[gnso-acc-sgb] Re: RCMP summary of procedures

["Carole Bird" <Carole.Bird@xxxxxxxxxxxxxx>]

Hi Milton, 

My responses are below. 

Carole 

>>> "Milton Mueller" <mueller@xxxxxxx> 05/18/07 11:29 PM >>>
Thanks, Carole for this valuable summary. I found it informative. 
Two questions for you. 

>>> "Carole Bird" <Carole.Bird@xxxxxxxxxxxxxx> 05/18/07 6:19 PM >I think
we should let each country's government decide who 
>>.they want to have access to the data and determine how to
>>balance the need to access the information by LEA with their 
>>respective privacy legislation.   

Milton wrote: 

I fundamentally agree in principle. But ICANN's decisions have global
effect for domain name registrants within gTLDs. 
Does this mean that ICANN should adopt the most restrictive,
common-denominator approach and then allow national govts to pass laws
or establish procedures to require registrars or OPoCs in their
territory to open up access more if they deem it necessary? This seems a
pretty good approach to me, but many details would need to be worked
out.

Response: 
That's actually the opposite of what I would recommend.  It's a given that 
ICANN's policy cannot supercede a country's legislation.  That is say that if 
ICANN allows for more information to be provided than a country's law allows, 
then the law is the defining standard.  

If ICANN looks to the strictest laws and imposes this on all countries then 
ICANN is determining that privacy standards should exceed that which a country 
has determined it requires.  This fails to respect the national laws and the 
processes each country went through to determine how it strikes the balance 
between LEA and privacy needs.  

How then can we achieve this? There are a number of options.  Perhaps we should 
look at more of a tiered access instead of "all or nothing" and allow countries 
to identify which level of access is within it's legislative framework.  This 
might even assist Subgroup C as tiers might vary on the "a person's privacy 
rights being different than those of an organization".    There are, of course, 
cost implications. 


2. 
>As it pertains to information sharing on an active 
>investigation, we will ask the entity when they come to 
>us with a complaint to provide to us all of the information 
>they have as it pertains to an offence 

Milton wrote: 

This sounds like you are talking about prosecution after the fact. What
about the need for rapid takedown? It is my belief that once you have
verified that a site is engaged in illegal activities that pose serious
social risks (DDoS, phishing, etc.) that the priority is to stop
theactivit first, and ascertain identity later. How do you cooperate
with private parties in seeking these takedowns? 

Response: 

This isn't after the fact.  It's often concurrent. 

Ideally Police seek:
- to stop the continuation of an offence as quickly as possible  (There are 
exceptions to this where the continuation of an offence may occur to allow for 
the police to gather enough information to pursue an investigation - ie: a drug 
deal may occur so that police can follow the supply chain and apprehend those 
importing the illicit substances).  
- to find evidence of the offence identifying the who, what, where, when and 
how.   
Both of these elements make time a real issue. 

When a complainant comes forward regarding an ongoing offence, we seek to 
action it as quickly as possible to prevent the continuation of an offence. 



Dr. Milton Mueller
Syracuse University School of Information Studies
http://www.digital-convergence.org 
http://www.internetgovernance.org