any files > transmitted with it are intended solely for the individual or entity to whom > they are addressed. If you have received this message in error, please > contact the sender as soon as possible.**** > > **** > > > The original of this email was scanned for viruses by the Government Secure > Intranet virus scanning service supplied by Cable&Wireless Worldwide in > partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On > leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes.**** > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110815/877636d5/attachment.html From m.yakushev at corp.mail.ru Mon Aug 15 09:42:17 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Mon, 15 Aug 2011 09:42:17 +0000 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> Message-ID: <71B38F372F86D940B9C644A99264FA31271322@M2EMBS1.mail.msk> Dear Emily, I do agree that all other relevant laws should not be excluded. However, even in the current definitions such legal norms are NOT excluded (if they are applicable to the regulation/control of the personal data). As far as I remember, there was presented no proof, that any act of the domestic legislation has a direct reference to the WHOIS formats/technology/etc. In most cases such legislation (be it, e.g., criminal investigation procedures and/or consumer protection) are interrelated with the local personal data laws and thus can be treated as such (= no further clarification is needed for our definition). For example, in Russia there are (implicit) obligations of any internet provider to share information on their customers in case of criminal investigation. The Federal Law on Personal Data (more or less based on E.U.Convention) is much more specific on what personal data are and how they should be protected; it also contains specific exclusions from the protection regime for the cases like criminal investigation - and thus can be treated as a "primary applicable" law for the WHOIS-related matters. Making Criminal Process Code a "secondary applicable" law. This makes the overall definition as simple and as understandable as possible. Anyhow, any additions - as you propose them for better understanding - are also possible. Regards, Michael From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Monday, August 15, 2011 1:26 PM To: Mikhail Yakushev Cc: LEMON, Sharon; rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev > wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill's views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the "Applicable Laws" definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment - based on Bill's methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data - indeed, it's legal force is much weaker, that the Human Rights Declaration. However, Lexinta's reference to the 'applicable' laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [Description: Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110815/d5334e5a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110815/d5334e5a/WRD000.jpg From kim at vonarx.ca Mon Aug 15 12:56:38 2011 From: kim at vonarx.ca (kim at vonarx.ca) Date: Mon, 15 Aug 2011 08:56:38 -0400 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: <71B38F372F86D940B9C644A99264FA31271322@M2EMBS1.mail.msk> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> <71B38F372F86D940B9C644A99264FA31271322@M2EMBS1.mail.msk> Message-ID: I agree with Mikhail on this point and tend to agree with Bill`s original comments despite my earlier comments with respect to some changes to the definition. Indeed, overall, I think we are on the right path and mixing all up again may open a new can of worms. Kim > Dear Emily, > > I do agree that all other relevant laws should not be excluded. > > However, even in the current definitions such legal norms are NOT excluded > (if they are applicable to the regulation/control of the personal data). > As far as I remember, there was presented no proof, that any act of the > domestic legislation has a direct reference to the WHOIS > formats/technology/etc. In most cases such legislation (be it, e.g., > criminal investigation procedures and/or consumer protection) are > interrelated with the local personal data laws and thus can be treated as > such (= no further clarification is needed for our definition). > > For example, in Russia there are (implicit) obligations of any internet > provider to share information on their customers in case of criminal > investigation. The Federal Law on Personal Data (more or less based on > E.U.Convention) is much more specific on what personal data are and how > they should be protected; it also contains specific exclusions from the > protection regime for the cases like criminal investigation - and thus can > be treated as a "primary applicable" law for the WHOIS-related matters. > Making Criminal Process Code a "secondary applicable" law. This makes the > overall definition as simple and as understandable as possible. Anyhow, > any additions - as you propose them for better understanding - are also > possible. > > Regards, > Michael > > From: Emily Taylor [mailto:emily at emilytaylor.eu] > Sent: Monday, August 15, 2011 1:26 PM > To: Mikhail Yakushev > Cc: LEMON, Sharon; rt4-whois at icann.org > Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! > > Hi all > > Thanks for your feedback. I agree with Michael and Bill, except that I > think we need to tweak the definition further. As I recall, there were > some comments (the GAC? others?) to the effect that, while data > protection/privacy laws are the obvious example of relevant applicable > laws, our definition should not exclude other relevant applicable laws - > and therefore we should add some words like "or any other relevant laws > which are binding on one or more of the parties". The commentators may > have suggested better wording, but I think we do need to consider this > sort of sweep up. > > Kind regards > > Emily > On 15 August 2011 10:18, Mikhail Yakushev > > wrote: > Dear Sharon, > Thank you very much for your valuable work. > I mostly share Bill's views (see his separate e-mail) on most comments and > I think there is no proven necessity to make any substantial changes in > any of the definitions. > As for the "Applicable Laws" definition: > > (a) The feedback was mostly positive, > > (b) I am ready to prepare a short response for each comment - based on > Bill's methodology :), > > (c) I think it is possible to agree with Lexinta proposal and to remove > the reference to the UN Guidelines on Personal Data - indeed, it's legal > force is much weaker, that the Human Rights Declaration. However, > Lexinta's reference to the 'applicable' laws (making an unfortunate > cross-reference definition) should also be omitted. > Regards, > Michael > > From: rt4-whois-bounces at icann.org > [mailto:rt4-whois-bounces at icann.org] > On Behalf Of LEMON, Sharon > Sent: Friday, August 05, 2011 1:04 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! > > > NOT PROTECTIVELY MARKED > Hello Everyone, > > Last week I sent out my part of the report - definitions for comment and > assistance. Response was > limited ;-), but I still need your help. > > So - to make it even easier I have subdivided the work into three and you > only need to look at the one which relates to the subgroup you were in. I > would like you to look at the definition, the feedback received and let me > know if you think we should change it in light of that feedback. The first > document is the key for those who fedback, the second the defination and > comments and the third the longer version, should you be interested. I > have now incorporated the LE feedback from both Peter and I and summarised > the comments, rather than just listed them. > > This will only take minutes PROMISE - and I would really like to feedback > at our next conference call and I am off next week - so you have until > Monday 15th!. > > So - Producers and Maintainers - James, Susan and Wilfried > Applicable Laws -Kim, Omar, Michael, Lynn > Law Enforcement - Kim, Lutz, Peter. > > Here's hoping, > > Sharon > > > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > > This information is supplied in confidence by SOCA, and is exempt from > disclosure under the Freedom of Information Act 2000. It may also be > subject to exemption under other UK legislation. Onward disclosure may be > unlawful, for example, under the Data Protection Act 1998. Requests for > disclosure to the public must be referred to the SOCA FOI single point of > contact, by email on > PICUEnquiries at soca.x.gsi.gov.uk or > by telephoning 0870 268 8677. > > > > All E-Mail sent and received by SOCA is scanned and subject to assessment. > Messages sent or received by SOCA staff are not private and may be the > subject of lawful business monitoring. E-Mail may be passed at any time > and without notice to an appropriate branch within SOCA, on authority from > the Director General or his Deputy for analysis. This E-Mail and any files > transmitted with it are intended solely for the individual or entity to > whom they are addressed. If you have received this message in error, > please contact the sender as soon as possible. > > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless > Worldwide in partnership with MessageLabs. (CCTM Certificate Number > 2009/09/0052.) On leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > -- > > > [Description: Image removed by sender.] > > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > www.etlaw.co.uk > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From susank at fb.com Mon Aug 15 22:41:49 2011 From: susank at fb.com (Susan Kawaguchi) Date: Mon, 15 Aug 2011 22:41:49 +0000 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> Message-ID: Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday's call. I am concerned that by adding "or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: "In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN's ability to enforce the requirements of providing open Whois access, it seems inconceivable that "any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information" are all applicable to ICANN in its enforcement of this policy." Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James' point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev > wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill's views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the "Applicable Laws" definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment - based on Bill's methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data - indeed, it's legal force is much weaker, that the Human Rights Declaration. However, Lexinta's reference to the 'applicable' laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110815/09a24b30/attachment.html From Peter.Nettlefold at dbcde.gov.au Mon Aug 15 22:48:15 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Tue, 16 Aug 2011 08:48:15 +1000 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! [SEC=UNCLASSIFIED] In-Reply-To: References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> Message-ID: <636771A7F4383E408C57A0240B5F8D4A305FBE4ACA@EMB01.dept.gov.au> Hello all, I just wanted to hijack this very useful discussion to ask a question relating to applicable laws - have ICANN staff advised if the consensus policy for dealing with conflicts with privacy laws has ever been used, and if so how often and with what effect? Sorry if I should know this, but I've spent quite a bit of time trawling emails etc and not found anything, and to my mind this is an important piece of the evidence puzzle as we look at privacy in the WHOIS content. Thanks, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Tuesday, 16 August 2011 8:42 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday's call. I am concerned that by adding "or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: "In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN's ability to enforce the requirements of providing open Whois access, it seems inconceivable that "any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information" are all applicable to ICANN in its enforcement of this policy." Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James' point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev > wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill's views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the "Applicable Laws" definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment - based on Bill's methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data - indeed, it's legal force is much weaker, that the Human Rights Declaration. However, Lexinta's reference to the 'applicable' laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [cid:~WRD122.jpg] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/673207ab/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD122.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD122.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/673207ab/WRD122.jpg From susank at fb.com Mon Aug 15 22:57:06 2011 From: susank at fb.com (Susan Kawaguchi) Date: Mon, 15 Aug 2011 22:57:06 +0000 Subject: [Rt4-whois] FW: RAA Subsection 3.7.7.3. Message-ID: Hi All, The INTA committee subteam that focuses on the use of proxies in the WHOIS are requesting that we consider their document in our discussions of WHOIS policies. Best regards, Susan From: Miriam Trudell [mailto:mtrudell at sheridanross.com] Sent: Monday, August 15, 2011 8:29 AM To: Susan Kawaguchi Cc: 'kar at cwilson.com'; 'nhole at loeb.com'; 'apark at mckennalong.com'; 'ahorne at lrlaw.com'; 'Eulgen, Lee J.' Subject: RAA Subsection 3.7.7.3. To: WHOIS Review Team Attached please find a document prepared by Proxies Working Group of the INTA Domain Disputes, Ownership and WHOIS Subcommittee of the INTA Internet Committee. The document summarizes the position of INTA and the IPC regarding the need for an advisory or best practices document on Registrar Accreditation Agreement (RAA) Subsection 3.7.7.3. as it applies to proxy services, and is consistent with the position of the proposed ICANN Draft Advisory on RAA 3.7.7.3. that was published by ICANN for comment on May 14, 2010 and the Comments of the IPC on the Draft Advisory that was published on July 12, 2010. Best regards, Miriam Trudell Proxies Working Group of the INTA Domain Disputes, Ownership and WHOIS Subcommittee of the INTA Internet Committee MIRIAM D. TRUDELL Attorney SHERIDAN ROSS PC / attorneys at innovation patent / trademark / copyright 1560 BROADWAY, SUITE 1200 / DENVER, COLORADO / 80202-5141 P 303.863.2970 / F 303.863.0223 / www.sheridanross.com ____________________________________________________________________ This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110815/a2c5690a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: RAA 3773 PROXIES WORKING GROUP SUMMARY 08-2011.DOC Type: application/msword Size: 52224 bytes Desc: RAA 3773 PROXIES WORKING GROUP SUMMARY 08-2011.DOC Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110815/a2c5690a/RAA3773PROXIESWORKINGGROUPSUMMARY08-2011.DOC From Peter.Nettlefold at dbcde.gov.au Tue Aug 16 07:47:40 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Tue, 16 Aug 2011 17:47:40 +1000 Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] Message-ID: <636771A7F4383E408C57A0240B5F8D4A305FC61BA0@EMB01.dept.gov.au> Hello all, Attached is the first section of the draft 'gaps' chapter, for review and comment. As you'll see, this section covers accessibility and privacy issues, and it still has some gaps. I've also drafted and included some recommendations on this issue, building on the public and law enforcement input and our own discussions. I hope these are helpful. As you'll see, I've drawn a distinction between proxy and privacy services in the draft chapter, and this will need some further work (but I didn't want to delay getting this out to you any further while I worked on this). I've tried to unpack this distinction in the draft chapter, but also wanted to also explain my thinking to you. The main challenge identified by responses to our consultation processes, and in our own discussions, is to find a way to balance any legitimate privacy concerns with the interests of other stakeholders. The position I've put forward in the draft chapter is that this can be achieved through the regulated use of privacy services (i.e. services that make the identity of the registrant known, but limit availability to other personal data - at least in the first instance). Proxy services, which replace the name of the registrant with that of another entity, are quite different in nature, and I think that these services raise serious questions about ICANN's ability to enforce its AoC obligations. I have drafted the chapter with this distinction in mind, although some parts of the argument need a bit more work. I'm aiming to circulate the next section of the draft chapter - on accuracy - in a day or two, and the section on compliance shortly after that. Unfortunately the next call is now scheduled for 1am my time, so I won't be attending. I look forward to discussing this further as we work towards our Marina del Ray meeting. Cheers, Peter ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/c6e33dda/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Final Report - Gaps Analysis.