NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
NCSG-Discuss <[log in to unmask]>
Date:
Sat, 21 Jan 2012 12:33:13 -0500
Reply-To:
Timothe Litt <[log in to unmask]>
Message-ID:
Content-Transfer-Encoding:
quoted-printable
Subject:
From:
Timothe Litt <[log in to unmask]>
X-cc:
Wendy Seltzer <[log in to unmask]>
In-Reply-To:
Content-Type:
text/plain; charset="iso-8859-1"
MIME-Version:
1.0
Parts/Attachments:
text/plain (110 lines)
I had a cursory look at the supporting documents for this.
(http://www.icann.org/en/registries/rsep/puntcat-cat-request-05oct11-en.pdf)

In general, I think that the request moves practice in the right direction.

However, I am somewhat concerned by the following language:

"Law enforcement and trademark protection representatives will be granted
full access to
puntCAT database. An IP white list will be established to provide full
access to gather all
data associated with any concrete domain name."

("IP" clearly means "IP address" if you read the whole document.)

A) What is a "trademark protection representative", and why are they granted
equal access to the privacy-protected data of natural persons as law
enforcement?  

B) Why can't they use the webform proxy for contacting the domain owner, or
present a case to law enforcement for access if the owner is unresponsive?

C) It also seems that both have the ability to troll thru the database at
will for any purpose, without cause, judicial review or documenting when and
why private information is accessed.  

D) Note that this ability is based on IP address - not an X.509 certificate,
password or any other user-specific security mechanism.  Hence is is
susceptible to IP spoofing, and access is not traceable to the individual
accessing the data.  This makes it difficult (impossible?) to hold anyone
accountable for misuse of these privileges.

E) Also, disclosure is described as "opt-in (default option)" - as the
following language in the document makes clear, privacy is not the default
and must be requested.  This is not consistent with maximizing privacy, and
potentially introduces race conditions if establishing the privacy option is
not atomic with registering a domain.  For natural persons, privacy should
be the default.

Thus, although this is a positive step in the direction of protecting the
privacy of natural persons, there is room for improvement.  

I leave to those more experienced in the politics of ICANN the political
question of whether to take what's on offer now and fight the next battle
later, or to raise these points in our comment on the current request.


Timothe Litt
ACM Distinguished Engineer
---------------------------------------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 
 
-----Original Message-----
From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of Wendy
Seltzer
Sent: Saturday, January 21, 2012 11:50
To: [log in to unmask]
Subject: Re: [NCSG-Discuss] .CAT WHOIS Proposed Changes - call for public
comments

.CAT proposes to revise its Registry agreement to support withholding of
some WHOIS data by individuals who opt out. It will not offer this opt-out
to legal persons.

I propose that NCSG support this amendment, with a simple: "NCSG supports
the availability of WHOIS privacy options for natural persons.
Accordingly, we support puntCAT's proposed amendment."

--Wendy

-------- Original Message --------
Subject: [council] .CAT WHOIS Proposed Changes - call for public comments
Date: Fri, 20 Jan 2012 14:08:05 -0800
From: Glen de Saint Géry <[log in to unmask]>
To: [log in to unmask] <[log in to unmask]>

http://www.icann.org/en/announcements/announcement-20jan12-en.htm
.CAT WHOIS Proposed Changes

Forum Announcement: Comment Period Opens on Date: 20 January2012

Categories/Tags: Contracted Party Agreements

Purpose (Brief):

ICANN is opening today the public comment period for the Fundacio puntCAT's,
request to change its Whois according to EU data protection legislation. The
public comment period will be closed on 3 March 2012.

The .cat registry, submitted a Registry Service Evaluation Process
(RSEP) on August 2011.

At this time, ICANN has conducted a preliminary review in accordance with
the Registry Services Evaluation Policy and process set forth at
http://www.icann.org/registries/rsep/rsep.html. ICANN's preliminary review
(based on the information provided) did not identify any significant
competition, security, or stability issues.

The implementation of the request requires an amendment to the .cat Registry
Agreement signed 23 September 2005. This public forum requests comments
regarding the proposed amendment.
Public Comment Box Link:
http://www.icann.org/en/public-comment/cat-whois-changes-18jan12-en.htm

Glen de Saint Géry
GNSO Secretariat
[log in to unmask]<mailto:[log in to unmask]>
http://gnso.icann.org

ATOM RSS1 RSS2