NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Nicolas Adam <[log in to unmask]>
Reply To:
Nicolas Adam <[log in to unmask]>
Date:
Sat, 21 Jan 2012 21:49:32 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (115 lines)
Very sharp cursory look. I also think those points need be raised.

Nicolas

On 1/21/2012 12:33 PM, Timothe Litt wrote:
> I had a cursory look at the supporting documents for this.
> (http://www.icann.org/en/registries/rsep/puntcat-cat-request-05oct11-en.pdf)
>
> In general, I think that the request moves practice in the right direction.
>
> However, I am somewhat concerned by the following language:
>
> "Law enforcement and trademark protection representatives will be granted
> full access to
> puntCAT database. An IP white list will be established to provide full
> access to gather all
> data associated with any concrete domain name."
>
> ("IP" clearly means "IP address" if you read the whole document.)
>
> A) What is a "trademark protection representative", and why are they granted
> equal access to the privacy-protected data of natural persons as law
> enforcement?
>
> B) Why can't they use the webform proxy for contacting the domain owner, or
> present a case to law enforcement for access if the owner is unresponsive?
>
> C) It also seems that both have the ability to troll thru the database at
> will for any purpose, without cause, judicial review or documenting when and
> why private information is accessed.
>
> D) Note that this ability is based on IP address - not an X.509 certificate,
> password or any other user-specific security mechanism.  Hence is is
> susceptible to IP spoofing, and access is not traceable to the individual
> accessing the data.  This makes it difficult (impossible?) to hold anyone
> accountable for misuse of these privileges.
>
> E) Also, disclosure is described as "opt-in (default option)" - as the
> following language in the document makes clear, privacy is not the default
> and must be requested.  This is not consistent with maximizing privacy, and
> potentially introduces race conditions if establishing the privacy option is
> not atomic with registering a domain.  For natural persons, privacy should
> be the default.
>
> Thus, although this is a positive step in the direction of protecting the
> privacy of natural persons, there is room for improvement.
>
> I leave to those more experienced in the politics of ICANN the political
> question of whether to take what's on offer now and fight the next battle
> later, or to raise these points in our comment on the current request.
>
>
> Timothe Litt
> ACM Distinguished Engineer
> ---------------------------------------------------------
> This communication may not represent the ACM or my employer's views,
> if any, on the matters discussed.
>
> -----Original Message-----
> From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of Wendy
> Seltzer
> Sent: Saturday, January 21, 2012 11:50
> To: [log in to unmask]
> Subject: Re: [NCSG-Discuss] .CAT WHOIS Proposed Changes - call for public
> comments
>
> .CAT proposes to revise its Registry agreement to support withholding of
> some WHOIS data by individuals who opt out. It will not offer this opt-out
> to legal persons.
>
> I propose that NCSG support this amendment, with a simple: "NCSG supports
> the availability of WHOIS privacy options for natural persons.
> Accordingly, we support puntCAT's proposed amendment."
>
> --Wendy
>
> -------- Original Message --------
> Subject: [council] .CAT WHOIS Proposed Changes - call for public comments
> Date: Fri, 20 Jan 2012 14:08:05 -0800
> From: Glen de Saint Géry<[log in to unmask]>
> To: [log in to unmask]<[log in to unmask]>
>
> http://www.icann.org/en/announcements/announcement-20jan12-en.htm
> .CAT WHOIS Proposed Changes
>
> Forum Announcement: Comment Period Opens on Date: 20 January2012
>
> Categories/Tags: Contracted Party Agreements
>
> Purpose (Brief):
>
> ICANN is opening today the public comment period for the Fundacio puntCAT's,
> request to change its Whois according to EU data protection legislation. The
> public comment period will be closed on 3 March 2012.
>
> The .cat registry, submitted a Registry Service Evaluation Process
> (RSEP) on August 2011.
>
> At this time, ICANN has conducted a preliminary review in accordance with
> the Registry Services Evaluation Policy and process set forth at
> http://www.icann.org/registries/rsep/rsep.html. ICANN's preliminary review
> (based on the information provided) did not identify any significant
> competition, security, or stability issues.
>
> The implementation of the request requires an amendment to the .cat Registry
> Agreement signed 23 September 2005. This public forum requests comments
> regarding the proposed amendment.
> Public Comment Box Link:
> http://www.icann.org/en/public-comment/cat-whois-changes-18jan12-en.htm
>
> Glen de Saint Géry
> GNSO Secretariat
> [log in to unmask]<mailto:[log in to unmask]>
> http://gnso.icann.org

ATOM RSS1 RSS2