Thanks, Sam! Responses to your comments:
1) I have discussed this a bit with Avri and I am reluctant to drop
the Snowden reference, even if it is a wee bit inflammatory....this
is partly because I am tired of talking in general terms about
public policy, they will simply interpret that as compliance with
law enforcement demands, not privacy expectations of consumers.
2) agreed, I am tempted to say that in the comment but resisting
3) re the typos, I will have to go back, check the quotes, and
square bracket/sic them. thanks!
cheers stephanie
On 2014-07-31, 13:19, Sam Lanfranco
wrote:
[log in to unmask]" type="cite">
It is late in the time left for revising this document so I will
just offer three short comments without going in and attempting to
wordsmith inside the document. Food for though!
#1: Page 1: As part of the opening logic to the submission the
text as written is:
In the matter of protection of personal and confidential
information, which is a very newsworthy issue in the 21st
century, privacy practices are a matter of consumer trust, and
therefore high risk for those operating an Internet business.
Even if customers have obediently complied with demands for
excessive collection and disclosure of personal information up
to this point, in the current news furor over Snowden and the
cooperation of business with national governments engaged in
surveillance, this could change with the next news story. The
Internet facilitates successful privacy campaigns.
I would suggest that the submission focus in immediately on ICANN
practice and evolving policy on the protection of personal and
confidential information, and not so much Snowden and news
stories.
[Possible revision]
In the matter of protection of personal and confidential
information on the Internet social norms and public policy are
evolving and ICANN should be in the forefront of helping define
workable practice, as well as bringing its contract language in
line with public policy. It is bad ICANN business practice to
put registrars at odds with national privacy policy. It also
jeopardizes registrars’ consumer trust and puts at risk the
business of those operating an Internet business.
#2: [Comment] There is a saying about the Catholic Church, to the
effect that dealing with social norms it always arrives a little
late and out of breath. ICANN is acting in a similar way. ICANN
could both handle this in contract language, and help evolve best
and workable practices around the protection of personal and
confidential information by (a) contract language that is
consistent with national policy, and (b) showing some leadership
in what would be good and workable policy here. ICANN is neither a
King nor a Church bestowing favors on registries and registrars.
It is a business entering into contractual obligations with its
direct customers.
#3: [Typo] I don’t know if the typo is in the Blacknight
quote or not, but 5.3 should read …., then [not than] ALL
registrars based in Germany…”
5.3 Response. The European Commission in its comments wrote, and
we strongly agree: “the same exception should apply to others in
the same jurisdiction who can demonstrate that they are in the
same situation.” Further, Blacknight wrote and we support: “if ANY
registrar in Germany, for example, is granted a waiver based on
German law, then ALL registrars based in Germany should
receive the same treatment.” Once a national data protection or
privacy law is interpreted as requiring and exemption or
modification, it should be available to all Registries/Registrars
in that country.
Sam L.