Sounds like a comment in the making... and that;'s one of the things I think we should be pushing for is a real comment period on this Final EWG Report... : > The EWG's odd statement to the effect that a warrant is never required > for subscriber info has just been contradicted by Canada's highest > court. Does this mean Canadian law enforcement will be locked out of > the authentication process set up for the RDS? > > R. v. Sencer, 2014 SCC 43 > http://scc-csc.lexum.com/scc-csc/scc-csc/en/item/14233/index.do > > Best, > Tamir > > On 6/10/2014 5:16 AM, William Drake wrote: >> This has the makings of a good blog post…? >> >> Bill >> >> On Jun 9, 2014, at 10:03 PM, Tamir Israel <[log in to unmask] >> <mailto:[log in to unmask]>> wrote: >> >>> FWIW, it seems to me on a quick read that your concerns are on >>> point, Steph. >>> >>> First, you flag that while one of the core objectives of this RDS >>> was to provide some privacy over WHOIS, most individuals will not be >>> able to shield their identity from the general public. Registrant >>> name and address (but not email address) are 'gated' and hence not >>> available to the general public. But, as you say in your note, all >>> registrants are obligated to provide legal contact info which will >>> be publicly available. This is evident in Annex E and also in >>> footnote 39. While many big companies may use legal counsel or other >>> proxies to register, most individuals and even small businesses will >>> need to use their own name and contact info, thereby defeating the >>> purpose of permitting their contact info to remain 'gated'. So the >>> end result is that more data elements are collected and centralized, >>> without the anticipated /pro quo/ of having less information 'gated' >>> or 'publicly available'. >>> >>> Second, you flag that the RDS' very ambitious data protection >>> project is problematic and will not serve to effectively protect >>> even 'gated' data. I think I agree. As far as I can tell, the EWG >>> proposes to adopt a tiered approach to data protection for RDS data. >>> It is certainly innovative, but I think ultimately it'll be >>> ineffective since the EWG report sets way too many parameters in >>> stone to permit for the data protection mechanisms it adopts to operate. >>> >>> The privacy protection mechanisms suggested by the EWG are: >>> (1) First, they wish to encode some basic privacy principles and >>> apply them across all RDS players by means of contract law, backed >>> up by regulatory enforcement in those jurisdictions that require >>> such things (not clear how ICANN is going to 'harmonize a basic >>> level of data protection rights', something that has been tried and >>> failed repeatedly in multiple fora in the past). >>> (2) Second, they intend to localize RDS data storage within a >>> jurisdiction(s) with strong and existing data protection rules (it's >>> not clear how this jurisdiction(s) will be picked). >>> (3) Finally, there will be a 'rules engine' that seeks to somehow >>> codify data protection rules for all the world's jurisdictions and >>> to, again somehow, apply these to different data elements based on >>> where these are transferred to, processed, etc. Presumably, data >>> will be marked up based on jurisdictions in which it was >>> stored/processed, and this will provide insight into applicable laws >>> (this ignores realities of the laws of jurisdiction, unless they >>> intend to impose some blanket forum selection clause in and impose >>> it on all elements of the RDS ecosystem). >>> >>> Ultimately, though, as Steph notes, these efforts are not helpful, >>> as Registrants are forced to 'consent' to a long and extremely broad >>> permissible purposes at point of collection (p. 42 -- Stephs' >>> dissent is noted in footnote 7). Once this consent is obtained, a >>> large number of entities can access, use and further disclose the >>> information in question for the many permissible purposes. While the >>> form of consent is subject to the over-arching harmonized privacy >>> principles (1) and to whatever additional jurisdictional rules are >>> piled on (2) and (3), the list of permissible purposes is not >>> variable, and appears offered on a 'take it or leave it' basis. This >>> leaves minimal latitude for any meaningful operation of data >>> protection principles (except, perhaps, those relating to data >>> security, access and accuracy/integrity). >>> >>> Nor is there any opportunity to minimize collection, as this too is >>> 'hard wired' into the EWG's report, which provide a very long list >>> of mandatory data elements. By contrast, an explicit 'opt-in' >>> mechanism is adopted for governing whether any data elements a >>> registrant provides that are gated by default can be made public. >>> This is good, but it's not clear to me how it helps, as the core >>> identifying data elements are already public. >>> >>> In terms of law enforcement access, they basically write off any >>> issue since apparently the data in question is not private enough in >>> their opinion to warrant any legal protection at all under any >>> jurisdiction. Nonetheless, they feel the need to locate RDS data in >>> "jurisdiction(s) where law enforcement is globally trusted". Not >>> sure what that means. >>> >>> Perhaps