Very sharp cursory look. I also think those points need be raised. Nicolas On 1/21/2012 12:33 PM, Timothe Litt wrote: > I had a cursory look at the supporting documents for this. > (http://www.icann.org/en/registries/rsep/puntcat-cat-request-05oct11-en.pdf) > > In general, I think that the request moves practice in the right direction. > > However, I am somewhat concerned by the following language: > > "Law enforcement and trademark protection representatives will be granted > full access to > puntCAT database. An IP white list will be established to provide full > access to gather all > data associated with any concrete domain name." > > ("IP" clearly means "IP address" if you read the whole document.) > > A) What is a "trademark protection representative", and why are they granted > equal access to the privacy-protected data of natural persons as law > enforcement? > > B) Why can't they use the webform proxy for contacting the domain owner, or > present a case to law enforcement for access if the owner is unresponsive? > > C) It also seems that both have the ability to troll thru the database at > will for any purpose, without cause, judicial review or documenting when and > why private information is accessed. > > D) Note that this ability is based on IP address - not an X.509 certificate, > password or any other user-specific security mechanism. Hence is is > susceptible to IP spoofing, and access is not traceable to the individual > accessing the data. This makes it difficult (impossible?) to hold anyone > accountable for misuse of these privileges. > > E) Also, disclosure is described as "opt-in (default option)" - as the > following language in the document makes clear, privacy is not the default > and must be requested. This is not consistent with maximizing privacy, and > potentially introduces race conditions if establishing the privacy option is > not atomic with registering a domain. For natural persons, privacy should > be the default. > > Thus, although this is a positive step in the direction of protecting the > privacy of natural persons, there is room for improvement. > > I leave to those more experienced in the politics of ICANN the political > question of whether to take what's on offer now and fight the next battle > later, or to raise these points in our comment on the current request. > > > Timothe Litt > ACM Distinguished Engineer > --------------------------------------------------------- > This communication may not represent the ACM or my employer's views, > if any, on the matters discussed. > > -----Original Message----- > From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of Wendy > Seltzer > Sent: Saturday, January 21, 2012 11:50 > To: [log in to unmask] > Subject: Re: [NCSG-Discuss] .CAT WHOIS Proposed Changes - call for public > comments > > .CAT proposes to revise its Registry agreement to support withholding of > some WHOIS data by individuals who opt out. It will not offer this opt-out > to legal persons. > > I propose that NCSG support this amendment, with a simple: "NCSG supports > the availability of WHOIS privacy options for natural persons. > Accordingly, we support puntCAT's proposed amendment." > > --Wendy > > -------- Original Message -------- > Subject: [council] .CAT WHOIS Proposed Changes - call for public comments > Date: Fri, 20 Jan 2012 14:08:05 -0800 > From: Glen de Saint Géry<[log in to unmask]> > To: [log in to unmask]<[log in to unmask]> > > http://www.icann.org/en/announcements/announcement-20jan12-en.htm > .CAT WHOIS Proposed Changes > > Forum Announcement: Comment Period Opens on Date: 20 January2012 > > Categories/Tags: Contracted Party Agreements > > Purpose (Brief): > > ICANN is opening today the public comment period for the Fundacio puntCAT's, > request to change its Whois according to EU data protection legislation. The > public comment period will be closed on 3 March 2012. > > The .cat registry, submitted a Registry Service Evaluation Process > (RSEP) on August 2011. > > At this time, ICANN has conducted a preliminary review in accordance with > the Registry Services Evaluation Policy and process set forth at > http://www.icann.org/registries/rsep/rsep.html. ICANN's preliminary review > (based on the information provided) did not identify any significant > competition, security, or stability issues. > > The implementation of the request requires an amendment to the .cat Registry > Agreement signed 23 September 2005. This public forum requests comments > regarding the proposed amendment. > Public Comment Box Link: > http://www.icann.org/en/public-comment/cat-whois-changes-18jan12-en.htm > > Glen de Saint Géry > GNSO Secretariat > [log in to unmask]<mailto:[log in to unmask]> > http://gnso.icann.org