Thanks Tamir, much appreciated that you took the time to read it!  I am 
far too close to the document, need someone with new and neutral eyes to 
do the reality check.
I would not want to write off these mechanisms as useless....it is just 
they are not a match for some of the other mandatory requirements, and 
they are, as I put in the comments, the caboose at the end of the 
train.  Need to have the privacy policy first....
Cheers Steph
On 14-06-09 4:03 PM, Tamir Israel wrote:
> FWIW, it seems to me on a quick read that your concerns are on point, 
> Steph.
>
> First, you flag that while one of the core objectives of this RDS was 
> to provide some privacy over WHOIS, most individuals will not be able 
> to shield their identity from the general public. Registrant name and 
> address (but not email address) are 'gated' and hence not available to 
> the general public. But, as you say in your note, all registrants are 
> obligated to provide legal contact info which will be publicly 
> available. This is evident in Annex E and also in footnote 39. While 
> many big companies may use legal counsel or other proxies to register, 
> most individuals and even small businesses will need to use their own 
> name and contact info, thereby defeating the purpose of permitting 
> their contact info to remain 'gated'. So the end result is that more 
> data elements are collected and centralized, without the anticipated 
> /pro quo/ of having less information 'gated' or 'publicly available'.
>
> Second, you flag that the RDS' very ambitious data protection project 
> is problematic and will not serve to effectively protect even 'gated' 
> data. I think I agree. As far as I can tell, the EWG proposes to adopt 
> a tiered approach to data protection for RDS data. It is certainly 
> innovative, but I think ultimately it'll be ineffective since the EWG 
> report sets way too many parameters in stone to permit for the data 
> protection mechanisms it adopts to operate.
>
> The privacy protection mechanisms suggested by the EWG are:
> (1) First, they wish to encode some basic privacy principles and apply 
> them across all RDS players by means of contract law, backed up by 
> regulatory enforcement in those jurisdictions that require such things 
> (not clear how ICANN is going to 'harmonize a basic level of data 
> protection rights', something that has been tried and failed 
> repeatedly in multiple fora in the past).
> (2) Second, they intend to localize RDS data storage within a 
> jurisdiction(s) with strong and existing data protection rules (it's 
> not clear how this jurisdiction(s) will be picked).
> (3) Finally, there will be a 'rules engine' that seeks to somehow 
> codify data protection rules for all the world's jurisdictions and to, 
> again somehow, apply these to different data elements based on where 
> these are transferred to, processed, etc. Presumably, data will be 
> marked up based on jurisdictions in which it was stored/processed, and 
> this will provide insight into applicable laws (this ignores realities 
> of the laws of jurisdiction, unless they intend to impose some blanket 
> forum selection clause in and impose it on all elements of the RDS 
> ecosystem).
>
> Ultimately, though, as Steph notes, these efforts are not helpful, as 
> Registrants are forced to 'consent' to a long and extremely broad 
> permissible purposes at point of collection (p. 42 -- Stephs' dissent 
> is noted in footnote 7). Once this consent is obtained, a large number 
> of entities can access, use and further disclose the information in 
> question for the many permissible purposes. While the form of consent 
> is subject to the over-arching harmonized privacy principles (1) and 
> to whatever additional jurisdictional rules are piled on (2) and (3), 
> the list of permissible purposes is not variable, and appears offered 
> on a 'take it or leave it' basis. This leaves minimal latitude for any 
> meaningful operation of data protection principles (except, perhaps, 
> those relating to data security, access and accuracy/integrity).
>
> Nor is there any opportunity to minimize collection, as this too is 
> 'hard wired' into the EWG's report, which provide a very long list of 
> mandatory data elements. By contrast, an explicit 'opt-in' mechanism 
> is adopted for governing whether any data elements a registrant 
> provides that are gated by default can be made public. This is good, 
> but it's not clear to me how it helps, as the core identifying data 
> elements are already public.
>
> In terms of law enforcement access, they basically write off any issue 
> since apparently the data in question is not private enough in their 
> opinion to warrant any legal protection at all under any jurisdiction. 
> Nonetheless, they feel the need to locate RDS data in "jurisdiction(s) 
> where law enforcement is globally trusted". Not sure what that means.
>
> Perhaps ironically, the document recognizes the need for anonymity in 
> this context. But it only does so in the context of the proxy service 
> and secure protected credentials which, as steph points out in her 
> note, are ineffective in the context of individual registrants.
>
> Overall, this seems like an incredibly and unnecessarily complex 
> system that could be managed far more efficiently with simple 
> contactability, plus an ICANN-run mechanism for identification upon 
> demonstration of clear need.
>
> I could be missing something, though. And also apologies for the very 
> lengthy email....