ironically, the document recognizes the need for anonymity >>> in this context. But it only does so in the context of the proxy >>> service and secure protected credentials which, as steph points out >>> in her note, are ineffective in the context of individual registrants. >>> >>> Overall, this seems like an incredibly and unnecessarily complex >>> system that could be managed far more efficiently with simple >>> contactability, plus an ICANN-run mechanism for identification upon >>> demonstration of clear need. >>> >>> I could be missing something, though. And also apologies for the >>> very lengthy email.... >>> >>> Best, >>> Tamir >>> >>> On 6/8/2014 10:54 AM, Stephanie Perrin wrote: >>>> Folks let me say this: >>>> 1. Milton, you were not supposed to publish it! I needed to edt >>>> it to reflect the new status of it being a minority report, and >>>> also no mention of JF Baril >>>> 2. We need to be sure I am correct. IF they are right and i have >>>> misread the report, then I look like an idiot. >>>> 3. Most of the report is still concensus. AS I think I said in >>>> the 3 pager, recently, certain principles put everything slightly >>>> out of balance.... >>>> Sheesh. Can they bann me from ICANN? >>>> ON a positive note, I must say your blog is well read Milton, I got >>>> a sweet note from Mikey. I guess he knows what I feel like right >>>> now... >>>> cheers steph >>>> >>>> On 2014-06-08, 3:48 AM, Rafik Dammak wrote: >>>>> >>>>> probably "occupy" the 2 public sessions for EWG i.e. attending >>>>> them , ask the hard questions and debunk the myth of having >>>>> consensus. >>>>> privacy issue was suggested by Marilia as 1 of the topics for the >>>>> meeting with Board too, >>>>> we also should comment the report itself in due time. >>>>> >>>>> Rafik >>>>> >>>>> Hi >>>>> >>>>> p. 6 "This Final Report, including its recommendations and >>>>> proposed principles for the next- generation RDS, reflects a >>>>> consensus.” >>>>> >>>>> p. 164 "With the delivery of this Final Report and its 180 >>>>> consensus-supported principles, the Board’s vision has indeed >>>>> materialized.” >>>>> >>>>> p. 165 "Among the EWG members were seasoned entrepreneurs and >>>>> global leaders (Ajayi, Ala- Pietilä, Neylon, Rasmussen, and Shah). >>>>> Their collective expertise in balancing risks and their >>>>> results-oriented problem solving style paved the way to reaching >>>>> an early consensus among the EWG.” >>>>> >>>>> This characterization doesn’t seem to quite fit with Stephanie’s >>>>> excellent and (astonishingly) suppressed Dissenting Report… >>>>> >>>>> How shall we proceed in London? >>>>> >>>>> Bill >>>>> >>>>>> >>>>>> *From:*Denise Michel [mailto:[log in to unmask]] >>>>>> *Sent:*samedi 7 juin 2014 19:36 >>>>>> *Subject:*Expert Working Group on gTLD Directory Services (EWG) >>>>>> Final Report >>>>>> Dear All: >>>>>> The Expert Working Group on gTLD Directory Services (EWG) has >>>>>> issued their Final Report >>>>>> <https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf>. >>>>>> Given your group's interest in this topic, I wanted to bring this >>>>>> to your attention, along with the public sessions the EWG has >>>>>> scheduled at the ICANN London meeting: >>>>>> >>>>>> * An introduction to the Final Report: EWG Overview of Final >>>>>> Report >>>>>> <http://london50.icann.org/en/schedule/mon-ewg-final-overview>, >>>>>> Monday, 23 June, 1515 – 1615 >>>>>> * Two cross-community discussion sessions: >>>>>> o EWG Final Report Discussion Session >>>>>> <http://london50.icann.org/en/schedule/mon-ewg-final-discussion>, Monday, >>>>>> 23 June, 1700 - 1900 >>>>>> o EWG Final Report Discussion Session >>>>>> <http://london50.icann.org/en/schedule/wed-ewg-final-discussion>, >>>>>> Wednesday, 25 June, 0800 – 1000 >>>>>> >>>>>> The Final Report fulfills the ICANN Board's directive to help >>>>>> redefine the purpose and provision of gTLD registration data, and >>>>>> provides a foundation to help the ICANN community (through the >>>>>> GNSO) create a new global policy for gTLD directory services. >>>>>> This report represents the culmination of an intense 15 month >>>>>> period of work during which this diverse group of volunteers >>>>>> <https://www.icann.org/resources/pages/gtld-directory-services-2013-02-14-en> created >>>>>> an alternative to today's WHOIS to better serve the global >>>>>> Internet community -- a next-generation Registration Directory >>>>>> Service (RDS). >>>>>> The EWG looks forward to discussing this with the ICANN >>>>>> community. Thank you for sharing this notice broadly. >>>>>> Regards, >>>>>> Denise >>>>>> Denise Michel >>>>>> VP Strategic Initiatives >>>>>> ICANN >>>>>> [log in to unmask] <mailto:[log in to unmask]> >>>>> >>>>> *********************************************** >>>>> William J. Drake >>>>> International Fellow & Lecturer >>>>> Media Change & Innovation Division, IPMZ >>>>> University of Zurich, Switzerland >>>>> Chair, Noncommercial Users Constituency, >>>>> ICANN, www.ncuc.org <http://www.ncuc.org/> >>>>> [log in to unmask] <mailto:[log in to unmask]> (direct), >>>>> [log in to unmask] <mailto:[log in to unmask]> (lists), >>>>> www.williamdrake.org <http://www.williamdrake.org/> >>>>> *********************************************** >>>>> >>>> >>