Sounds like a comment in the making... and that;'s one of the things I
think we should be pushing for is a real comment period on this Final
EWG Report... :
> The EWG's odd statement to the effect that a warrant is never required
> for subscriber info has just been contradicted by Canada's highest
> court. Does this mean Canadian law enforcement will be locked out of
> the authentication process set up for the RDS?
>
> R. v. Sencer, 2014 SCC 43
> http://scc-csc.lexum.com/scc-csc/scc-csc/en/item/14233/index.do
>
> Best,
> Tamir
>
> On 6/10/2014 5:16 AM, William Drake wrote:
>> This has the makings of a good blog post…?
>>
>> Bill
>>
>> On Jun 9, 2014, at 10:03 PM, Tamir Israel <[log in to unmask]
>> <mailto:[log in to unmask]>> wrote:
>>
>>> FWIW, it seems to me on a quick read that your concerns are on
>>> point, Steph.
>>>
>>> First, you flag that while one of the core objectives of this RDS
>>> was to provide some privacy over WHOIS, most individuals will not be
>>> able to shield their identity from the general public. Registrant
>>> name and address (but not email address) are 'gated' and hence not
>>> available to the general public. But, as you say in your note, all
>>> registrants are obligated to provide legal contact info which will
>>> be publicly available. This is evident in Annex E and also in
>>> footnote 39. While many big companies may use legal counsel or other
>>> proxies to register, most individuals and even small businesses will
>>> need to use their own name and contact info, thereby defeating the
>>> purpose of permitting their contact info to remain 'gated'. So the
>>> end result is that more data elements are collected and centralized,
>>> without the anticipated /pro quo/ of having less information 'gated'
>>> or 'publicly available'.
>>>
>>> Second, you flag that the RDS' very ambitious data protection
>>> project is problematic and will not serve to effectively protect
>>> even 'gated' data. I think I agree. As far as I can tell, the EWG
>>> proposes to adopt a tiered approach to data protection for RDS data.
>>> It is certainly innovative, but I think ultimately it'll be
>>> ineffective since the EWG report sets way too many parameters in
>>> stone to permit for the data protection mechanisms it adopts to operate.
>>>
>>> The privacy protection mechanisms suggested by the EWG are:
>>> (1) First, they wish to encode some basic privacy principles and
>>> apply them across all RDS players by means of contract law, backed
>>> up by regulatory enforcement in those jurisdictions that require
>>> such things (not clear how ICANN is going to 'harmonize a basic
>>> level of data protection rights', something that has been tried and
>>> failed repeatedly in multiple fora in the past).
>>> (2) Second, they intend to localize RDS data storage within a
>>> jurisdiction(s) with strong and existing data protection rules (it's
>>> not clear how this jurisdiction(s) will be picked).
>>> (3) Finally, there will be a 'rules engine' that seeks to somehow
>>> codify data protection rules for all the world's jurisdictions and
>>> to, again somehow, apply these to different data elements based on
>>> where these are transferred to, processed, etc. Presumably, data
>>> will be marked up based on jurisdictions in which it was
>>> stored/processed, and this will provide insight into applicable laws
>>> (this ignores realities of the laws of jurisdiction, unless they
>>> intend to impose some blanket forum selection clause in and impose
>>> it on all elements of the RDS ecosystem).
>>>
>>> Ultimately, though, as Steph notes, these efforts are not helpful,
>>> as Registrants are forced to 'consent' to a long and extremely broad
>>> permissible purposes at point of collection (p. 42 -- Stephs'
>>> dissent is noted in footnote 7). Once this consent is obtained, a
>>> large number of entities can access, use and further disclose the
>>> information in question for the many permissible purposes. While the
>>> form of consent is subject to the over-arching harmonized privacy
>>> principles (1) and to whatever additional jurisdictional rules are
>>> piled on (2) and (3), the list of permissible purposes is not
>>> variable, and appears offered on a 'take it or leave it' basis. This
>>> leaves minimal latitude for any meaningful operation of data
>>> protection principles (except, perhaps, those relating to data
>>> security, access and accuracy/integrity).
>>>
>>> Nor is there any opportunity to minimize collection, as this too is
>>> 'hard wired' into the EWG's report, which provide a very long list
>>> of mandatory data elements. By contrast, an explicit 'opt-in'
>>> mechanism is adopted for governing whether any data elements a
>>> registrant provides that are gated by default can be made public.
>>> This is good, but it's not clear to me how it helps, as the core
>>> identifying data elements are already public.
>>>
>>> In terms of law enforcement access, they basically write off any
>>> issue since apparently the data in question is not private enough in
>>> their opinion to warrant any legal protection at all under any
>>> jurisdiction. Nonetheless, they feel the need to locate RDS data in
>>> "jurisdiction(s) where law enforcement is globally trusted". Not
>>> sure what that means.
>>>
>>> Perhaps ironically, the document recognizes the need for anonymity
>>> in this context. But it only does so in the context of the proxy
>>> service and secure protected credentials which, as steph points out
>>> in her note, are ineffective in the context of individual registrants.
>>>
>>> Overall, this seems like an incredibly and unnecessarily complex
>>> system that could be managed far more efficiently with simple
>>> contactability, plus an ICANN-run mechanism for identification upon
>>> demonstration of clear need.
>>>
>>> I could be missing something, though. And also apologies for the
>>> very lengthy email....
