NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show HTML Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Expert Working Group on gTLD Directory Services (EWG) Final Report
From:
Rafik Dammak <[log in to unmask]>
Reply To:
Rafik Dammak <[log in to unmask]>
Date:
Tue, 10 Jun 2014 12:43:23 +0900
Content-Type:
multipart/alternative
Parts/Attachments:
text/plain (9 kB) , text/html (18 kB) 
Thanks Tamir, you already summarized some points that we can use for the
draft comment !
It will be great to have other privacy experts opinions in this list.

Rafik


2014-06-10 5:03 GMT+09:00 Tamir Israel <[log in to unmask]>:

>  FWIW, it seems to me on a quick read that your concerns are on point,
> Steph.
>
> First, you flag that while one of the core objectives of this RDS was to
> provide some privacy over WHOIS, most individuals will not be able to
> shield their identity from the general public. Registrant name and address
> (but not email address) are 'gated' and hence not available to the general
> public. But, as you say in your note, all registrants are obligated to
> provide legal contact info which will be publicly available. This is
> evident in Annex E and also in footnote 39. While many big companies may
> use legal counsel or other proxies to register, most individuals and even
> small businesses will need to use their own name and contact info, thereby
> defeating the purpose of permitting their contact info to remain 'gated'.
> So the end result is that more data elements are collected and centralized,
> without the anticipated *pro quo* of having less information 'gated' or
> 'publicly available'.
>
> Second, you flag that the RDS' very ambitious data protection project is
> problematic and will not serve to effectively protect even 'gated' data. I
> think I agree. As far as I can tell, the EWG proposes to adopt a tiered
> approach to data protection for RDS data. It is certainly innovative, but I
> think ultimately it'll be ineffective since the EWG report sets way too
> many parameters in stone to permit for the data protection mechanisms it
> adopts to operate.
>
> The privacy protection mechanisms suggested by the EWG are:
> (1) First, they wish to encode some basic privacy principles and apply
> them across all RDS players by means of contract law, backed up by
> regulatory enforcement in those jurisdictions that require such things (not
> clear how ICANN is going to 'harmonize a basic level of data protection
> rights', something that has been tried and failed repeatedly in multiple
> fora in the past).
> (2) Second, they intend to localize RDS data storage within a
> jurisdiction(s) with strong and existing data protection rules (it's not
> clear how this jurisdiction(s) will be picked).
> (3) Finally, there will be a 'rules engine' that seeks to somehow codify
> data protection rules for all the world's jurisdictions and to, again
> somehow, apply these to different data elements based on where these are
> transferred to, processed, etc. Presumably, data will be marked up based on
> jurisdictions in which it was stored/processed, and this will provide
> insight into applicable laws (this ignores realities of the laws of
> jurisdiction, unless they intend to impose some blanket forum selection
> clause in and impose it on all elements of the RDS ecosystem).
>
> Ultimately, though, as Steph notes, these efforts are not helpful, as
> Registrants are forced to 'consent' to a long and extremely broad
> permissible purposes at point of collection (p. 42 -- Stephs' dissent is
> noted in footnote 7). Once this consent is obtained, a large number of
> entities can access, use and further disclose the information in question
> for the many permissible purposes. While the form of consent is subject to
> the over-arching harmonized privacy principles (1) and to whatever
> additional jurisdictional rules are piled on (2) and (3), the list of
> permissible purposes is not variable, and appears offered on a 'take it or
> leave it' basis. This leaves minimal latitude for any meaningful operation
> of data protection principles (except, perhaps, those relating to data
> security, access and accuracy/integrity).
>
> Nor is there any opportunity to minimize collection, as this too is 'hard
> wired' into the EWG's report, which provide a very long list of mandatory
> data elements. By contrast, an explicit 'opt-in' mechanism is adopted for
> governing whether any data elements a registrant provides that are gated by
> default can be made public. This is good, but it's not clear to me how it
> helps, as the core identifying data elements are already public.
>
> In terms of law enforcement access, they basically write off any issue
> since apparently the data in question is not private enough in their
> opinion to warrant any legal protection at all under any jurisdiction.