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 39563 bytes Desc: Final Report - Gaps Analysis.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/c6e33dda/FinalReport-GapsAnalysis.docx From kathy at kathykleiman.com Tue Aug 16 13:44:32 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Tue, 16 Aug 2011 09:44:32 -0400 Subject: [Rt4-whois] DAKAR MEETING - please confirm In-Reply-To: References: Message-ID: <4E4A7440.8030905@kathykleiman.com> Hi All, Just back from vacation at the beach, and it was great (hoping yours have been great too). I wanted to share some thoughts about the final ICANN meeting of the Accountability and Transparency Review Team. Their final meeting took place after the publication of their Draft Final Report. It was the first time in which the full report and recommendations were being discussed at an ICANN meeting. I remember that their report generated great excitement and concern, especially among the Board. The meetings the ATRT held with the Board required great diplomacy and skill to navigate, and resulted in some very nuanced changes to the recommendations. (Note: admittedly, that was because the ATRT recommendations focused on the Board.) Here too, our recommendations, I think, will generate great interest and some concern among some of the many parties we have met with in building our report and recommendations -- particularly so within the GNSO and GAC (and perhaps SSAC). I envision some very interesting discussions about recommendations. Based on those discussions, together we may need to reformulate and finalize. I should add that I think the final ICANN meeting of the ATRT may have been its most important one with the community. It was the meeting where the community commented on whether they felt they had been heard. This final process of listening and responding helped to build acceptance of the ATRT report, shape final revisions that many considered to be very important, and ease the way to rapid implementation of its recommendations. I found the ATRT's final meeting to be a very important one, and I could be mistaken, but I think ours will be too. I will be Dakar, and hope you can be too. All the best, Kathy Dear all > > Following up on Alice's reminder, and Michael's mail to the list, here > are my thoughts about Dakar. > > By then, our aim is to have our complete report and recommendations. > We will be using the meeting primarily to introduce the draft report > and ask for feedback. We have also asked for a session with the board > to present our draft report and findings to them. > > You should plan for a similar format of Sunday meeting, > Tuesday/Wednesday outreach, and debriefing session early evening > Wednesday. > > At this stage, I'm not sure what we'll be using the Sunday slot for, > because we'll be aiming to publish a draft in advance of the meeting, > but I think it's useful to keep the slot on the likelihood that we > will still have stuff to do. > > Kind regards > > Emily > > > On 8 August 2011 12:16, Alice Jansen > wrote: > > Dear Review Team Members, > _ > _ > The next ICANN meeting will be held in Dakar - 23--28 October > 2011. Information on this event (venue, hotel, health, visa etc) > may be found on the ICANN website at: http://dakar42.icann.org/ > > With a view to preparing for this meeting, please let us know *by > Friday, 12 August* whether: > > * you are attending the meeting (Yes/No) > * you need travel support (Yes/No) > > If you do require travel support, please provide us with your > desired arrival & departure dates. > > Once this information submitted, ICANN Constituency Travel will > contact you directly to book your trip. > > * FLIGHTS: Please book your flights through ICANN Constituency > Travel. Should you wish to book business or economy premium > tickets, please know that an allowance will be granted to you > according to your geographic region. > * ACCOMMODATION: ICANN Constituency Travel will book your hotel > room -- please do not book via the website. This is the safe > way to have ICANN cover your lodging needs. > > We look forward to receiving your details. In the meantime, do > feel free to contact us should you have questions or concerns. > > Many thanks in advance, > > Very best regards > > Olof & Alice > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in England > and Wales No. 730471. VAT No. 114487713. > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/de218925/attachment.html From alice.jansen at icann.org Tue Aug 16 13:59:02 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Tue, 16 Aug 2011 06:59:02 -0700 Subject: [Rt4-whois] AGENDA - Call tomorrow 15:00 UTC Message-ID: Dear Review Team Members, Please find enclosed the agenda of your next call scheduled for this upcoming Wednesday at 15:00 UTC. 1. Request for Proposals: Verify references of bidder 2. Assignments: Update on progress made to date 3. Marina del Rey Meeting: Structure of the meeting, agenda, preparations in anticipation of the meeting 4. Recommendations: Tease out recommendations from public comments, Singapore material etc 5. Dakar: schedule, desiderata 6. A.O.B Kindly note that this agenda is also available on the wiki at: https://community.icann.org/display/whoisreview/Call+18+-+17+August+2011 Thanks, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/4f3f1975/attachment.html From bill.smith at paypal-inc.com Tue Aug 16 14:53:29 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 16 Aug 2011 08:53:29 -0600 Subject: [Rt4-whois] FW: RAA Subsection 3.7.7.3. In-Reply-To: References: Message-ID: <249AB4EE-5DBC-4278-8091-97B9DE24514F@paypal.com> Is this a public or private document? On Aug 15, 2011, at 3:57 PM, "Susan Kawaguchi" > wrote: Hi All, The INTA committee subteam that focuses on the use of proxies in the WHOIS are requesting that we consider their document in our discussions of WHOIS policies. Best regards, Susan From: Miriam Trudell [mailto:mtrudell at sheridanross.com] Sent: Monday, August 15, 2011 8:29 AM To: Susan Kawaguchi Cc: 'kar at cwilson.com'; 'nhole at loeb.com'; 'apark at mckennalong.com'; 'ahorne at lrlaw.com'; 'Eulgen, Lee J.' Subject: RAA Subsection 3.7.7.3. To: WHOIS Review Team Attached please find a document prepared by Proxies Working Group of the INTA Domain Disputes, Ownership and WHOIS Subcommittee of the INTA Internet Committee. The document summarizes the position of INTA and the IPC regarding the need for an advisory or best practices document on Registrar Accreditation Agreement (RAA) Subsection 3.7.7.3. as it applies to proxy services, and is consistent with the position of the proposed ICANN Draft Advisory on RAA 3.7.7.3. that was published by ICANN for comment on May 14, 2010 and the Comments of the IPC on the Draft Advisory that was published on July 12, 2010. Best regards, Miriam Trudell Proxies Working Group of the INTA Domain Disputes, Ownership and WHOIS Subcommittee of the INTA Internet Committee MIRIAM D. TRUDELL Attorney SHERIDAN ROSS PC / attorneys at innovation patent / trademark / copyright 1560 BROADWAY, SUITE 1200 / DENVER, COLORADO / 80202-5141 P 303.863.2970 / F 303.863.0223 / www.sheridanross.com ____________________________________________________________________ This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. Thank you. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Tue Aug 16 15:19:14 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 16 Aug 2011 09:19:14 -0600 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> Message-ID: <29E08402-B052-4862-9995-85AB1CBD52FA@paypal.com> I'm for 2. It keeps us in "ICANN" language making both definitions and discussion simpler. I consider producer, processor, consumer, and maintainer to be legal terms subject to interpretation by the court. It's impossible for us to determine a priori which of the legal definitions would apply to any of the ICANN terms in all situations. That determination is dependent on the specific facts of each individual case, and will be made by the court not us. I could support the inclusion of the legal terms but think we might be best served by referencing one or more definitions and suggesting a few equivalencies given a set of facts. If we don't limit ourselves to one set of facts (or perhaps a few), I doubt we'll reach agreement and that won't serve us well - in my opinion. On Aug 15, 2011, at 3:42 PM, "Susan Kawaguchi" <susank at fb.com> wrote: Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday?s call. I am concerned that by adding ?or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: ?In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN?s ability to enforce the requirements of providing open Whois access, it seems inconceivable that ?any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information? are all applicable to ICANN in its enforcement of this policy.? Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James? point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev <m.yakushev at corp.mail.ru> wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill?s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the ?Applicable Laws? definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment ? based on Bill?s methodology ?, (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data ? indeed, it?s legal force is much weaker, that the Human Rights Declaration. However, Lexinta?s reference to the ?applicable? laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From omar at kaminski.adv.br Tue Aug 16 15:40:56 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Tue, 16 Aug 2011 12:40:56 -0300 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: <29E08402-B052-4862-9995-85AB1CBD52FA@paypal.com> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> <29E08402-B052-4862-9995-85AB1CBD52FA@paypal.com> Message-ID: Bill, you have a great point. It'll be hard to reach a definition that is convenient to greeks and trojans. IOW it's almost impossible to please everyone. Omar 2011/8/16 Smith, Bill : > I'm for 2. It keeps us in "ICANN" language making both definitions and discussion simpler. I consider producer, processor, consumer, and maintainer to be legal terms subject to interpretation by the court. > > It's impossible for us to determine a priori which of the legal definitions would apply to any of the ICANN terms in all situations. That determination is dependent on the specific facts of each individual case, and will be made by the court not us. > > I could support the inclusion of the legal terms but think we might be best served by referencing one or more definitions and suggesting a few equivalencies given a set of facts. If we don't limit ourselves to one set of facts (or perhaps a few), I doubt we'll reach agreement and that won't serve us well - in my opinion. > > > On Aug 15, 2011, at 3:42 PM, "Susan Kawaguchi" <susank at fb.com> wrote: > > Hello, > > Applicable Laws > > Sorry for the late input but hopefully we can all discuss on Wednesday?s call. ? ? I am concerned that by adding ?or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. ?Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. > > The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. > > The following is an excerpt from their comments: > > ?In order to assess whether ICANN is fulfilling > this commitment, the Review Team must focus on which laws are applicable to ICANN in > carrying out this policy. This can be a difficult question to answer. While some national laws > may apply to ICANN?s ability to enforce the requirements of providing open Whois access, it > seems inconceivable that ?any and all local and national laws that regulate and/or control the > collection, use, access and disclosure of personally identifiable information? are all applicable to > ICANN in its enforcement of this policy.? > > > Producers and Maintainers > > These definitions have been problematic and confusing to me from day one. ?I understand James? point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. > > Two possible solutions: > > > 1. ? ? ? ?Provide additional information with the definition that James originally provided > > > > Existing Organizations: ?Where do they fit? > > > > The subteam is unanimous on the following: > > ---------------------------------------- > > Registrants = Producers > > ICANN = Maintainer (Data Controller) > > gTLD REGISTRY = Maintainer (Data Controller and Data Processor) > > gTLD REGISTRAR = Maintainer (Data Processor) > > WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) > > > > The subteam disagrees on the following: > > ---------------------------------------- > > WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) > > PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) > > > > We may have to add to this list as there may be other services that fit into these categories > > > 2. ? ? Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. > > > Looking forward to the discussion on Wednesday. > > Susan > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor > Sent: Monday, August 15, 2011 2:26 AM > To: Mikhail Yakushev > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! > > Hi all > > Thanks for your feedback. ? I agree with Michael and Bill, except that I think we need to tweak the definition further. ?As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". ?The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. > > Kind regards > > Emily > On 15 August 2011 10:18, Mikhail Yakushev <m.yakushev at corp.mail.ru> wrote: > Dear Sharon, > Thank you very much for your valuable work. > I mostly share Bill?s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. > As for the ?Applicable Laws? definition: > > (a) ? ?The ?feedback was mostly positive, > > (b) ? ?I am ready to prepare a short response for each comment ? based on Bill?s methodology ?, > > (c) ? ?I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data ? indeed, it?s legal force is much weaker, that the Human Rights Declaration. However, Lexinta?s reference to the ?applicable? laws (making an unfortunate cross-reference definition) should also be omitted. > Regards, > Michael > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon > Sent: Friday, August 05, 2011 1:04 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! > > > NOT PROTECTIVELY MARKED > ?Hello Everyone, > > Last week I sent out my part of the report - definitions for comment and assistance. ?Response was > limited ;-), but I still need your help. > > So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. ?I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. ?I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. > > This will only take minutes PROMISE - and ?I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. > > So - Producers and Maintainers - James, Susan and Wilfried > ? ? ? Applicable Laws -Kim, Omar, Michael, Lynn > ? ? ? Law Enforcement - Kim, Lutz, Peter. > > Here's hoping, > > Sharon > > > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > > This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. > > > > All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. > > > > The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > -- > > > ? [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] > > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > www.etlaw.co.uk > > Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From susank at fb.com Tue Aug 16 16:08:39 2011 From: susank at fb.com (Susan Kawaguchi) Date: Tue, 16 Aug 2011 16:08:39 +0000 Subject: [Rt4-whois] FW: RAA Subsection 3.7.7.3. In-Reply-To: <249AB4EE-5DBC-4278-8091-97B9DE24514F@paypal.com> References: <249AB4EE-5DBC-4278-8091-97B9DE24514F@paypal.com> Message-ID: Public -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Tuesday, August 16, 2011 7:53 AM To: Susan Kawaguchi Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] FW: RAA Subsection 3.7.7.3. Is this a public or private document? On Aug 15, 2011, at 3:57 PM, "Susan Kawaguchi" > wrote: Hi All, The INTA committee subteam that focuses on the use of proxies in the WHOIS are requesting that we consider their document in our discussions of WHOIS policies. Best regards, Susan From: Miriam Trudell [mailto:mtrudell at sheridanross.com] Sent: Monday, August 15, 2011 8:29 AM To: Susan Kawaguchi Cc: 'kar at cwilson.com'; 'nhole at loeb.com'; 'apark at mckennalong.com'; 'ahorne at lrlaw.com'; 'Eulgen, Lee J.' Subject: RAA Subsection 3.7.7.3. To: WHOIS Review Team Attached please find a document prepared by Proxies Working Group of the INTA Domain Disputes, Ownership and WHOIS Subcommittee of the INTA Internet Committee. The document summarizes the position of INTA and the IPC regarding the need for an advisory or best practices document on Registrar Accreditation Agreement (RAA) Subsection 3.7.7.3. as it applies to proxy services, and is consistent with the position of the proposed ICANN Draft Advisory on RAA 3.7.7.3. that was published by ICANN for comment on May 14, 2010 and the Comments of the IPC on the Draft Advisory that was published on July 12, 2010. Best regards, Miriam Trudell Proxies Working Group of the INTA Domain Disputes, Ownership and WHOIS Subcommittee of the INTA Internet Committee MIRIAM D. TRUDELL Attorney SHERIDAN ROSS PC / attorneys at innovation patent / trademark / copyright 1560 BROADWAY, SUITE 1200 / DENVER, COLORADO / 80202-5141 P 303.863.2970 / F 303.863.0223 / www.sheridanross.com ____________________________________________________________________ This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. Thank you. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Tue Aug 16 22:46:31 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 16 Aug 2011 16:46:31 -0600 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A305FBE4ACA@EMB01.dept.gov.au> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> <636771A7F4383E408C57A0240B5F8D4A305FBE4ACA@EMB01.dept.gov.au> Message-ID: <4CFDE77D-11BC-4F8D-830C-99A4664D4ACF@paypal.com> I think the answer is that the conflict provision has never been exercised (I don't recall where I heard that). On Aug 15, 2011, at 3:48 PM, Nettlefold, Peter wrote: Hello all, I just wanted to hijack this very useful discussion to ask a question relating to applicable laws ? have ICANN staff advised if the consensus policy for dealing with conflicts with privacy laws has ever been used, and if so how often and with what effect? Sorry if I should know this, but I?ve spent quite a bit of time trawling emails etc and not found anything, and to my mind this is an important piece of the evidence puzzle as we look at privacy in the WHOIS content. Thanks, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Tuesday, 16 August 2011 8:42 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday?s call. I am concerned that by adding ?or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: ?In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN?s ability to enforce the requirements of providing open Whois access, it seems inconceivable that ?any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information? are all applicable to ICANN in its enforcement of this policy.? Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James? point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev > wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill?s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the ?Applicable Laws? definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment ? based on Bill?s methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data ? indeed, it?s legal force is much weaker, that the Human Rights Declaration. However, Lexinta?s reference to the ?applicable? laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- <~WRD122.jpg> 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From susank at fb.com Tue Aug 16 23:37:39 2011 From: susank at fb.com (Susan Kawaguchi) Date: Tue, 16 Aug 2011 23:37:39 +0000 Subject: [Rt4-whois] WHOIS subteam meeting with the ICANN compliance team.docx Message-ID: Hello All, Attached is a summary of the subteam's meeting with the ICANN compliance team. Text in blue is taken from the ICANN website. Bill and James were not able to weigh in so this is completely my view of the meeting. Susan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/1c623bd8/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS subteam meeting with the ICANN compliance team.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 25483 bytes Desc: WHOIS subteam meeting with the ICANN compliance team.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/1c623bd8/WHOISsubteammeetingwiththeICANNcomplianceteam.docx From lynn at goodsecurityconsulting.com Tue Aug 16 23:39:29 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 16 Aug 2011 16:39:29 -0700 Subject: [Rt4-whois] Applicable laws Message-ID: <20110816163929.00ef555ff13978e3e1b8d2179880f99e.5a54ff5f88.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/c4b19189/attachment.html From kathy at kathykleiman.com Wed Aug 17 04:30:23 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 17 Aug 2011 00:30:23 -0400 Subject: [Rt4-whois] Applicable laws In-Reply-To: <20110816163929.00ef555ff13978e3e1b8d2179880f99e.5a54ff5f88.wbe@email12.secureserver.net> References: <20110816163929.00ef555ff13978e3e1b8d2179880f99e.5a54ff5f88.wbe@email12.secureserver.net> Message-ID: <4E4B43DF.1080000@kathykleiman.com> Dear Lynn and All, I wanted to say how much I appreciate Lynn posting the key regional data protection frameworks to the group. I think they are very important, and she and I have discussed the need for us to look at them more closely in relation to the Whois data. I hope we can do this soon! Regarding sensitive vs private data, I wanted to add my views as an attorney who specializes in the area of data protection and privacy since starting my telecommunications practice in 1993. While sensitive data may focus on the areas of financial, birth, religion, health, and let's add political affiliation and sexual orientation, that's not where the story ends. Data protection and privacy laws certainly consider home address, home phone number, and now cell phone data as "private" or "personal data." Certainly telecommunications laws in the US, as one example, regularly protect the right of a person to "opt-out" of sharing their home address or home phone number in a public directory as a matter of personal privacy. In fact, opt-out in directories was chosen by a majority of Californians when last I researched it (and the state protects privacy as part of its state constitution) because home addresses and home phone numbers are considered very personal information, and worthy of protection. These are the very elements that have been such an issue of controversy within the ICANN arena. Over the last decade, as part of the history of Whois within ICANN, at least four Data Protection Commissioners and their senior staffs have warned ICANN about the problems of this data, and its data protection implications. They are very concerned with the elements now collected and published in the Whois. I will gather their letters to ICANN and share them, as well as notes of the speeches they have given. I would like to request that we ask ICANN Staff to work with us on this important matter as well. Ultimately, I do not think this is a matter for us to decide on (which may relieve everyone greatly). As many of you know, I have been thinking about this issue a great deal. I will be submitting a recommendation to our Team asking that GAC provide ICANN with clear information about relevant applicable laws, including data protection laws, and their guidance, based on these laws, as to the elements of the Whois now published. I'll distribute this before our meeting tomorrow. All the best, Kathy Since data privacy is an area of specialization for me, I would like to offer a couple of > comments on the dialogue about privacy laws. > > Although WHOIS data contains personal data, it does not have any data > elements that are > considered to be "sensitive" in nature. The focus and priority of > data protection authorities throughout the world is on protection of > sensitive data such as financial account details, date of birth, > religious affiliations, medical conditions, etc. > > For global, multi-national organizations who need to develop and > maintain policies regarding the collection and use of personal data, > there are multi-lateral privacy frameworks and principles that have > been accepted and are well established including: > > 1) OECD Guidelines on the Protection of Privacy and Transborder Flows > 2) UN Guidelines Concerning Computerized Personal Data Files > 3) EU Directive 95/46/EC on the Protection of Individuals with Regard > to the Processing of Personsal Data and on the Free Movement of Such Data > 4) APEC Privacy Framework > > Since ICANN is headquartered in the State of California and the United > States, I would note that California has an Office of Privacy > Protection. At the national level, the U.S. Federal Trade Commission > has been accepted as the equivalent of a Data Protection Authority. > > Hope these brief comments are helpful. > Lynn > > > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/2b9eb87d/attachment.html From michel.denise at gmail.com Wed Aug 17 05:25:25 2011 From: michel.denise at gmail.com (Denise Michel) Date: Tue, 16 Aug 2011 22:25:25 -0700 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! [SEC=UNCLASSIFIED] In-Reply-To: <4CFDE77D-11BC-4F8D-830C-99A4664D4ACF@paypal.com> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> <636771A7F4383E408C57A0240B5F8D4A305FBE4ACA@EMB01.dept.gov.au> <4CFDE77D-11BC-4F8D-830C-99A4664D4ACF@paypal.com> Message-ID: Hello. I'm checking on this and will email the list tomorrow. Regards Denise On Tuesday, August 16, 2011, Smith, Bill wrote: > I think the answer is that the conflict provision has never been exercised (I don't recall where I heard that). > > On Aug 15, 2011, at 3:48 PM, Nettlefold, Peter wrote: > > Hello all, > > I just wanted to hijack this very useful discussion to ask a question relating to applicable laws ? have ICANN staff advised if the consensus policy for dealing with conflicts with privacy laws has ever been used, and if so how often and with what effect? > > Sorry if I should know this, but I?ve spent quite a bit of time trawling emails etc and not found anything, and to my mind this is an important piece of the evidence puzzle as we look at privacy in the WHOIS content. > > Thanks, > > Peter > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi > Sent: Tuesday, 16 August 2011 8:42 AM > To: Emily Taylor > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! > > Hello, > > Applicable Laws > > Sorry for the late input but hopefully we can all discuss on Wednesday?s call. I am concerned that by adding ?or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. > > The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. > > The following is an excerpt from their comments: > > ?In order to assess whether ICANN is fulfilling > this commitment, the Review Team must focus on which laws are applicable to ICANN in > carrying out this policy. This can be a difficult question to answer. While some national laws > may apply to ICANN?s ability to enforce the requirements of providing open Whois access, it > seems inconceivable that ?any and all local and national laws that regulate and/or control the > collection, use, access and disclosure of personally identifiable information? are all applicable to > ICANN in its enforcement of this policy.? > > > Producers and Maintainers > > These definitions have been problematic and confusing to me from day one. I understand James? point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. > > Two possible solutions: > > 1. Provide additional information with the definition that James originally provided > > Existing Organizations: Where do they fit? > > The subteam is unanimous on the following: > ---------------------------------------- > Registrants = Producers > ICANN = Maintainer (Data Controller) > gTLD REGISTRY = Maintainer (Data Controller and Data Processor) > gTLD REGISTRAR = Maintainer (Data Processor) > WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) > > The subteam disagrees on the following: > ---------------------------------------- > WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) > PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) > > We may have to add to this list as there may be other services that fit into these categories > > 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. > > Looking forward to the discussion on Wednesday. > > Susan > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor > Sent: Monday, August 15, 2011 2:26 AM > To: Mikhail Yakushev > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! > > Hi all > > Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. > > Kind regards > > Emily > On 15 August 2011 10:18, Mikhail Yakushev > wrote: > Dear Sharon, > Thank you very much for your valuable work. > I mostly share Bill?s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. > As for the ?Applicable Laws? definition: > > (a) The feedback was mostly positive, > > (b) I am ready to prepare a short response for each comment ? based on Bill?s methodology :), > > (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data ? indeed, it?s legal force is much weaker, that the Human Rights Declaration. However, Lexinta?s reference to the ?applicable? laws (making an unfortunate cross-reference definition) should also be omitted. > > Regards, > Michael > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon > Sent: Friday, August 05, 2011 1:04 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! > > > NOT PROTECTIVELY MARKED > > Hello Everyone, > > Last week I sent out my part of the report - definitions for comment and assistance. Response was > limited ;-), but I still need your help. > > So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. > > This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. > > So - Producers and Maintainers - James, Susan and Wilfried > Applicable Laws -Kim, Omar, Michael, Lynn > Law Enforcement - Kim, Lutz, Peter. > > Here's hoping, > > Sharon > > > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > > > This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. > > > > All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. > > > > The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > -- > > > <~WRD122.jpg> > > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > www.etlaw.co.uk > > Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. > > > ------------------------------------------------------------------------------- > > The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. > > > If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. > > > Please consider the environment before printing this email. > > ------------------------------------------------------------------------------- > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- Denise Michel michel.denise at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110816/133eca7c/attachment.html From Peter.Nettlefold at dbcde.gov.au Wed Aug 17 07:38:31 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Wed, 17 Aug 2011 17:38:31 +1000 Subject: [Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL] Message-ID: <636771A7F4383E408C57A0240B5F8D4A305FC62512@EMB01.dept.gov.au> Hi all, Thanks to Lynn and Kathy for continuing our discussions on these important issues. These were key issues I struggled with in drafting the accessibility/privacy part of the gaps chapter, which I circulated yesterday for comment. After reading the public submissions to our discussion paper, it seems clear that some people are worried about the privacy implications of WHOIS. It was raised by many respondents to our paper, and acknowledged as a valid concern by many others. However, I don't see a compelling case for us to catalogue all potential applicable privacy or data protection laws as a way to take this forward. In practice, I think this would be very difficult, and arguably of limited use. Even if every GAC member provided details of every potentially applicable law, this would not cover every country, and would only cover contributing countries at a set point in time. Further, what would we do with this data? How would we reconcile the inevitable differences? Arguably, any conflict with national law (whether it relates to 'sensitive' information, or other personal information) is intended to be addressed by ICANN's consensus procedure. The consensus procedure was developed by the ICANN community to deal with specific conflicts with national law. Whether and how it has been used may therefore provide us some guidance about any actual conflicts and how they've been handled. I see that Denise has undertaken to get back to us shortly with an answer to this - thanks Denise! The answer to this may provide useful insights into whether that particular procedure is effective or needs modification to deal with specific legal situations, and it could also clarify the potential extent of existing legal conflicts. For the procedure to be effective, there is no need to catalogue applicable laws in advance. Personally, I can't see any way to replace this (or a similar) case-by-case procedure with a more prescriptive universal mechanism based on a survey of applicable laws, nor any way to anticipate all potential legal conflicts in advance. There is then the additional question of whether we're only interested in situations where there is a conflict with a national law? If so, then we need to consider whether there needs to be any additional protections beyond the existing procedure. On balance, my position is that we should consider some way to acknowledge the privacy concerns of individuals, including those that may not be addressed by ICANN's existing consensus procedures and policies. The problem is how to do this without facilitating the unregulated and widely abused privacy/proxy situation that we now have. This is what I tried to address in the draft gaps chapter. The proposed recommendations at the end of that chapter are intended to provide a framework for a balanced, open and accountable privacy regime, while acknowledging that much of the detail (such as what data could be 'protected' or 'limited', and standardised processes for release of that data when needed) would rightly be developed through existing ICANN community (and cross community) processes. I look forward to further discussion on this as we move forward. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, 17 August 2011 2:30 PM To: rt4-whois at icann.org; lynn at goodsecurityconsulting.com Subject: Re: [Rt4-whois] Applicable laws Dear Lynn and All, I wanted to say how much I appreciate Lynn posting the key regional data protection frameworks to the group. I think they are very important, and she and I have discussed the need for us to look at them more closely in relation to the Whois data. I hope we can do this soon! Regarding sensitive vs private data, I wanted to add my views as an attorney who specializes in the area of data protection and privacy since starting my telecommunications practice in 1993. While sensitive data may focus on the areas of financial, birth, religion, health, and let's add political affiliation and sexual orientation, that's not where the story ends. Data protection and privacy laws certainly consider home address, home phone number, and now cell phone data as "private" or "personal data." Certainly telecommunications laws in the US, as one example, regularly protect the right of a person to "opt-out" of sharing their home address or home phone number in a public directory as a matter of personal privacy. In fact, opt-out in directories was chosen by a majority of Californians when last I researched it (and the state protects privacy as part of its state constitution) because home addresses and home phone numbers are considered very personal information, and worthy of protection. These are the very elements that have been such an issue of controversy within the ICANN arena. Over the last decade, as part of the history of Whois within ICANN, at least four Data Protection Commissioners and their senior staffs have warned ICANN about the problems of this data, and its data protection implications. They are very concerned with the elements now collected and published in the Whois. I will gather their letters to ICANN and share them, as well as notes of the speeches they have given. I would like to request that we ask ICANN Staff to work with us on this important matter as well. Ultimately, I do not think this is a matter for us to decide on (which may relieve everyone greatly). As many of you know, I have been thinking about this issue a great deal. I will be submitting a recommendation to our Team asking that GAC provide ICANN with clear information about relevant applicable laws, including data protection laws, and their guidance, based on these laws, as to the elements of the Whois now published. I'll distribute this before our meeting tomorrow. All the best, Kathy Since data privacy is an area of specialization for me, I would like to offer a couple of comments on the dialogue about privacy laws. Although WHOIS data contains personal data, it does not have any data elements that are considered to be "sensitive" in nature. The focus and priority of data protection authorities throughout the world is on protection of sensitive data such as financial account details, date of birth, religious affiliations, medical conditions, etc. For global, multi-national organizations who need to develop and maintain policies regarding the collection and use of personal data, there are multi-lateral privacy frameworks and principles that have been accepted and are well established including: 1) OECD Guidelines on the Protection of Privacy and Transborder Flows 2) UN Guidelines Concerning Computerized Personal Data Files 3) EU Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personsal Data and on the Free Movement of Such Data 4) APEC Privacy Framework Since ICANN is headquartered in the State of California and the United States, I would note that California has an Office of Privacy Protection. At the national level, the U.S. Federal Trade Commission has been accepted as the equivalent of a Data Protection Authority. Hope these brief comments are helpful. Lynn _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/deb3d9ed/attachment.html From m.yakushev at corp.mail.ru Wed Aug 17 09:16:58 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Wed, 17 Aug 2011 09:16:58 +0000 Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A305FC61BA0@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A305FC61BA0@EMB01.dept.gov.au> Message-ID: <71B38F372F86D940B9C644A99264FA312716EF@M2EMBS1.mail.msk> Dear Peter, colleagues, I have carefully reviewed Peter's draft and mostly agree with the provided analysis. I also would mostly agree with the suggested recommendations - but I think we need to discuss each of them separately to achieve the highest possible level of consensus within our team. Kind regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Tuesday, August 16, 2011 11:48 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] Hello all, Attached is the first section of the draft 'gaps' chapter, for review and comment. As you'll see, this section covers accessibility and privacy issues, and it still has some gaps. I've also drafted and included some recommendations on this issue, building on the public and law enforcement input and our own discussions. I hope these are helpful. As you'll see, I've drawn a distinction between proxy and privacy services in the draft chapter, and this will need some further work (but I didn't want to delay getting this out to you any further while I worked on this). I've tried to unpack this distinction in the draft chapter, but also wanted to also explain my thinking to you. The main challenge identified by responses to our consultation processes, and in our own discussions, is to find a way to balance any legitimate privacy concerns with the interests of other stakeholders. The position I've put forward in the draft chapter is that this can be achieved through the regulated use of privacy services (i.e. services that make the identity of the registrant known, but limit availability to other personal data - at least in the first instance). Proxy services, which replace the name of the registrant with that of another entity, are quite different in nature, and I think that these services raise serious questions about ICANN's ability to enforce its AoC obligations. I have drafted the chapter with this distinction in mind, although some parts of the argument need a bit more work. I'm aiming to circulate the next section of the draft chapter - on accuracy - in a day or two, and the section on compliance shortly after that. Unfortunately the next call is now scheduled for 1am my time, so I won't be attending. I look forward to discussing this further as we work towards our Marina del Ray meeting. Cheers, Peter ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/e3ebc1cc/attachment.html From olof.nordling at icann.org Wed Aug 17 09:21:29 2011 From: olof.nordling at icann.org (Olof Nordling) Date: Wed, 17 Aug 2011 02:21:29 -0700 Subject: [Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A305FC62512@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A305FC62512@EMB01.dept.gov.au> Message-ID: <41F6C547EA49EC46B4EE1EB2BC2F34183769D9ACE5@EXVPMBX100-1.exc.icann.org> Dear Peter and all, Please note that there is one occasion where the procedure for handling WHOIS conflicts with privacy law has been applied in practice, relating to .TEL, see http://www.icann.org/en/announcements/announcement-2-19oct07.htm (announcement of Telnic's proposed change and opening of a public comment period) and http://www.icann.org/en/minutes/minutes-18dec07.htm (the Board minutes with the decision on the matter). In this case, the procedure is invoked as a "draft Procedure", since the .TEL matter was addressed before the procedure was formally in force , see http://www.icann.org/en/processes/icann-procedure-17jan08.htm. Denise may have additional information to supply when the sun rises in California- I just wanted to provide this piece well before our call today. Very best regards Olof From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Wednesday, August 17, 2011 9:39 AM To: rt4-whois at icann.org Cc: Kathy Kleiman Subject: [Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL] Hi all, Thanks to Lynn and Kathy for continuing our discussions on these important issues. These were key issues I struggled with in drafting the accessibility/privacy part of the gaps chapter, which I circulated yesterday for comment. After reading the public submissions to our discussion paper, it seems clear that some people are worried about the privacy implications of WHOIS. It was raised by many respondents to our paper, and acknowledged as a valid concern by many others. However, I don't see a compelling case for us to catalogue all potential applicable privacy or data protection laws as a way to take this forward. In practice, I think this would be very difficult, and arguably of limited use. Even if every GAC member provided details of every potentially applicable law, this would not cover every country, and would only cover contributing countries at a set point in time. Further, what would we do with this data? How would we reconcile the inevitable differences? Arguably, any conflict with national law (whether it relates to 'sensitive' information, or other personal information) is intended to be addressed by ICANN's consensus procedure. The consensus procedure was developed by the ICANN community to deal with specific conflicts with national law. Whether and how it has been used may therefore provide us some guidance about any actual conflicts and how they've been handled. I see that Denise has undertaken to get back to us shortly with an answer to this - thanks Denise! The answer to this may provide useful insights into whether that particular procedure is effective or needs modification to deal with specific legal situations, and it could also clarify the potential extent of existing legal conflicts. For the procedure to be effective, there is no need to catalogue applicable laws in advance. Personally, I can't see any way to replace this (or a similar) case-by-case procedure with a more prescriptive universal mechanism based on a survey of applicable laws, nor any way to anticipate all potential legal conflicts in advance. There is then the additional question of whether we're only interested in situations where there is a conflict with a national law? If so, then we need to consider whether there needs to be any additional protections beyond the existing procedure. On balance, my position is that we should consider some way to acknowledge the privacy concerns of individuals, including those that may not be addressed by ICANN's existing consensus procedures and policies. The problem is how to do this without facilitating the unregulated and widely abused privacy/proxy situation that we now have. This is what I tried to address in the draft gaps chapter. The proposed recommendations at the end of that chapter are intended to provide a framework for a balanced, open and accountable privacy regime, while acknowledging that much of the detail (such as what data could be 'protected' or 'limited', and standardised processes for release of that data when needed) would rightly be developed through existing ICANN community (and cross community) processes. I look forward to further discussion on this as we move forward. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, 17 August 2011 2:30 PM To: rt4-whois at icann.org; lynn at goodsecurityconsulting.com Subject: Re: [Rt4-whois] Applicable laws Dear Lynn and All, I wanted to say how much I appreciate Lynn posting the key regional data protection frameworks to the group. I think they are very important, and she and I have discussed the need for us to look at them more closely in relation to the Whois data. I hope we can do this soon! Regarding sensitive vs private data, I wanted to add my views as an attorney who specializes in the area of data protection and privacy since starting my telecommunications practice in 1993. While sensitive data may focus on the areas of financial, birth, religion, health, and let's add political affiliation and sexual orientation, that's not where the story ends. Data protection and privacy laws certainly consider home address, home phone number, and now cell phone data as "private" or "personal data." Certainly telecommunications laws in the US, as one example, regularly protect the right of a person to "opt-out" of sharing their home address or home phone number in a public directory as a matter of personal privacy. In fact, opt-out in directories was chosen by a majority of Californians when last I researched it (and the state protects privacy as part of its state constitution) because home addresses and home phone numbers are considered very personal information, and worthy of protection. These are the very elements that have been such an issue of controversy within the ICANN arena. Over the last decade, as part of the history of Whois within ICANN, at least four Data Protection Commissioners and their senior staffs have warned ICANN about the problems of this data, and its data protection implications. They are very concerned with the elements now collected and published in the Whois. I will gather their letters to ICANN and share them, as well as notes of the speeches they have given. I would like to request that we ask ICANN Staff to work with us on this important matter as well. Ultimately, I do not think this is a matter for us to decide on (which may relieve everyone greatly). As many of you know, I have been thinking about this issue a great deal. I will be submitting a recommendation to our Team asking that GAC provide ICANN with clear information about relevant applicable laws, including data protection laws, and their guidance, based on these laws, as to the elements of the Whois now published. I'll distribute this before our meeting tomorrow. All the best, Kathy Since data privacy is an area of specialization for me, I would like to offer a couple of comments on the dialogue about privacy laws. Although WHOIS data contains personal data, it does not have any data elements that are considered to be "sensitive" in nature. The focus and priority of data protection authorities throughout the world is on protection of sensitive data such as financial account details, date of birth, religious affiliations, medical conditions, etc. For global, multi-national organizations who need to develop and maintain policies regarding the collection and use of personal data, there are multi-lateral privacy frameworks and principles that have been accepted and are well established including: 1) OECD Guidelines on the Protection of Privacy and Transborder Flows 2) UN Guidelines Concerning Computerized Personal Data Files 3) EU Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personsal Data and on the Free Movement of Such Data 4) APEC Privacy Framework Since ICANN is headquartered in the State of California and the United States, I would note that California has an Office of Privacy Protection. At the national level, the U.S. Federal Trade Commission has been accepted as the equivalent of a Data Protection Authority. Hope these brief comments are helpful. Lynn _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/291f82d0/attachment.html From m.yakushev at corp.mail.ru Wed Aug 17 09:37:59 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Wed, 17 Aug 2011 09:37:59 +0000 Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: <29E08402-B052-4862-9995-85AB1CBD52FA@paypal.com> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> <71B38F372F86D940B9C644A99264FA312712F5@M2EMBS1.mail.msk> <29E08402-B052-4862-9995-85AB1CBD52FA@paypal.com> Message-ID: <71B38F372F86D940B9C644A99264FA3127173D@M2EMBS1.mail.msk> Dear Susan and Bill, colleagues, I do support Bill's proposal on Option 2 (not to create new definitions). Unless the definitions of producers/maintainers etc. are absolutely/critically necessary for our Final report, we are able to be more specific with the existing essences and without challenging Occam's razor principle. Kind regards, Michael -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Smith, Bill Sent: Tuesday, August 16, 2011 7:19 PM To: Susan Kawaguchi Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! I'm for 2. It keeps us in "ICANN" language making both definitions and discussion simpler. I consider producer, processor, consumer, and maintainer to be legal terms subject to interpretation by the court. It's impossible for us to determine a priori which of the legal definitions would apply to any of the ICANN terms in all situations. That determination is dependent on the specific facts of each individual case, and will be made by the court not us. I could support the inclusion of the legal terms but think we might be best served by referencing one or more definitions and suggesting a few equivalencies given a set of facts. If we don't limit ourselves to one set of facts (or perhaps a few), I doubt we'll reach agreement and that won't serve us well - in my opinion. On Aug 15, 2011, at 3:42 PM, "Susan Kawaguchi" <susank at fb.com> wrote: Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday?s call. I am concerned that by adding ?or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: ?In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN?s ability to enforce the requirements of providing open Whois access, it seems inconceivable that ?any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information? are all applicable to ICANN in its enforcement of this policy.? Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James? point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev <m.yakushev at corp.mail.ru> wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill?s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the ?Applicable Laws? definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment ? based on Bill?s methodology ?, (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data ? indeed, it?s legal force is much weaker, that the Human Rights Declaration. However, Lexinta?s reference to the ?applicable? laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From alice.jansen at icann.org Wed Aug 17 09:49:45 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 17 Aug 2011 02:49:45 -0700 Subject: [Rt4-whois] Dakar meeting - Message-ID: Dear Review Team Members, Please refer to the secluded wiki to see the numbers attending Dakar: https://community.icann.org/display/whoisreviewprivate/Dakar+Meeting Note that you will need to enter your login details to see this wiki page. Thanks, Kind regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/a2e62066/attachment.html From alice.jansen at icann.org Wed Aug 17 09:54:09 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 17 Aug 2011 02:54:09 -0700 Subject: [Rt4-whois] Prel Report for your approval In-Reply-To: Message-ID: Dear Review Team Members, Please find attached the preliminary report of your teleconference held on 3 August. Kindly note that this has been added to the agenda and that it will be discussed during your conference call today (at 15:00 UTC) with a view to adopting a final version. Thanks, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/6e10f64a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Prel Rep - 3 August.doc Type: application/x-msword Size: 37888 bytes Desc: Prel Rep - 3 August.doc Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/6e10f64a/PrelRep-3August.doc From alice.jansen at icann.org Wed Aug 17 09:57:31 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 17 Aug 2011 02:57:31 -0700 Subject: [Rt4-whois] AGENDA UPDATE - Call today 15:00 UTC In-Reply-To: Message-ID: Dear Review Team Members, Please find enclosed an updated version of your agenda: 1. Preliminary report: 3 August for approval 2. Request for Proposals: Verify references of bidder 3. Assignments: Update on progress made to date 4. Marina del Rey Meeting: Structure of the meeting, agenda, preparations in anticipation of the meeting 5. Recommendations: Tease out recommendations from public comments, Singapore material etc 6. Dakar: schedule, desiderata 7. A.O.B Kindly note that this agenda is also available on the wiki at: https://community.icann.org/display/whoisreview/Call+18+-+17+August+2011 Thanks, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/1ae9122a/attachment.html From emily at emilytaylor.eu Wed Aug 17 11:17:07 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 17 Aug 2011 12:17:07 +0100 Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] In-Reply-To: <71B38F372F86D940B9C644A99264FA312716EF@M2EMBS1.mail.msk> References: <636771A7F4383E408C57A0240B5F8D4A305FC61BA0@EMB01.dept.gov.au> <71B38F372F86D940B9C644A99264FA312716EF@M2EMBS1.mail.msk> Message-ID: Dear Peter, Many thanks for your work on this draft. I really like the way that you have based your commentary on a bottom-up analysis of what the comments said. It shows that we have been listening to, and carefully analysing the inputs that people have taken the trouble to give us. I'm sure we'll be discussing it on today's call, and it's a pity that the scheduling prevents you joining us. I hope we will be able to have you on our next call after this one, and we'll ensure that we have a good turn out. My question in reading the proxy/privacy section is - apart from NCUC which you referenced - did we have contrary views. We have a lot of references from law enforcement and IP constituency, but nothing at all from registry/registrars or NCUC apart from that one quote. I'm keen to ensure that we present a balanced view of the inputs received, because it will give a range of views. All - please can we look out our notes of our face-to-face meetings. I for one took away a strong message from our call with the IPC that they had *good* experiences of data release from a number of the larger providers, and (while in a perfect world they may not want proxy/privacy services) were able to live with them if they could have a predictable outcome. This is well captured in one of the recommendations, but doesn't quite come through in the supporting text yet. For the more radical recommendations - I'm not sure that I heard them being asked for, even by the communities that you would expect to support them, and therefore we need much more argumentation in the text to justify some of the recommendations (if, indeed, the team can reach consensus on them). Thank you again for a thorough and thoughtful piece of work Peter. It provides us with an excellent first draft on which to focus our discussions. Kind regards Emily Kind regards Emily On 17 August 2011 10:16, Mikhail Yakushev wrote: > Dear Peter, colleagues,**** > > I have carefully reviewed Peter?s draft and mostly agree with the provided > analysis. I also would mostly agree with the suggested recommendations ? > but I think we need to discuss each of them separately to achieve the > highest possible level of consensus within our team.**** > > Kind regards,**** > > Michael**** > > ** ** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *Nettlefold, Peter > *Sent:* Tuesday, August 16, 2011 11:48 AM > *To:* rt4-whois at icann.org > *Subject:* [Rt4-whois] Report input - privacy/proxy 'gaps' > [SEC=UNCLASSIFIED]**** > > ** ** > > Hello all,**** > > ** ** > > Attached is the first section of the draft ?gaps? chapter, for review and > comment.**** > > ** ** > > As you?ll see, this section covers accessibility and privacy issues, and it > still has some gaps.**** > > ** ** > > I?ve also drafted and included some recommendations on this issue, building > on the public and law enforcement input and our own discussions. I hope > these are helpful.**** > > ** ** > > As you?ll see, I?ve drawn a distinction between proxy and privacy services > in the draft chapter, and this will need some further work (but I didn?t > want to delay getting this out to you any further while I worked on this). > I?ve tried to unpack this distinction in the draft chapter, but also wanted > to also explain my thinking to you. **** > > ** ** > > The main challenge identified by responses to our consultation processes, > and in our own discussions, is to find a way to balance any legitimate > privacy concerns with the interests of other stakeholders. The position I?ve > put forward in the draft chapter is that this can be achieved through the > regulated use of *privacy* services (i.e. services that make the identity > of the registrant known, but limit availability to other personal data ? at > least in the first instance). *Proxy* services, which replace the name of > the registrant with that of another entity, are quite different in nature, > and I think that these services raise serious questions about ICANN?s > ability to enforce its AoC obligations. **** > > ** ** > > I have drafted the chapter with this distinction in mind, although some > parts of the argument need a bit more work.**** > > ** ** > > I?m aiming to circulate the next section of the draft chapter - on accuracy > - in a day or two, and the section on compliance shortly after that.**** > > ** ** > > Unfortunately the next call is now scheduled for 1am my time, so I won?t be > attending.**** > > ** ** > > I look forward to discussing this further as we work towards our Marina del > Ray meeting.**** > > ** ** > > Cheers,**** > > ** ** > > Peter**** > > ** ** > > ** ** > > > * > ------------------------------------------------------------------------------- > ***** > > The information transmitted is for the use of the intended recipient only > and may contain confidential and/or legally privileged material. Any review, > re-transmission, disclosure, dissemination or other use of, or taking of any > action in reliance upon, this information by persons or entities other than > the intended recipient is prohibited and may result in severe penalties.** > ** > > ** ** > > If you have received this e-mail in error please notify the Security > Advisor of the Department of Broadband, Communications and the Digital > Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and > delete all copies of this transmission together with any attachments.**** > > ** ** > > Please consider the environment before printing this email.**** > > > * > ------------------------------------------------------------------------------- > ***** > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/6002b2ff/attachment.html From alice.jansen at icann.org Wed Aug 17 11:49:48 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 17 Aug 2011 04:49:48 -0700 Subject: [Rt4-whois] REMINDER - Call today @ 15:00 UTC Message-ID: Dear Review Team Members, Your next conference call is scheduled for: **Wednesday, 17 August 2011** 15:00 UTC Please check your local time at: http://timeanddate.com/worldclock/fixedtime.html?msg=WHOIS+Review+Team&iso=20110817T15 PASSWORD: 27318 followed by # Agenda: https://community.icann.org/display/whoisreview/Call+18+-+17+August+2011 Adobe room: http://icann.adobeconnect.com/whois-review/ Audio-cast (silent observers): http://stream.icann.org:8000/whois.m3u Dial-in numbers: Please find below a table which encapsulates dial-in numbers for your countries of residence. Should you be traveling, please refer to the full list which is available at: http://www.adigo.com/icann/ Australia 1 800 009 820 1 800 036 775 Sydney T +61 290372962 Melbourne T +61 399996500 Brisbane T +61 731777546 Austria L - 0 800 295 858 M - 0 800 295 138 T - +43 720 882 638 Belgium L - 0800 79210 M ? 