I think this is very well drafted, and makes a convincing case. Well done.
On Fri, Jan 26, 2018 at 10:00 PM, Mueller, Milton L <[log in to unmask]> wrote:
> I offer the following as a first draft of the NCSG position on the 12
> January 2018 call for comments released by ICANN org.
>
>
>
> Principles
>
> Our evaluation of the models offered by ICANN are based on three fundamental
> principles. No model that fails to conform to all three is acceptable to the
> NCSG.
>
>
>
> 1. The purpose of whois must be strictly tied to ICANN's mission. That is,
> the data that is collected and the data that are published must directly and
> demonstrably contribute to ICANN's mission as defined in Article 1 of its
> new bylaws. We reject any definition of Whois purpose that is based on the
> way people happen to make use of data that can be accessed indiscriminately
> in a public directory. The fact that certain people currently use Whois for
> any purpose does not mean that the purpose of Whois is to provide thick data
> about the domain and its registrant to anyone who wants it for any reason.
>
>
>
> 2. Whois service, like the DNS itself, should be globally uniform and not
> vary by jurisdiction. ICANN was created to provide globalized governance of
> the DNS so that it would continue to be globally compatible and coordinated.
> Any solution that involves fragmenting the policies and practices of Whois
> along jurisdictional lines is not desirable.
>
>
>
> 3. No tiered access solution that involves establishing new criteria for
> access can feasibly be created in the next 3 months. We would strongly
> resist throwing the community into a hopeless rush to come up with entirely
> new policies, standards and practices involving tiered access to data, and
> we do not want ICANN staff to invent a policy that is not subject to
> community review and approval.
>
>
>
> Based on these three principles, we believe that Model 3 is the only viable
> option available. Model 3 minimizes the data publicly displayed to that
> which is required for maintaining the stability, security and resiliency of
> the DNS. Model 3 could be applied across the board, and would be
> presumptively legal regardless of which jurisdiction the registrar, registry
> or registrant are in. And Model 3 relies on established legal due process
> for gaining access to additional information.
>
>
>
> There is room for discussion about how much data could be publicly displayed
> under Model 3 consistent with ICANN's mission. E.g., it may be within
> ICANN's mission to include additional data in the public record, such as an
> email address for the technical contact and even possibly the name of the
> registrant.
>
>
>
> The process of gaining access to additional data in Model 1 is completely
> unacceptable. Self-certification by any third party requestor is, we
> believe, not compliant with GDPR nor does is such access justified by the
> purpose of Whois or ICANN's mission.
>
>
>
> Model 2 might possibly be acceptable if an suitable set of criteria and
> processes were devised, but it simply is not feasible for such a
> certification program to be developed in 3 months. A certification program
> thrown together in a rush poses huge risks for loopholes, poor procedures,
> and a legal challenge to ICANN, either from DPAs or from individuals
> affected.
>
>
>
> Dr. Milton L. Mueller
>
> Professor, School of Public Policy
>
> Georgia Institute of Technology
>
>
>
>
|