>
> Best,
> Tamir
>
> On 6/8/2014 10:54 AM, Stephanie Perrin wrote:
>> Folks let me say this:
>> 1.  Milton, you were not supposed to publish it!  I needed to edt it 
>> to reflect the new status of it being a minority report, and also no 
>> mention of JF Baril
>> 2.  We need to be sure I am correct.  IF they are right and i have 
>> misread the report, then I look like an idiot.
>> 3.  Most of the report is still concensus.  AS I think I said in the 
>> 3 pager, recently, certain principles put everything slightly out of 
>> balance....
>> Sheesh.  Can they bann me from ICANN?
>> ON a positive note, I must say your blog is well read Milton, I got a 
>> sweet note from Mikey.  I guess he knows what I feel like right now...
>> cheers steph
>>
>> On 2014-06-08, 3:48 AM, Rafik Dammak wrote:
>>>
>>> probably "occupy" the 2 public sessions for EWG i.e. attending them 
>>> ,  ask the hard questions and debunk the myth of having consensus.
>>> privacy issue was suggested by Marilia as 1 of the topics for the 
>>> meeting with Board too,
>>> we also should comment the report itself in due time.
>>>
>>> Rafik
>>>
>>> Hi
>>>
>>> p. 6  "This Final Report, including its recommendations and proposed 
>>> principles for the next- generation RDS, reflects a consensus.”
>>>
>>> p. 164  "With the delivery of this Final Report and its 180 
>>> consensus-supported principles, the Board’s vision has indeed 
>>> materialized.”
>>>
>>> p. 165 "Among the EWG members were seasoned entrepreneurs and global 
>>> leaders (Ajayi, Ala- Pietilä, Neylon, Rasmussen, and Shah). Their 
>>> collective expertise in balancing risks and their results-oriented 
>>> problem solving style paved the way to reaching an early consensus 
>>> among the EWG.”
>>>
>>> This characterization doesn’t seem to quite fit with Stephanie’s 
>>> excellent and (astonishingly) suppressed Dissenting Report…
>>>
>>> How shall we proceed in London?
>>>
>>> Bill
>>>
>>>>
>>>> *From:*Denise Michel [mailto:[log in to unmask]]
>>>> *Sent:*samedi 7 juin 2014 19:36
>>>> *Subject:*Expert Working Group on gTLD Directory Services (EWG) 
>>>> Final Report
>>>> Dear All:
>>>> The Expert Working Group on gTLD Directory Services (EWG) has 
>>>> issued their Final Report 
>>>> <https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf>. 
>>>> Given your group's interest in this topic, I wanted to bring this 
>>>> to your attention, along with the public sessions the EWG has 
>>>> scheduled at the ICANN London meeting:
>>>>
>>>>   * An introduction to the Final Report: EWG Overview of Final
>>>>     Report
>>>>     <http://london50.icann.org/en/schedule/mon-ewg-final-overview>,
>>>>     Monday, 23 June, 1515 – 1615
>>>>   * Two cross-community discussion sessions:
>>>>       o EWG Final Report Discussion Session
>>>>         <http://london50.icann.org/en/schedule/mon-ewg-final-discussion>, Monday,
>>>>         23 June, 1700 - 1900
>>>>       o EWG Final Report Discussion Session
>>>>         <http://london50.icann.org/en/schedule/wed-ewg-final-discussion>,
>>>>         Wednesday, 25 June, 0800 – 1000
>>>>
>>>> The Final Report fulfills the ICANN Board's directive to help 
>>>> redefine the purpose and provision of gTLD registration data, and 
>>>> provides a foundation to help the ICANN community (through the 
>>>> GNSO) create a new global policy for gTLD directory services. This 
>>>> report represents the culmination of an intense 15 month period of 
>>>> work during which this diverse group of volunteers 
>>>> <https://www.icann.org/resources/pages/gtld-directory-services-2013-02-14-en> created 
>>>> an alternative to today's WHOIS to better serve the global Internet 
>>>> community -- a next-generation Registration Directory Service (RDS).
>>>> The EWG looks forward to discussing this with the ICANN community. 
>>>> Thank you for sharing this notice broadly.
>>>> Regards,
>>>> Denise
>>>> Denise Michel
>>>> VP Strategic Initiatives
>>>> ICANN
>>>> [log in to unmask] <mailto:[log in to unmask]>
>>>
>>> ***********************************************
>>> William J. Drake
>>> International Fellow & Lecturer
>>>   Media Change & Innovation Division, IPMZ
>>>   University of Zurich, Switzerland
>>> Chair, Noncommercial Users Constituency,
>>>   ICANN, www.ncuc.org <http://www.ncuc.org>
>>> [log in to unmask] <mailto:[log in to unmask]> (direct), 
>>> [log in to unmask] <mailto:[log in to unmask]> (lists),
>>> www.williamdrake.org <http://www.williamdrake.org>
>>> ***********************************************
>>>
>>