0800 79218 T - +32 78 480 286 Brazil L - 0800 891 1597 M - 0800 891 1598 T - +55 613 717 2040 Canada 1 800 550 6865 T - +1 213 233 3193 France 0800 90 25 56 T - +33 170618347 Germany L - 0800 1016 120 G - M 0800 1016 124 Russia 8 10 8002 535 3011 T - +7 499 650 7835 United Kingdom 0800 032 6646 T - +44 207 099 0867 United States 1 800 550 6865 T - +1 213 233 3193 T ? local toll number ; M ? mobile preferred number ; L ? landline preferred number Please do not hesitate to contact me should you require a dial-out for this call. Thank you, Very best regards Alice Alice E. Jansen -------------------------- ICANN Assistant, Organizational & Affirmation Reviews alice.jansen at icann.org Direct Dial: +32.2.234.78.64 Mobile: +32.4.73.31.76.56 Office Fax: +32.2.234.78.48 Skype: alice_jansen_icann -------------------------- 6, Rond Point Schuman B-1040 Brussels, Belgium -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/70e95078/attachment.html From sharon.lemon at soca.x.gsi.gov.uk Wed Aug 17 12:31:18 2011 From: sharon.lemon at soca.x.gsi.gov.uk (LEMON, Sharon) Date: Wed, 17 Aug 2011 13:31:18 +0100 Subject: [Rt4-whois] Definitions - final decisions required today. In-Reply-To: Message-ID: <3062FB662B110E4A9F14C63284D07FF7050C6757A6D3@soca.x.gsi.gov.uk> NOT PROTECTIVELY MARKED Hi Alice and all, I am not going to make this meeting I am afraid. Thank you to all of you who made suggestions about whether or not to change the definitions and I would really appreciate some decision making around these and how we are going to communicate that with the communities and individuals who made the submissions. Hope it goes well, and will catch up on the recording and join the call on 31st. Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Alice Jansen Sent: 17 August 2011 12:50 To: rt4-whois at icann.org Subject: [Rt4-whois] REMINDER - Call today @ 15:00 UTC Dear Review Team Members, Your next conference call is scheduled for: **Wednesday, 17 August 2011** 15:00 UTC Please check your local time at: http://timeanddate.com/worldclock/fixedtime.html?msg=WHOIS+Review+Team&iso=20110817T15 PASSWORD: 27318 followed by # Agenda: https://community.icann.org/display/whoisreview/Call+18+-+17+August+2011 Adobe room: http://icann.adobeconnect.com/whois-review/ Audio-cast (silent observers): http://stream.icann.org:8000/whois.m3u Dial-in numbers: Please find below a table which encapsulates dial-in numbers for your countries of residence. Should you be traveling, please refer to the full list which is available at: http://www.adigo.com/icann/ Australia 1 800 009 820 1 800 036 775 Sydney T +61 290372962 Melbourne T +61 399996500 Brisbane T +61 731777546 Austria L - 0 800 295 858 M - 0 800 295 138 T - +43 720 882 638 Belgium L - 0800 79210 M - 0800 79218 T - +32 78 480 286 Brazil L - 0800 891 1597 M - 0800 891 1598 T - +55 613 717 2040 Canada 1 800 550 6865 T - +1 213 233 3193 France 0800 90 25 56 T - +33 170618347 Germany L - 0800 1016 120 G - M 0800 1016 124 Russia 8 10 8002 535 3011 T - +7 499 650 7835 United Kingdom 0800 032 6646 T - +44 207 099 0867 United States 1 800 550 6865 T - +1 213 233 3193 T - local toll number ; M - mobile preferred number ; L - landline preferred number Please do not hesitate to contact me should you require a dial-out for this call. Thank you, Very best regards Alice Alice E. Jansen -------------------------- ICANN Assistant, Organizational & Affirmation Reviews alice.jansen at icann.org Direct Dial: +32.2.234.78.64 Mobile: +32.4.73.31.76.56 Office Fax: +32.2.234.78.48 Skype: alice_jansen_icann -------------------------- 6, Rond Point Schuman B-1040 Brussels, Belgium This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation's IT Helpdesk. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/450396c0/attachment.html From kathy at kathykleiman.com Wed Aug 17 14:01:57 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 17 Aug 2011 10:01:57 -0400 Subject: [Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL] In-Reply-To: <41F6C547EA49EC46B4EE1EB2BC2F34183769D9ACE5@EXVPMBX100-1.exc.icann.org> References: <636771A7F4383E408C57A0240B5F8D4A305FC62512@EMB01.dept.gov.au> <41F6C547EA49EC46B4EE1EB2BC2F34183769D9ACE5@EXVPMBX100-1.exc.icann.org> Message-ID: <4E4BC9D5.2010902@kathykleiman.com> There was also a situation with .NAME in which they negotiated a different Whois policy. I think it may have been upfront, as part of the contract, but I seem to recall discussions about ICANN's procedure for handling Whois conflicts with privacy law as part of the overall discussion. (Background: .NAME, which focused on personal email addresses based on last names, was based in the EU, and I believe in a Scandanavian country, and they consulted with their data protection commissioner from the start.) Best, Kathy > Dear Peter and all, > > Please note that there is one occasion where the procedure for > handling WHOIS conflicts with privacy law has been applied in > practice, relating to .TEL, see > http://www.icann.org/en/announcements/announcement-2-19oct07.htm > (announcement of Telnic's proposed change and opening of a public > comment period) and > http://www.icann.org/en/minutes/minutes-18dec07.htm (the Board minutes > with the decision on the matter). > > In this case, the procedure is invoked as a "draft Procedure", since > the .TEL matter was addressed before the procedure was formally in > force , see http://www.icann.org/en/processes/icann-procedure-17jan08.htm. > > Denise may have additional information to supply when the sun rises in > California-- I just wanted to provide this piece well before our call > today. > > Very best regards > > Olof > > *From:*rt4-whois-bounces at icann.org > [mailto:rt4-whois-bounces at icann.org] *On Behalf Of *Nettlefold, Peter > *Sent:* Wednesday, August 17, 2011 9:39 AM > *To:* rt4-whois at icann.org > *Cc:* Kathy Kleiman > *Subject:* [Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL] > > Hi all, > > Thanks to Lynn and Kathy for continuing our discussions on these > important issues. > > These were key issues I struggled with in drafting the > accessibility/privacy part of the gaps chapter, which I circulated > yesterday for comment. > > After reading the public submissions to our discussion paper, it seems > clear that some people are worried about the privacy implications of > WHOIS. It was raised by many respondents to our paper, and > acknowledged as a valid concern by many others. > > However, I don't see a compelling case for us to catalogue all > potential applicable privacy or data protection laws as a way to take > this forward. In practice, I think this would be very difficult, and > arguably of limited use. Even if every GAC member provided details of > every potentially applicable law, this would not cover every country, > and would only cover contributing countries at a set point in time. > Further, what would we do with this data? How would we reconcile the > inevitable differences? > > Arguably, any conflict with national law (whether it relates to > 'sensitive' information, or other personal information) is intended to > be addressed by ICANN's consensus procedure. The consensus procedure > was developed by the ICANN community to deal with specific conflicts > with national law. Whether and how it has been used may therefore > provide us some guidance about any actual conflicts and how they've > been handled. I see that Denise has undertaken to get back to us > shortly with an answer to this - thanks Denise! The answer to this may > provide useful insights into whether that particular procedure is > effective or needs modification to deal with specific legal > situations, and it could also clarify the potential extent of existing > legal conflicts. > > For the procedure to be effective, there is no need to catalogue > applicable laws in advance. Personally, I can't see any way to replace > this (or a similar) case-by-case procedure with a more prescriptive > universal mechanism based on a survey of applicable laws, nor any way > to anticipate all potential legal conflicts in advance. > > There is then the additional question of whether we're only interested > in situations where there is a conflict with a national law?If so, > then we need to consider whether there needs to be any additional > protections beyond the existing procedure. > > On balance, my position is that we should consider some way to > acknowledge the privacy concerns of individuals, including those that > may not be addressed by ICANN's existing consensus procedures and > policies. The problem is how to do this without facilitating the > unregulated and widely abused privacy/proxy situation that we now have. > > This is what I tried to address in the draft gaps chapter. The > proposed recommendations at the end of that chapter are intended to > provide a framework for a balanced, open and accountable privacy > regime, while acknowledging that much of the detail (such as what data > could be 'protected' or 'limited', and standardised processes for > release of that data when needed) would rightly be developed through > existing ICANN community (and cross community) processes. > > I look forward to further discussion on this as we move forward. > > Cheers, > > Peter > > *From:*rt4-whois-bounces at icann.org > > [mailto:rt4-whois-bounces at icann.org] > *On Behalf Of *Kathy Kleiman > *Sent:* Wednesday, 17 August 2011 2:30 PM > *To:* rt4-whois at icann.org ; > lynn at goodsecurityconsulting.com > *Subject:* Re: [Rt4-whois] Applicable laws > > Dear Lynn and All, > I wanted to say how much I appreciate Lynn posting the key regional > data protection frameworks to the group. I think they are very > important, and she and I have discussed the need for us to look at > them more closely in relation to the Whois data. I hope we can do this > soon! > > Regarding sensitive vs private data, I wanted to add my views as an > attorney who specializes in the area of data protection and privacy > since starting my telecommunications practice in 1993. While sensitive > data may focus on the areas of financial, birth, religion, health, and > let's add political affiliation and sexual orientation, that's not > where the story ends. > > Data protection and privacy laws certainly consider home address, home > phone number, and now cell phone data as "private" or "personal data." > Certainly telecommunications laws in the US, as one example, regularly > protect the right of a person to "opt-out" of sharing their home > address or home phone number in a public directory as a matter of > personal privacy. In fact, opt-out in directories was chosen by a > majority of Californians when last I researched it (and the state > protects privacy as part of its state constitution) because home > addresses and home phone numbers are considered very personal > information, and worthy of protection. > > These are the very elements that have been such an issue of > controversy within the ICANN arena. Over the last decade, as part of > the history of Whois within ICANN, at least four Data Protection > Commissioners and their senior staffs have warned ICANN about the > problems of this data, and its data protection implications. They are > very concerned with the elements now collected and published in the > Whois. I will gather their letters to ICANN and share them, as well as > notes of the speeches they have given. I would like to request that we > ask ICANN Staff to work with us on this important matter as well. > > Ultimately, I do not think this is a matter for us to decide on (which > may relieve everyone greatly). As many of you know, I have been > thinking about this issue a great deal. I will be submitting a > recommendation to our Team asking that GAC provide ICANN with clear > information about relevant applicable laws, including data protection > laws, and their guidance, based on these laws, as to the elements of > the Whois now published. I'll distribute this before our meeting tomorrow. > > All the best, > Kathy > > Since data privacy is an area of specialization for me, I would like > to offer a couple of > > comments on the dialogue about privacy laws. > > Although WHOIS data contains personal data, it does not have any data > elements that are > > considered to be "sensitive" in nature. The focus and priority of > data protection authorities throughout the world is on protection of > sensitive data such as financial account details, date of birth, > religious affiliations, medical conditions, etc. > > For global, multi-national organizations who need to develop and > maintain policies regarding the collection and use of personal data, > there are multi-lateral privacy frameworks and principles that have > been accepted and are well established including: > > 1) OECD Guidelines on the Protection of Privacy and Transborder Flows > > 2) UN Guidelines Concerning Computerized Personal Data Files > > 3) EU Directive 95/46/EC on the Protection of Individuals with Regard > to the Processing of Personsal Data and on the Free Movement of Such Data > > 4) APEC Privacy Framework > > Since ICANN is headquartered in the State of California and the United > States, I would note that California has an Office of Privacy > Protection. At the national level, the U.S. Federal Trade Commission > has been accepted as the equivalent of a Data Protection Authority. > > Hope these brief comments are helpful. > > Lynn > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- > > > > > *-------------------------------------------------------------------------------* > > The information transmitted is for the use of the intended recipient > only and may contain confidential and/or legally privileged material. > Any review, re-transmission, disclosure, dissemination or other use > of, or taking of any action in reliance upon, this information by > persons or entities other than the intended recipient is prohibited > and may result in severe penalties. > > If you have received this e-mail in error please notify the Security > Advisor of the Department of Broadband, Communications and the Digital > Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and > delete all copies of this transmission together with any attachments. > > Please consider the environment before printing this email. > > > *-------------------------------------------------------------------------------* > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/f0d3fde5/attachment.html From kathy at kathykleiman.com Wed Aug 17 14:17:36 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 17 Aug 2011 10:17:36 -0400 Subject: [Rt4-whois] WHOIS subteam meeting with the ICANN compliance team.docx In-Reply-To: References: Message-ID: <4E4BCD80.2040605@kathykleiman.com> Hi Susan, Thanks for the great summary, and thanks to you, Bill and James, as well as ICANN Staff, for such a comprehensive in-person meeting. Truly appreciate your taking the time to have such a fruitful meeting. I found the recommendations section particularly interesting: "Recommendations Bill Smith -- Create a rating system so that it is easy to see what registrars are compliant but adjust scale for volume. James -- Standardize WHOIS output, control volume of WHOIS access to prevent mining Susan -- Compliance team should meet with registrants and explain how and what should be reported to them. Discussed hosting a meeting at FB with local businesses." Great! Should we add these recommendations right now to our evaluation list, or wait for further drafting? Do you think any other recommendations will emerge? Best, Kathy Hello All, > > Attached is a summary of the subteam's meeting with the ICANN > compliance team. Text in blue is taken from the ICANN website. > > Bill and James were not able to weigh in so this is completely my view > of the meeting. > > Susan > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/9b29c0c4/attachment.html From kathy at kathykleiman.com Wed Aug 17 14:34:44 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 17 Aug 2011 10:34:44 -0400 Subject: [Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A305FC62512@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A305FC62512@EMB01.dept.gov.au> Message-ID: <4E4BD184.3030408@kathykleiman.com> But Peter, Isn't the question of laws the very essence of what the GAC should be advising ICANN on? The Affirmation of Commitments sets out a very clear guideline: and requires our (WRT) evaluation "subject to Applicable Laws." It is a key important definitional question; it is a key important legal one. We have addressed the first, but not the second in detail. It is key that the ICANN community grow to understand the key laws that fit under Applicable Law. It's not just a "we've been contacted by law enforcement and need to change our Whois policy" (the "after-the-fact" discussion which is what the narrow current procedure requires) -- but a proactive, upfront approach that allows registrars and registries to operate within the bounds of their laws from the start and seems entirely consistent with the wording of the Affirmation of Commitments. If GAC can't provide guidance on these key legal issues, who can? Best, Kathy Peter wrote: < > Arguably, any conflict with national law (whether it relates to > 'sensitive' information, or other personal information) is intended to > be addressed by ICANN's consensus procedure. Theconsensus procedurewas > developed by the ICANN community to deal with specificconflicts with > national law. Whether and how it has been used may therefore provide > us some guidance about any actual conflicts and how they've been > handled. I see that Denise has undertaken to get back to us shortly > with an answer to this - thanks Denise! Theanswerto this mayprovide > useful insights into whether that particular procedure is effective or > needs modificationto deal with specific legal situations, and it could > also clarify the potential extent of existing legal conflicts. > > For the procedure to be effective, there is no need to catalogue > applicable laws in advance. Personally, I can't see any way to replace > this (or a similar) case-by-case procedurewith a more > prescriptiveuniversal mechanismbased on a survey of applicable > laws,nor any way to anticipate all potential legal conflicts in advance. > > There is then the additional question of whether we're only interested > in situations where there is a conflict with a national law?If so, > then we need to consider whether there needs to be any additional > protections beyond the existing procedure. > > On balance, my position is that we should considersome way to > acknowledge the privacy concernsof individuals, including those that > may not be addressed by ICANN's existing consensus procedures and > policies. The problem is how to do this without facilitating the > unregulated and widely abused privacy/proxy situation that we now have. > > This is what I tried to address in the draft gaps chapter. The > proposed recommendations at the end of that chapter are intended to > provide a framework for a balanced, open and accountable privacy > regime, while acknowledging that much of the detail (such as what data > could be 'protected' or 'limited', and standardised processes for > release of that data when needed) would rightly be developed through > existing ICANN community (and cross community) processes. > > I look forward to further discussion on this as we move forward. > > Cheers, > > Peter > > *From:*rt4-whois-bounces at icann.org > [mailto:rt4-whois-bounces at icann.org] *On Behalf Of *Kathy Kleiman > *Sent:* Wednesday, 17 August 2011 2:30 PM > *To:* rt4-whois at icann.org; lynn at goodsecurityconsulting.com > *Subject:* Re: [Rt4-whois] Applicable laws > > Dear Lynn and All, > I wanted to say how much I appreciate Lynn posting the key regional > data protection frameworks to the group. I think they are very > important, and she and I have discussed the need for us to look at > them more closely in relation to the Whois data. I hope we can do this > soon! > > Regarding sensitive vs private data, I wanted to add my views as an > attorney who specializes in the area of data protection and privacy > since starting my telecommunications practice in 1993. While sensitive > data may focus on the areas of financial, birth, religion, health, and > let's add political affiliation and sexual orientation, that's not > where the story ends. > > Data protection and privacy laws certainly consider home address, home > phone number, and now cell phone data as "private" or "personal data." > Certainly telecommunications laws in the US, as one example, regularly > protect the right of a person to "opt-out" of sharing their home > address or home phone number in a public directory as a matter of > personal privacy. In fact, opt-out in directories was chosen by a > majority of Californians when last I researched it (and the state > protects privacy as part of its state constitution) because home > addresses and home phone numbers are considered very personal > information, and worthy of protection. > > These are the very elements that have been such an issue of > controversy within the ICANN arena. Over the last decade, as part of > the history of Whois within ICANN, at least four Data Protection > Commissioners and their senior staffs have warned ICANN about the > problems of this data, and its data protection implications. They are > very concerned with the elements now collected and published in the > Whois. I will gather their letters to ICANN and share them, as well as > notes of the speeches they have given. I would like to request that we > ask ICANN Staff to work with us on this important matter as well. > > Ultimately, I do not think this is a matter for us to decide on (which > may relieve everyone greatly). As many of you know, I have been > thinking about this issue a great deal. I will be submitting a > recommendation to our Team asking that GAC provide ICANN with clear > information about relevant applicable laws, including data protection > laws, and their guidance, based on these laws, as to the elements of > the Whois now published. I'll distribute this before our meeting tomorrow. > > All the best, > Kathy > > Since data privacy is an area of specialization for me, I would like > to offer a couple of > > comments on the dialogue about privacy laws. > > Although WHOIS data contains personal data, it does not have any data > elements that are > > considered to be "sensitive" in nature. The focus and priority of > data protection authorities throughout the world is on protection of > sensitive data such as financial account details, date of birth, > religious affiliations, medical conditions, etc. > > For global, multi-national organizations who need to develop and > maintain policies regarding the collection and use of personal data, > there are multi-lateral privacy frameworks and principles that have > been accepted and are well established including: > > 1) OECD Guidelines on the Protection of Privacy and Transborder Flows > > 2) UN Guidelines Concerning Computerized Personal Data Files > > 3) EU Directive 95/46/EC on the Protection of Individuals with Regard > to the Processing of Personsal Data and on the Free Movement of Such Data > > 4) APEC Privacy Framework > > Since ICANN is headquartered in the State of California and the United > States, I would note that California has an Office of Privacy > Protection. At the national level, the U.S. Federal Trade Commission > has been accepted as the equivalent of a Data Protection Authority. > > Hope these brief comments are helpful. > > Lynn > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- > > > > > *-------------------------------------------------------------------------------* > > The information transmitted is for the use of the intended recipient > only and may contain confidential and/or legally privileged material. > Any review, re-transmission, disclosure, dissemination or other use > of, or taking of any action in reliance upon, this information by > persons or entities other than the intended recipient is prohibited > and may result in severe penalties. > > > If you have received this e-mail in error please notify the Security > Advisor of the Department of Broadband, Communications and the Digital > Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and > delete all copies of this transmission together with any attachments. > > > Please consider the environment before printing this email. > > > *-------------------------------------------------------------------------------* > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/2a6b502f/attachment.html From kathy at kathykleiman.com Wed Aug 17 14:47:13 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 17 Aug 2011 10:47:13 -0400 Subject: [Rt4-whois] Additional recommendation Message-ID: <4E4BD471.4070600@kathykleiman.com> Hi All, As our discussion evolve, key recommendations are continuing to emerge. I look forward to the ones the Compliance subteam will be sharing (important ones!) and wish to add this one... Additional recommendation: Per the requirement of the Affirmation of Commitments that "ICANN additionally commits to enforcing its existing policy relating to WHOIS, subject to applicable laws," the GAC is requested to provide, within a six month period, a list of key Applicable Laws. These laws will provide guidance and understanding for the ICANN and the Community as they work to meet the obligations of the Affirmation of Commitments. As guidance, the Whois Review Team shares its definition of Applicable Laws, developed in conjunction with the ICANN Community through an open process. Best, Kathy From emily at emilytaylor.eu Wed Aug 17 14:54:11 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 17 Aug 2011 15:54:11 +0100 Subject: [Rt4-whois] Additional recommendation In-Reply-To: <4E4BD471.4070600@kathykleiman.com> References: <4E4BD471.4070600@kathykleiman.com> Message-ID: Hi Kathy I've been following the discussions on applicable laws, and particularly the exchanges between you and Peter. I think you both agree in principle (applicable laws = relevant, GAC = a good stakeholder to consider this), but disagree on how to achieve the objectives. Peter is unconvinced that a list of laws will be useful; he says that it won't be global, because the GAC membership isn't; and it's not clear how such a list would be kept up to date etc. You think a list would be helpful, and that the GAC is the obvious place to compile such a list. Have I got your positions correct? If so, can you help Peter by explaining why a list (comprehensive or not) would be better than the current system, which I believe is that people can invoke applicable laws on a case-by-case basis? Kind regards Emily On 17 August 2011 15:47, Kathy Kleiman wrote: > Hi All, > As our discussion evolve, key recommendations are continuing to emerge. > I look forward to the ones the Compliance subteam will be sharing > (important ones!) and wish to add this one... > > Additional recommendation: > > Per the requirement of the Affirmation of Commitments that "ICANN > additionally commits to enforcing its existing policy relating to WHOIS, > subject to applicable laws," the GAC is requested to provide, within a > six month period, a list of key Applicable Laws. These laws will provide > guidance and understanding for the ICANN and the Community as they work > to meet the obligations of the Affirmation of Commitments. As guidance, > the Whois Review Team shares its definition of Applicable Laws, > developed in conjunction with the ICANN Community through an open process. > > Best, > Kathy > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/242df61b/attachment.html From alice.jansen at icann.org Wed Aug 17 15:00:40 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 17 Aug 2011 08:00:40 -0700 Subject: [Rt4-whois] Adobe connect Message-ID: Please join Adobe http://icann.adobeconnect.com/whois-review/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/2a932148/attachment.html From bill.smith at paypal-inc.com Wed Aug 17 15:02:03 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 17 Aug 2011 09:02:03 -0600 Subject: [Rt4-whois] Applicable laws [SEC=UNOFFICIAL] In-Reply-To: <4E4BD184.3030408@kathykleiman.com> References: <636771A7F4383E408C57A0240B5F8D4A305FC62512@EMB01.dept.gov.au> <4E4BD184.3030408@kathykleiman.com> Message-ID: <66431ADC-0E92-47AD-8E6B-45114A286D8C@paypal.com> I think the point Peter is making, and I concur, is that it is impossible to exhaustively list "all" applicable laws. As a thought exercise, while we *might* be able to do it at any point in time, consider that laws change and what was applicable today may not be applicable tomorrow, or vice versa. Additionally, "the law" is not just what is written, but how that writing is interpreted over time. Interpretation is subject to change and consequently so is "the law". IMO, applicable law is grey, not black and white. I'm comfortable with the ambiguity, both the fact and necessity of it. On Aug 17, 2011, at 7:34 AM, Kathy Kleiman wrote: But Peter, Isn't the question of laws the very essence of what the GAC should be advising ICANN on? The Affirmation of Commitments sets out a very clear guideline: and requires our (WRT) evaluation "subject to Applicable Laws." It is a key important definitional question; it is a key important legal one. We have addressed the first, but not the second in detail. It is key that the ICANN community grow to understand the key laws that fit under Applicable Law. It's not just a "we've been contacted by law enforcement and need to change our Whois policy" (the "after-the-fact" discussion which is what the narrow current procedure requires) -- but a proactive, upfront approach that allows registrars and registries to operate within the bounds of their laws from the start and seems entirely consistent with the wording of the Affirmation of Commitments. If GAC can't provide guidance on these key legal issues, who can? Best, Kathy Peter wrote: < [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, 17 August 2011 2:30 PM To: rt4-whois at icann.org; lynn at goodsecurityconsulting.com Subject: Re: [Rt4-whois] Applicable laws Dear Lynn and All, I wanted to say how much I appreciate Lynn posting the key regional data protection frameworks to the group. I think they are very important, and she and I have discussed the need for us to look at them more closely in relation to the Whois data. I hope we can do this soon! Regarding sensitive vs private data, I wanted to add my views as an attorney who specializes in the area of data protection and privacy since starting my telecommunications practice in 1993. While sensitive data may focus on the areas of financial, birth, religion, health, and let's add political affiliation and sexual orientation, that's not where the story ends. Data protection and privacy laws certainly consider home address, home phone number, and now cell phone data as "private" or "personal data." Certainly telecommunications laws in the US, as one example, regularly protect the right of a person to "opt-out" of sharing their home address or home phone number in a public directory as a matter of personal privacy. In fact, opt-out in directories was chosen by a majority of Californians when last I researched it (and the state protects privacy as part of its state constitution) because home addresses and home phone numbers are considered very personal information, and worthy of protection. These are the very elements that have been such an issue of controversy within the ICANN arena. Over the last decade, as part of the history of Whois within ICANN, at least four Data Protection Commissioners and their senior staffs have warned ICANN about the problems of this data, and its data protection implications. They are very concerned with the elements now collected and published in the Whois. I will gather their letters to ICANN and share them, as well as notes of the speeches they have given. I would like to request that we ask ICANN Staff to work with us on this important matter as well. Ultimately, I do not think this is a matter for us to decide on (which may relieve everyone greatly). As many of you know, I have been thinking about this issue a great deal. I will be submitting a recommendation to our Team asking that GAC provide ICANN with clear information about relevant applicable laws, including data protection laws, and their guidance, based on these laws, as to the elements of the Whois now published. I'll distribute this before our meeting tomorrow. All the best, Kathy Since data privacy is an area of specialization for me, I would like to offer a couple of comments on the dialogue about privacy laws. Although WHOIS data contains personal data, it does not have any data