LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Expert Working Group on gTLD Directory Services (EWG) Final Report
From:	Kathy Kleiman <[log in to unmask]>
Reply To:	Kathy Kleiman <[log in to unmask]>
Date:	Fri, 13 Jun 2014 13:00:09 -0400
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (10 kB) , text/html (31 kB)
Sounds like a comment in the making... and that;'s one of the things I 
think we should be pushing for is a real comment period on this Final 
EWG Report... :
> The EWG's odd statement to the effect that a warrant is never required 
> for subscriber info has just been contradicted by Canada's highest 
> court. Does this mean Canadian law enforcement will be locked out of 
> the authentication process set up for the RDS?
>
> R. v. Sencer, 2014 SCC 43
> http://scc-csc.lexum.com/scc-csc/scc-csc/en/item/14233/index.do
>
> Best,
> Tamir
>
> On 6/10/2014 5:16 AM, William Drake wrote:
>> This has the makings of a good blog post…?
>>
>> Bill
>>
>> On Jun 9, 2014, at 10:03 PM, Tamir Israel <[log in to unmask] 
>> <mailto:[log in to unmask]>> wrote:
>>
>>> FWIW, it seems to me on a quick read that your concerns are on 
>>> point, Steph.
>>>
>>> First, you flag that while one of the core objectives of this RDS 
>>> was to provide some privacy over WHOIS, most individuals will not be 
>>> able to shield their identity from the general public. Registrant 
>>> name and address (but not email address) are 'gated' and hence not 
>>> available to the general public. But, as you say in your note, all 
>>> registrants are obligated to provide legal contact info which will 
>>> be publicly available. This is evident in Annex E and also in 
>>> footnote 39. While many big companies may use legal counsel or other 
>>> proxies to register, most individuals and even small businesses will 
>>> need to use their own name and contact info, thereby defeating the 
>>> purpose of permitting their contact info to remain 'gated'. So the 
>>> end result is that more data elements are collected and centralized, 
>>> without the anticipated /pro quo/ of having less information 'gated' 
>>> or 'publicly available'.
>>>
>>> Second, you flag that the RDS' very ambitious data protection 
>>> project is problematic and will not serve to effectively protect 
>>> even 'gated' data. I think I agree. As far as I can tell, the EWG 
>>> proposes to adopt a tiered approach to data protection for RDS data. 
>>> It is certainly innovative, but I think ultimately it'll be 
>>> ineffective since the EWG report sets way too many parameters in 
>>> stone to permit for the data protection mechanisms it adopts to operate.
>>>
>>> The privacy protection mechanisms suggested by the EWG are:
>>> (1) First, they wish to encode some basic privacy principles and 
>>> apply them across all RDS players by means of contract law, backed 
>>> up by regulatory enforcement in those jurisdictions that require 
>>> such things (not clear how ICANN is going to 'harmonize a basic 
>>> level of data protection rights', something that has been tried and 
>>> failed repeatedly in multiple fora in the past).
>>> (2) Second, they intend to localize RDS data storage within a 
>>> jurisdiction(s) with strong and existing data protection rules (it's 
>>> not clear how this jurisdiction(s) will be picked).
>>> (3) Finally, there will be a 'rules engine' that seeks to somehow 
>>> codify data protection rules for all the world's jurisdictions and 
>>> to, again somehow, apply these to different data elements based on 
>>> where these are transferred to, processed, etc. Presumably, data 
>>> will be marked up based on jurisdictions in which it was 
>>> stored/processed, and this will provide insight into applicable laws 
>>> (this ignores realities of the laws of jurisdiction, unless they 
>>> intend to impose some blanket forum selection clause in and impose 
>>> it on all elements of the RDS ecosystem).
>>>
>>> Ultimately, though, as Steph notes, these efforts are not helpful, 
>>> as Registrants are forced to 'consent' to a long and extremely broad 
>>> permissible purposes at point of collection (p. 42 -- Stephs' 
>>> dissent is noted in footnote 7). Once this consent is obtained, a 
>>> large number of entities can access, use and further disclose the 
>>> information in question for the many permissible purposes. While the 
>>> form of consent is subject to the over-arching harmonized privacy 
>>> principles (1) and to whatever additional jurisdictional rules are 
>>> piled on (2) and (3), the list of permissible purposes is not 
>>> variable, and appears offered on a 'take it or leave it' basis. This 
>>> leaves minimal latitude for any meaningful operation of data 
>>> protection principles (except, perhaps, those relating to data 
>>> security, access and accuracy/integrity).
>>>
>>> Nor is there any opportunity to minimize collection, as this too is 
>>> 'hard wired' into the EWG's report, which provide a very long list 
>>> of mandatory data elements. By contrast, an explicit 'opt-in' 
>>> mechanism is adopted for governing whether any data elements a 
>>> registrant provides that are gated by default can be made public. 
>>> This is good, but it's not clear to me how it helps, as the core 
>>> identifying data elements are already public.
>>>
>>> In terms of law enforcement access, they basically write off any 
>>> issue since apparently the data in question is not private enough in 
>>> their opinion to warrant any legal protection at all under any 
>>> jurisdiction. Nonetheless, they feel the need to locate RDS data in 
>>> "jurisdiction(s) where law enforcement is globally trusted". Not 
>>> sure what that means.
>>>
>>> Perhaps ironically, the document recognizes the need for anonymity 
>>> in this context. But it only does so in the context of the proxy 
>>> service and secure protected credentials which, as steph points out 
>>> in her note, are ineffective in the context of individual registrants.
>>>
>>> Overall, this seems like an incredibly and unnecessarily complex 
>>> system that could be managed far more efficiently with simple 
>>> contactability, plus an ICANN-run mechanism for identification upon 
>>> demonstration of clear need.