>>>
>>> Best,
>>> Tamir
>>>
>>> On 6/8/2014 10:54 AM, Stephanie Perrin wrote:
>>>> Folks let me say this:
>>>> 1. Milton, you were not supposed to publish it! I needed to edt
>>>> it to reflect the new status of it being a minority report, and
>>>> also no mention of JF Baril
>>>> 2. We need to be sure I am correct. IF they are right and i have
>>>> misread the report, then I look like an idiot.
>>>> 3. Most of the report is still concensus. AS I think I said in
>>>> the 3 pager, recently, certain principles put everything slightly
>>>> out of balance....
>>>> Sheesh. Can they bann me from ICANN?
>>>> ON a positive note, I must say your blog is well read Milton, I got
>>>> a sweet note from Mikey. I guess he knows what I feel like right
>>>> now...
>>>> cheers steph
>>>>
>>>> On 2014-06-08, 3:48 AM, Rafik Dammak wrote:
>>>>>
>>>>> probably "occupy" the 2 public sessions for EWG i.e. attending
>>>>> them , ask the hard questions and debunk the myth of having
>>>>> consensus.
>>>>> privacy issue was suggested by Marilia as 1 of the topics for the
>>>>> meeting with Board too,
>>>>> we also should comment the report itself in due time.
>>>>>
>>>>> Rafik
>>>>>
>>>>> Hi
>>>>>
>>>>> p. 6 "This Final Report, including its recommendations and
>>>>> proposed principles for the next- generation RDS, reflects a
>>>>> consensus.”
>>>>>
>>>>> p. 164 "With the delivery of this Final Report and its 180
>>>>> consensus-supported principles, the Board’s vision has indeed
>>>>> materialized.”
>>>>>
>>>>> p. 165 "Among the EWG members were seasoned entrepreneurs and
>>>>> global leaders (Ajayi, Ala- Pietilä, Neylon, Rasmussen, and Shah).
>>>>> Their collective expertise in balancing risks and their
>>>>> results-oriented problem solving style paved the way to reaching
>>>>> an early consensus among the EWG.”
>>>>>
>>>>> This characterization doesn’t seem to quite fit with Stephanie’s
>>>>> excellent and (astonishingly) suppressed Dissenting Report…
>>>>>
>>>>> How shall we proceed in London?
>>>>>
>>>>> Bill
>>>>>
>>>>>>
>>>>>> *From:*Denise Michel [mailto:[log in to unmask]]
>>>>>> *Sent:*samedi 7 juin 2014 19:36
>>>>>> *Subject:*Expert Working Group on gTLD Directory Services (EWG)
>>>>>> Final Report
>>>>>> Dear All:
>>>>>> The Expert Working Group on gTLD Directory Services (EWG) has
>>>>>> issued their Final Report
>>>>>> <https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf>.
>>>>>> Given your group's interest in this topic, I wanted to bring this
>>>>>> to your attention, along with the public sessions the EWG has
>>>>>> scheduled at the ICANN London meeting:
>>>>>>
>>>>>> * An introduction to the Final Report: EWG Overview of Final
>>>>>> Report
>>>>>> <http://london50.icann.org/en/schedule/mon-ewg-final-overview>,
>>>>>> Monday, 23 June, 1515 – 1615
>>>>>> * Two cross-community discussion sessions:
>>>>>> o EWG Final Report Discussion Session
>>>>>> <http://london50.icann.org/en/schedule/mon-ewg-final-discussion>, Monday,
>>>>>> 23 June, 1700 - 1900
>>>>>> o EWG Final Report Discussion Session
>>>>>> <http://london50.icann.org/en/schedule/wed-ewg-final-discussion>,
>>>>>> Wednesday, 25 June, 0800 – 1000
>>>>>>
>>>>>> The Final Report fulfills the ICANN Board's directive to help
>>>>>> redefine the purpose and provision of gTLD registration data, and
>>>>>> provides a foundation to help the ICANN community (through the
>>>>>> GNSO) create a new global policy for gTLD directory services.
>>>>>> This report represents the culmination of an intense 15 month
>>>>>> period of work during which this diverse group of volunteers
>>>>>> <https://www.icann.org/resources/pages/gtld-directory-services-2013-02-14-en> created
>>>>>> an alternative to today's WHOIS to better serve the global
>>>>>> Internet community -- a next-generation Registration Directory
>>>>>> Service (RDS).
>>>>>> The EWG looks forward to discussing this with the ICANN
>>>>>> community. Thank you for sharing this notice broadly.
>>>>>> Regards,
>>>>>> Denise
>>>>>> Denise Michel
>>>>>> VP Strategic Initiatives
>>>>>> ICANN
>>>>>> [log in to unmask] <mailto:[log in to unmask]>
>>>>>
>>>>> ***********************************************
>>>>> William J. Drake
>>>>> International Fellow & Lecturer
>>>>> Media Change & Innovation Division, IPMZ
>>>>> University of Zurich, Switzerland
>>>>> Chair, Noncommercial Users Constituency,
>>>>> ICANN, www.ncuc.org <http://www.ncuc.org/>
>>>>> [log in to unmask] <mailto:[log in to unmask]> (direct),
>>>>> [log in to unmask] <mailto:[log in to unmask]> (lists),
>>>>> www.williamdrake.org <http://www.williamdrake.org/>
>>>>> ***********************************************
>>>>>
>>>>
>>
|