LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Expert Working Group on gTLD Directory Services (EWG) Final Report
From:	William Drake <[log in to unmask]>
Reply To:	William Drake <[log in to unmask]>
Date:	Tue, 10 Jun 2014 11:16:37 +0200
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (8 kB) , text/html (21 kB)
This has the makings of a good blog post…?

Bill

On Jun 9, 2014, at 10:03 PM, Tamir Israel <[log in to unmask]> wrote:

> FWIW, it seems to me on a quick read that your concerns are on point, Steph.
> 
> First, you flag that while one of the core objectives of this RDS was to provide some privacy over WHOIS, most individuals will not be able to shield their identity from the general public. Registrant name and address (but not email address) are 'gated' and hence not available to the general public. But, as you say in your note, all registrants are obligated to provide legal contact info which will be publicly available. This is evident in Annex E and also in footnote 39. While many big companies may use legal counsel or other proxies to register, most individuals and even small businesses will need to use their own name and contact info, thereby defeating the purpose of permitting their contact info to remain 'gated'. So the end result is that more data elements are collected and centralized, without the anticipated pro quo of having less information 'gated' or 'publicly available'.
> 
> Second, you flag that the RDS' very ambitious data protection project is problematic and will not serve to effectively protect even 'gated' data. I think I agree. As far as I can tell, the EWG proposes to adopt a tiered approach to data protection for RDS data. It is certainly innovative, but I think ultimately it'll be ineffective since the EWG report sets way too many parameters in stone to permit for the data protection mechanisms it adopts to operate.
> 
> The privacy protection mechanisms suggested by the EWG are:
> (1) First, they wish to encode some basic privacy principles and apply them across all RDS players by means of contract law, backed up by regulatory enforcement in those jurisdictions that require such things (not clear how ICANN is going to 'harmonize a basic level of data protection rights', something that has been tried and failed repeatedly in multiple fora in the past). 
> (2) Second, they intend to localize RDS data storage within a jurisdiction(s) with strong and existing data protection rules (it's not clear how this jurisdiction(s) will be picked). 
> (3) Finally, there will be a 'rules engine' that seeks to somehow codify data protection rules for all the world's jurisdictions and to, again somehow, apply these to different data elements based on where these are transferred to, processed, etc. Presumably, data will be marked up based on jurisdictions in which it was stored/processed, and this will provide insight into applicable laws (this ignores realities of the laws of jurisdiction, unless they intend to impose some blanket forum selection clause in and impose it on all elements of the RDS ecosystem). 
> 
> Ultimately, though, as Steph notes, these efforts are not helpful, as Registrants are forced to 'consent' to a long and extremely broad permissible purposes at point of collection (p. 42 -- Stephs' dissent is noted in footnote 7). Once this consent is obtained, a large number of entities can access, use and further disclose the information in question for the many permissible purposes. While the form of consent is subject to the over-arching harmonized privacy principles (1) and to whatever additional jurisdictional rules are piled on (2) and (3), the list of permissible purposes is not variable, and appears offered on a 'take it or leave it' basis. This leaves minimal latitude for any meaningful operation of data protection principles (except, perhaps, those relating to data security, access and accuracy/integrity). 
> 
> Nor is there any opportunity to minimize collection, as this too is 'hard wired' into the EWG's report, which provide a very long list of mandatory data elements. By contrast, an explicit 'opt-in' mechanism is adopted for governing whether any data elements a registrant provides that are gated by default can be made public. This is good, but it's not clear to me how it helps, as the core identifying data elements are already public.
> 
> In terms of law enforcement access, they basically write off any issue since apparently the data in question is not private enough in their opinion to warrant any legal protection at all under any jurisdiction. Nonetheless, they feel the need to locate RDS data in "jurisdiction(s) where law enforcement is globally trusted". Not sure what that means.