>>>
>>> I could be missing something, though. And also apologies for the 
>>> very lengthy email....
>>>
>>> Best,
>>> Tamir
>>>
>>> On 6/8/2014 10:54 AM, Stephanie Perrin wrote:
>>>> Folks let me say this:
>>>> 1.  Milton, you were not supposed to publish it!  I needed to edt 
>>>> it to reflect the new status of it being a minority report, and 
>>>> also no mention of JF Baril
>>>> 2.  We need to be sure I am correct.  IF they are right and i have 
>>>> misread the report, then I look like an idiot.
>>>> 3.  Most of the report is still concensus.  AS I think I said in 
>>>> the 3 pager, recently, certain principles put everything slightly 
>>>> out of balance....
>>>> Sheesh.  Can they bann me from ICANN?
>>>> ON a positive note, I must say your blog is well read Milton, I got 
>>>> a sweet note from Mikey.  I guess he knows what I feel like right 
>>>> now...
>>>> cheers steph
>>>>
>>>> On 2014-06-08, 3:48 AM, Rafik Dammak wrote:
>>>>>
>>>>> probably "occupy" the 2 public sessions for EWG i.e. attending 
>>>>> them ,  ask the hard questions and debunk the myth of having 
>>>>> consensus.
>>>>> privacy issue was suggested by Marilia as 1 of the topics for the 
>>>>> meeting with Board too,
>>>>> we also should comment the report itself in due time.
>>>>>
>>>>> Rafik
>>>>>
>>>>> Hi
>>>>>
>>>>> p. 6  "This Final Report, including its recommendations and 
>>>>> proposed principles for the next- generation RDS, reflects a 
>>>>> consensus.”
>>>>>
>>>>> p. 164  "With the delivery of this Final Report and its 180 
>>>>> consensus-supported principles, the Board’s vision has indeed 
>>>>> materialized.”
>>>>>
>>>>> p. 165 "Among the EWG members were seasoned entrepreneurs and 
>>>>> global leaders (Ajayi, Ala- Pietilä, Neylon, Rasmussen, and Shah). 
>>>>> Their collective expertise in balancing risks and their 
>>>>> results-oriented problem solving style paved the way to reaching 
>>>>> an early consensus among the EWG.”
>>>>>
>>>>> This characterization doesn’t seem to quite fit with Stephanie’s 
>>>>> excellent and (astonishingly) suppressed Dissenting Report…
>>>>>
>>>>> How shall we proceed in London?
>>>>>
>>>>> Bill
>>>>>
>>>>>>
>>>>>> *From:*Denise Michel [mailto:[log in to unmask]]
>>>>>> *Sent:*samedi 7 juin 2014 19:36
>>>>>> *Subject:*Expert Working Group on gTLD Directory Services (EWG) 
>>>>>> Final Report
>>>>>> Dear All:
>>>>>> The Expert Working Group on gTLD Directory Services (EWG) has 
>>>>>> issued their Final Report 
>>>>>> <https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf>. 
>>>>>> Given your group's interest in this topic, I wanted to bring this 
>>>>>> to your attention, along with the public sessions the EWG has 
>>>>>> scheduled at the ICANN London meeting:
>>>>>>
>>>>>>   * An introduction to the Final Report: EWG Overview of Final
>>>>>>     Report
>>>>>>     <http://london50.icann.org/en/schedule/mon-ewg-final-overview>,
>>>>>>     Monday, 23 June, 1515 – 1615
>>>>>>   * Two cross-community discussion sessions:
>>>>>>       o EWG Final Report Discussion Session
>>>>>>         <http://london50.icann.org/en/schedule/mon-ewg-final-discussion>, Monday,
>>>>>>         23 June, 1700 - 1900
>>>>>>       o EWG Final Report Discussion Session
>>>>>>         <http://london50.icann.org/en/schedule/wed-ewg-final-discussion>,
>>>>>>         Wednesday, 25 June, 0800 – 1000
>>>>>>
>>>>>> The Final Report fulfills the ICANN Board's directive to help 
>>>>>> redefine the purpose and provision of gTLD registration data, and 
>>>>>> provides a foundation to help the ICANN community (through the 
>>>>>> GNSO) create a new global policy for gTLD directory services. 
>>>>>> This report represents the culmination of an intense 15 month 
>>>>>> period of work during which this diverse group of volunteers 
>>>>>> <https://www.icann.org/resources/pages/gtld-directory-services-2013-02-14-en> created 
>>>>>> an alternative to today's WHOIS to better serve the global 
>>>>>> Internet community -- a next-generation Registration Directory 
>>>>>> Service (RDS).
>>>>>> The EWG looks forward to discussing this with the ICANN 
>>>>>> community. Thank you for sharing this notice broadly.
>>>>>> Regards,
>>>>>> Denise
>>>>>> Denise Michel
>>>>>> VP Strategic Initiatives
>>>>>> ICANN
>>>>>> [log in to unmask] <mailto:[log in to unmask]>
>>>>>
>>>>> ***********************************************
>>>>> William J. Drake
>>>>> International Fellow & Lecturer
>>>>>   Media Change & Innovation Division, IPMZ
>>>>>   University of Zurich, Switzerland
>>>>> Chair, Noncommercial Users Constituency,
>>>>>   ICANN, www.ncuc.org <http://www.ncuc.org/>
>>>>> [log in to unmask] <mailto:[log in to unmask]> (direct), 
>>>>> [log in to unmask] <mailto:[log in to unmask]> (lists),
>>>>> www.williamdrake.org <http://www.williamdrake.org/>
>>>>> ***********************************************
>>>>>
>>>>
>>
ATOM RSS1 RSS2
LISTSERV.SYR.EDU