elements that are considered to be "sensitive" in nature. The focus and priority of data protection authorities throughout the world is on protection of sensitive data such as financial account details, date of birth, religious affiliations, medical conditions, etc. For global, multi-national organizations who need to develop and maintain policies regarding the collection and use of personal data, there are multi-lateral privacy frameworks and principles that have been accepted and are well established including: 1) OECD Guidelines on the Protection of Privacy and Transborder Flows 2) UN Guidelines Concerning Computerized Personal Data Files 3) EU Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personsal Data and on the Free Movement of Such Data 4) APEC Privacy Framework Since ICANN is headquartered in the State of California and the United States, I would note that California has an Office of Privacy Protection. At the national level, the U.S. Federal Trade Commission has been accepted as the equivalent of a Data Protection Authority. Hope these brief comments are helpful. Lynn _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From omar at kaminski.adv.br Wed Aug 17 15:43:25 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Wed, 17 Aug 2011 12:43:25 -0300 Subject: [Rt4-whois] Applicable laws In-Reply-To: <4E4B43DF.1080000@kathykleiman.com> References: <20110816163929.00ef555ff13978e3e1b8d2179880f99e.5a54ff5f88.wbe@email12.secureserver.net> <4E4B43DF.1080000@kathykleiman.com> Message-ID: Dear Kathy, Lynn, Bill, all, And data protection leads to... consumer trust. These very data is the same required - or to be put or kept in public (or not) in the very core of Whois, at least under the surface. Consumer (usually local) and data protection - and even data retention laws, and which cases could be disclosured specially under proxies "protection". Please remember a gTLD registrant or registrar could be hosted and sold anywhere - for example if one of our ISPs sells gtlds (and of course they do), they would be mutually responsible by brazilian laws even for the lack of accuracy. So I agree with Bill's last email, it's impossible to have all the laws attended, even not doing anything we could comply to a law. Should we try to focus on the big picture? My quick 2 cents. Omar 2011/8/17 Kathy Kleiman : > Dear Lynn and All, > I wanted to say how much I appreciate Lynn posting the key regional data > protection frameworks to the group. I think they are very important, and she > and I have discussed the need for us to look at them more closely in > relation to the Whois data. I hope we can do this soon! > > Regarding sensitive vs private data, I wanted to add my views as an attorney > who specializes in the area of data protection and privacy since starting my > telecommunications practice in 1993. While sensitive data may focus on the > areas of financial, birth, religion, health, and let's add political > affiliation and sexual orientation, that's not where the story ends. > > Data protection and privacy laws certainly consider home address, home phone > number, and now cell phone data as "private" or "personal data." Certainly > telecommunications laws in the US, as one example, regularly protect the > right of a person to "opt-out" of sharing their home address or home phone > number in a public directory as a matter of personal privacy.? In fact, > opt-out in directories was chosen by a majority of Californians when last I > researched it (and the state protects privacy as part of its state > constitution) because home addresses and home phone numbers are considered > very personal information, and worthy of protection. > > These are the very elements that have been such an issue of controversy > within the ICANN arena. Over the last decade, as part of the history of > Whois within ICANN, at least four Data Protection Commissioners and their > senior staffs have warned ICANN about the problems of this data, and its > data protection implications. They are very concerned with the elements now > collected and published in the Whois. I will gather their letters to ICANN > and share them, as well as notes of the speeches they have given. I would > like to request that we ask ICANN Staff to work with us on this important > matter as well. > > Ultimately, I do not think this is a matter for us to decide on (which may > relieve everyone greatly). As many of you know, I have been thinking about > this issue a great deal. I will be submitting a recommendation to our Team > asking that GAC provide ICANN with clear information about relevant > applicable laws, including data protection laws, and their guidance, based > on these laws, as to the elements of the Whois now published. I'll > distribute this before our meeting tomorrow. > > All the best, > Kathy > > Since data privacy is an area of specialization for me, I would like to > offer a couple of > > comments on the dialogue about privacy laws. > Although WHOIS data contains personal data, it does not have any data > elements that are > considered to be "sensitive" in nature. ?The focus and priority of data > protection authorities throughout the world is on?protection of sensitive > data such as financial account details, date of birth, religious > affiliations, medical conditions, etc. > For global, multi-national organizations who need to develop and maintain > policies regarding the collection and use of personal data, there are > multi-lateral privacy frameworks and principles that have been accepted and > are well established including: > 1) OECD Guidelines on the Protection of Privacy and Transborder Flows > 2) UN Guidelines Concerning Computerized Personal Data Files > 3) EU Directive 95/46/EC on the Protection of Individuals with Regard to the > Processing of Personsal Data and on the Free Movement of Such Data > 4) APEC Privacy Framework > Since ICANN is headquartered in the State of California and the United > States, I would note that California has an Office of Privacy Protection. > ?At the national level, the U.S. Federal Trade Commission has been accepted > as the equivalent of a Data Protection Authority. > Hope these brief comments are helpful. > Lynn > > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > From denise.michel at icann.org Wed Aug 17 16:00:42 2011 From: denise.michel at icann.org (Denise Michel) Date: Wed, 17 Aug 2011 09:00:42 -0700 Subject: [Rt4-whois] ICANN Procedure For Handling WHOIS Conflicts with Privacy Law Message-ID: Dear Team members: Only one registry thus far has used the current procedure, which is detailed at : Telnic. Board approval of Telnic's request can be found at: http://www.icann.org/en/minutes/prelim-report-18dec07.htm Additional information on Telnic's proposal can be found at: http://www.icann.org/en/registries/rsep/ As an aside -- Whois changes due to conflict with privacy laws were made by .NAME prior to the creation of the ICANN procedure. Additionally, there has been informal discussion about another registry preparing a request, and we'll let you know if/when this is filed. Regards. Denise Denise Michel ICANN Advisor to the President & CEO denise.michel at icann.org +1.408.429.3072 mobile +1.310.578.8632 direct -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/3dfe24a4/attachment.html From alice.jansen at icann.org Wed Aug 17 16:08:21 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 17 Aug 2011 09:08:21 -0700 Subject: [Rt4-whois] Adobe Connect - Note Pod Content - Call 17 Aug In-Reply-To: <7922862.10267.1313596899858.JavaMail.breezesvc@pacna7app04> Message-ID: Dear Review Team Members, For your convenience, please find enclosed the note pod content of your call held on 17 August. Kindly note that these are draft notes and that Staff will create a preliminary report. Thanks, Kind regards Alice AGENDA 1. Preliminary report: 3 August for approval 2. Request for Proposals: Verify references of bidder 3. Assignments: Update on progress made to date 4. Marina del Rey Meeting: Structure of the meeting, agenda, preparations in anticipation of the meeting 5. Recommendations: Tease out recommendations from public comments, Singapore material etc 6. Dakar: schedule, desiderata 7. A.O.B PARTICIPANTS: Sarmad, Olof, Emily, Wilfried, James, Lynn, Kim, Michael, Omar, Kathy, Bill, Susan, Denise, Sharon APOLOGIES : Peter, Sharon NOTES 1) Agenda & Prel report adopted 2) RfP LG - Staff contacted references (please refer to email circulated to individual addresses). Enquiries about timeline and contract provisions. (ON) ICANN will try to expedite this as soon as decision made. (DN) is coordinating with legal department. (KK) consumer trust material - how much can put out to community now in MdR draft. (LG) need to make sure that reach out belong the ICANN community. Concerns about timelime. should set a deadline. Decision: contract by Tues 23 Aug - report delivered before MdR meeting if possible. Draft of consumer trust chapter to be circulated soon. (KVA) volunteers to help (LG) with consumer trust task 3) Chapters (ET) encouraged Members to dive into a detailed analysis of chapters (MY) consensus?- change wording - substantial wording Comments should be submitted by 31 August 4) MdR meeting Proposals on how should allocate time during MdR meeting - (KK) draft final report by time leave MdR - (KK) - (ET) - (AJ) to coordinate (dinner etc). All the sections should be ready by the MdR meeting 5) Dakar Leave the schedule as it is and refine in due date - constituency as a whole. 6) A.O.B - (ET) to update SoI - law firm - will provide full details. (SL) thanks Members for providing comments on definitions. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/efab52ba/attachment.html From alice.jansen at icann.org Fri Aug 19 12:24:03 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Fri, 19 Aug 2011 05:24:03 -0700 Subject: [Rt4-whois] Chapters on private wiki Message-ID: Dear Review Team Members, Chapters submitted to date are available on the private wiki for your convenience: https://community.icann.org/display/whoisreviewprivate/Chapters Please be kindly reminded that comments on chapters should be submitted by 31 August (cf: conference call held on 17 August). Thank you, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/01452ac0/attachment.html From olof.nordling at icann.org Fri Aug 19 15:51:32 2011 From: olof.nordling at icann.org (Olof Nordling) Date: Fri, 19 Aug 2011 08:51:32 -0700 Subject: [Rt4-whois] Draft User Insight contract Message-ID: <41F6C547EA49EC46B4EE1EB2BC2F34183769D9B02F@EXVPMBX100-1.exc.icann.org> Emily, Kathy, Lynn, all, Please find attached the draft contract for User Insight, Inc., in ICANN format. It was sent as draft today to the company for their review and approval, while highlighting that a contract should be agreed upon by Tuesday 23 August. Now, please note that we need your scrutiny and approval as well! In the draft contract, please note in particular: - they report to the Chair and Vice-Chair (in line with how it was done for ATRT's Berkman contract) - the start date is set to 23 August and the finish date as 30 September based on their 5 weeks plan, but I have highlighted that the finish date is a placeholder and that preferred delivery date is 19 September, urging them to carefully consider if that's doable. - as you have seen in their proposal already, they require appointment of an "executive sponsor" and a "project sponsor" from your side - probably worthwhile to consider right away. Looking forward to any questions, comments or edits from you on this. Very best regards Olof -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/9b9eae1e/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: User-Insight-Agreement.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 295922 bytes Desc: User-Insight-Agreement.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/9b9eae1e/User-Insight-Agreement.docx From emily at emilytaylor.eu Fri Aug 19 16:02:11 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Fri, 19 Aug 2011 17:02:11 +0100 Subject: [Rt4-whois] Draft User Insight contract In-Reply-To: <41F6C547EA49EC46B4EE1EB2BC2F34183769D9B02F@EXVPMBX100-1.exc.icann.org> References: <41F6C547EA49EC46B4EE1EB2BC2F34183769D9B02F@EXVPMBX100-1.exc.icann.org> Message-ID: Hi Olof Thank you for turning this draft contract around so promptly. I am extremely impressed, as ever. Lynn - I'll leave it to you to review the exhibits. The draft terms look fine to me - albeit it does read a little like the sort of pre-nuptial agreement Henry VIII would have written! Anyway, let's press on. I'm happy for them to report to myself and Kathy, but would like Lynn to be nominated as the project manager - ie day to day contact (I'm not sure if that's project sponsor, I think it is). Olof, thanks for pushing the preferred delivery date of 19 September. Kathy, Lynn if you have any comments on the contract, please would you send them in TODAY, so that we can keep the momentum flowing. Kind regards, and thanks again. Emily On 19 August 2011 16:51, Olof Nordling wrote: > Emily, Kathy, Lynn, all,**** > > Please find attached the draft contract for User Insight, Inc., in ICANN > format. It was sent as draft today to the company for their review and > approval, while highlighting that a contract should be agreed upon by > Tuesday 23 August.**** > > ** ** > > Now, please note that we need your scrutiny and approval as well!**** > > ** ** > > In the draft contract, please note in particular:**** > > **- **they report to the Chair and Vice-Chair (in line with how > it was done for ATRT?s Berkman contract)**** > > **- **the start date is set to 23 August and the finish date as > 30 September based on their 5 weeks plan, but I have highlighted that the > finish date is a placeholder and that preferred delivery date is 19 > September, urging them to carefully consider if that?s doable.**** > > **- **as you have seen in their proposal already, they require > appointment of an ?executive sponsor? and a ?project sponsor? from your side > ? probably worthwhile to consider right away.**** > > ** ** > > Looking forward to any questions, comments or edits from you on this.**** > > ** ** > > Very best regards**** > > ** ** > > Olof**** > > ** ** > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/24e07c05/attachment.html From denise.michel at icann.org Fri Aug 19 16:50:55 2011 From: denise.michel at icann.org (Denise Michel) Date: Fri, 19 Aug 2011 09:50:55 -0700 Subject: [Rt4-whois] Answers from ICANN Staff to Whois Compliance Questions Message-ID: Dear Review Team members, Attached are the responses from ICANN Staff to the Review Team's questions regarding Whois compliance. This will be posted on the Team's wiki. Please let me know if you need anything further. Regards, Denise Denise Michel ICANN Advisor to the President & CEO denise.michel at icann.org +1.408.429.3072 mobile +1.310.578.8632 direct -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/2e8b4183/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS POLICY REVIEW TEAM QUESTIONS FOR ICANN STAFF ABOUT WHOIS COMPLIANCE.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 298912 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/2e8b4183/WHOISPOLICYREVIEWTEAMQUESTIONSFORICANNSTAFFABOUTWHOISCOMPLIANCE.docx From lynn at goodsecurityconsulting.com Fri Aug 19 17:39:11 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Fri, 19 Aug 2011 10:39:11 -0700 Subject: [Rt4-whois] Draft User Insight contract Message-ID: <20110819103911.00ef555ff13978e3e1b8d2179880f99e.11e980dc75.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/096be9e2/attachment.html From jbladel at godaddy.com Sat Aug 20 00:03:16 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Fri, 19 Aug 2011 17:03:16 -0700 Subject: [Rt4-whois] =?utf-8?q?Report_input_-_privacy/proxy_=27gaps=27_=5B?= =?utf-8?q?SEC=3DUNCLASSIFIED=5D?= Message-ID: <20110819170316.9c1b16d3983f34082b49b9baf8cec04a.6eebbb4fd7.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110819/6c44ef72/attachment.html