> Nonetheless, they feel the need to locate RDS data in "jurisdiction(s)
> where law enforcement is globally trusted". Not sure what that means.
>
> Perhaps ironically, the document recognizes the need for anonymity in this
> context. But it only does so in the context of the proxy service and secure
> protected credentials which, as steph points out in her note, are
> ineffective in the context of individual registrants.
>
> Overall, this seems like an incredibly and unnecessarily complex system
> that could be managed far more efficiently with simple contactability, plus
> an ICANN-run mechanism for identification upon demonstration of clear need.
>
> I could be missing something, though. And also apologies for the very
> lengthy email....
>
> Best,
> Tamir
>
>
> On 6/8/2014 10:54 AM, Stephanie Perrin wrote:
>
> Folks let me say this:
> 1.  Milton, you were not supposed to publish it!  I needed to edt it to
> reflect the new status of it being a minority report, and also no mention
> of JF Baril
> 2.  We need to be sure I am correct.  IF they are right and i have misread
> the report, then I look like an idiot.
> 3.  Most of the report is still concensus.  AS I think I said in the 3
> pager, recently, certain principles put everything slightly out of
> balance....
> Sheesh.  Can they bann me from ICANN?
> ON a positive note, I must say your blog is well read Milton, I got a
> sweet note from Mikey.  I guess he knows what I feel like right now...
> cheers steph
>
> On 2014-06-08, 3:48 AM, Rafik Dammak wrote:
>
> probably "occupy" the 2 public sessions for EWG i.e. attending them ,  ask
> the hard questions and debunk the myth of having consensus.
> privacy issue was suggested by Marilia as 1 of the topics for the meeting
> with Board too,
> we also should comment the report itself in due time.
>
> Rafik
>  Hi
>
>  p. 6  "This Final Report, including its recommendations and proposed
> principles for the next- generation RDS, reflects a consensus.”
>
>  p. 164  "With the delivery of this Final Report and its 180
> consensus-supported principles, the Board’s vision has indeed materialized.”
>
>  p. 165 "Among the EWG members were seasoned entrepreneurs and global
> leaders (Ajayi, Ala- Pietilä, Neylon, Rasmussen, and Shah). Their
> collective expertise in balancing risks and their results-oriented problem
> solving style paved the way to reaching an early consensus among the EWG.”
>
>  This characterization doesn’t seem to quite fit with Stephanie’s
> excellent and (astonishingly) suppressed Dissenting Report…
>
>  How shall we proceed in London?
>
>  Bill
>
>
>  *From:* Denise Michel [mailto:[log in to unmask]
> <[log in to unmask]>]
> *Sent:* samedi 7 juin 2014 19:36
> *Subject:* Expert Working Group on gTLD Directory Services (EWG) Final
> Report
>
> Dear All:
>
> The Expert Working Group on gTLD Directory Services (EWG) has issued their Final
> Report
> <https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf>.
> Given your group's interest in this topic, I wanted to bring this to your
> attention, along with the public sessions the EWG has scheduled at the
> ICANN London meeting:
>
>
>    - An introduction to the Final Report: EWG Overview of Final Report
>    <http://london50.icann.org/en/schedule/mon-ewg-final-overview>,
>    Monday, 23 June, 1515 – 1615
>    - Two cross-community discussion sessions:
>       - EWG Final Report Discussion Session
>       <http://london50.icann.org/en/schedule/mon-ewg-final-discussion>, Monday,
>       23 June, 1700 - 1900
>       - EWG Final Report Discussion Session
>       <http://london50.icann.org/en/schedule/wed-ewg-final-discussion>,
>       Wednesday, 25 June, 0800 – 1000
>
>
>  The Final Report fulfills the ICANN Board's directive to help redefine
> the purpose and provision of gTLD registration data, and provides a
> foundation to help the ICANN community (through the GNSO) create a new
> global policy for gTLD directory services. This report represents the
> culmination of an intense 15 month period of work during which this diverse
> group of volunteers
> <https://www.icann.org/resources/pages/gtld-directory-services-2013-02-14-en> created
> an alternative to today's WHOIS to better serve the global Internet
> community -- a next-generation Registration Directory Service (RDS).
>
> The EWG looks forward to discussing this with the ICANN community. Thank
> you for sharing this notice broadly.
>
> Regards,
> Denise
>
> Denise Michel
> VP Strategic Initiatives
> ICANN
> [log in to unmask]
>
>
>  ***********************************************
> William J. Drake
> International Fellow & Lecturer
>   Media Change & Innovation Division, IPMZ
>   University of Zurich, Switzerland
> Chair, Noncommercial Users Constituency,
>   ICANN, www.ncuc.org
> [log in to unmask] (direct), [log in to unmask] (lists),
>   www.williamdrake.org
> ***********************************************
>
>
>

ATOM RSS1 RSS2