> 
> Perhaps ironically, the document recognizes the need for anonymity in this context. But it only does so in the context of the proxy service and secure protected credentials which, as steph points out in her note, are ineffective in the context of individual registrants.
> 
> Overall, this seems like an incredibly and unnecessarily complex system that could be managed far more efficiently with simple contactability, plus an ICANN-run mechanism for identification upon demonstration of clear need.
> 
> I could be missing something, though. And also apologies for the very lengthy email....
> 
> Best,
> Tamir
> 
> On 6/8/2014 10:54 AM, Stephanie Perrin wrote:
>> 
>> Folks let me say this:
>> 1.  Milton, you were not supposed to publish it!  I needed to edt it to reflect the new status of it being a minority report, and also no mention of JF Baril
>> 2.  We need to be sure I am correct.  IF they are right and i have misread the report, then I look like an idiot.  
>> 3.  Most of the report is still concensus.  AS I think I said in the 3 pager, recently, certain principles put everything slightly out of balance....
>> Sheesh.  Can they bann me from ICANN?
>> ON a positive note, I must say your blog is well read Milton, I got a sweet note from Mikey.  I guess he knows what I feel like right now...
>> cheers steph
>> 
>> On 2014-06-08, 3:48 AM, Rafik Dammak wrote:
>>> probably "occupy" the 2 public sessions for EWG i.e. attending them ,  ask the hard questions and debunk the myth of having consensus.
>>> privacy issue was suggested by Marilia as 1 of the topics for the meeting with Board too,
>>> we also should comment the report itself in due time.
>>> 
>>> Rafik
>>> Hi
>>> 
>>> p. 6  "This Final Report, including its recommendations and proposed principles for the next- generation RDS, reflects a consensus.”
>>> 
>>> p. 164  "With the delivery of this Final Report and its 180 consensus-supported principles, the Board’s vision has indeed materialized.”
>>> 
>>> p. 165 "Among the EWG members were seasoned entrepreneurs and global leaders (Ajayi, Ala- Pietilä, Neylon, Rasmussen, and Shah). Their collective expertise in balancing risks and their results-oriented problem solving style paved the way to reaching an early consensus among the EWG.”
>>> 
>>> This characterization doesn’t seem to quite fit with Stephanie’s excellent and (astonishingly) suppressed Dissenting Report…
>>> 
>>> How shall we proceed in London?
>>> 
>>> Bill
>>> 
>>>> 
>>>> From: Denise Michel [mailto:[log in to unmask]] 
>>>> Sent: samedi 7 juin 2014 19:36
>>>> Subject: Expert Working Group on gTLD Directory Services (EWG) Final Report
>>>>  
>>>> Dear All:
>>>>  
>>>> The Expert Working Group on gTLD Directory Services (EWG) has issued their Final Report. Given your group's interest in this topic, I wanted to bring this to your attention, along with the public sessions the EWG has scheduled at the ICANN London meeting:
>>>>  
>>>> An introduction to the Final Report: EWG Overview of Final Report, Monday, 23 June, 1515 – 1615
>>>> Two cross-community discussion sessions: 
>>>> EWG Final Report Discussion Session, Monday, 23 June, 1700 - 1900
>>>> EWG Final Report Discussion Session, Wednesday, 25 June, 0800 – 1000
>>>>  
>>>> The Final Report fulfills the ICANN Board's directive to help redefine the purpose and provision of gTLD registration data, and provides a foundation to help the ICANN community (through the GNSO) create a new global policy for gTLD directory services. This report represents the culmination of an intense 15 month period of work during which this diverse group of volunteers created an alternative to today's WHOIS to better serve the global Internet community -- a next-generation Registration Directory Service (RDS).
>>>>  
>>>> The EWG looks forward to discussing this with the ICANN community. Thank you for sharing this notice broadly.
>>>>  
>>>> Regards,
>>>> Denise 
>>>>  
>>>> Denise Michel
>>>> VP Strategic Initiatives
>>>> ICANN
>>>> [log in to unmask]
>>> 
>>> ***********************************************
>>> William J. Drake
>>> International Fellow & Lecturer
>>>   Media Change & Innovation Division, IPMZ
>>>   University of Zurich, Switzerland
>>> Chair, Noncommercial Users Constituency, 
>>>   ICANN, www.ncuc.org
>>> [log in to unmask] (direct), [log in to unmask] (lists),
>>>   www.williamdrake.org
>>> ***********************************************
>>> 
>>
ATOM RSS1 RSS2
LISTSERV.SYR.EDU