ICANN ICANN Email List Archives

[gnso-dataprotection-thickwhois]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-dataprotection-thickwhois] RE: [gnso-thickwhoispdp-wg] Addition to Privacy summary

  • To: "gnso-dataprotection-thickwhois@xxxxxxxxx" <gnso-dataprotection-thickwhois@xxxxxxxxx>
  • Subject: Re: [gnso-dataprotection-thickwhois] RE: [gnso-thickwhoispdp-wg] Addition to Privacy summary
  • From: Don Blumenthal <dblumenthal@xxxxxxx>
  • Date: Fri, 17 May 2013 09:52:11 -0400

Hello from the Admiral Fell Inn at Fells Point in Baltimore. Really. I might 
have chosen a different word from "Inn" but it does make the name memorable.

I agree with Alan that we need a definite conclusion but want to pinpoint 
reasons as part of a summary. With that in mind,
Data protection and privacy policy issues exist with respect to Whois data, and 
potential conflicts with data protection regimes is likely to increase. 
However, those questions apply to existing gTLDs as well, and thus need to be 
addressed by ICANN in much more detail and perhaps with greater transparency 
than has existed before. Existing ICANN policies and procedures allow some 
level of flexibility with respect to accommodating potential legal conflicts, 
and indications are that this flexibility will increase. Therefore, given the 
number of existing and pending new gTLDs that use or will use a thick Whois 
model, the clear need for ICANN examination of data protection and privacy 
issues in the context of Whois data, and the likelihood that contracted party 
ability to address legal concerns will increase, the Working Group sees no need 
not to move ahead with future thick Whois registries based on data protection 
and privacy concerns.  A consistent approach to registry management has value.
Some Working Group participants are uneasy with the vast amounts of data that 
would have to be transferred, especially across jurisdictional boundaries, if 
existing thin registries were required to change to thick. Registration data 
currently transfers among entities regularly but not on the scale that would 
occur if .com in particular had to move to a new framework. These concerns must 
be addressed fully in any security structures and data protection analyses that 
were to be done in planning a transition.
Thoughts welcome, on the text or I guess the now open question of if we want to 
summarize. I had misunderstood the conversation that led to Alan's effort. I 
think that a blurb has value given the length of our section, especially in 
comparison to the other parts.

Don

From: Alan Greenberg <alan.greenberg@xxxxxxxxx<mailto:alan.greenberg@xxxxxxxxx>>
Date: Tuesday, May 14, 2013 11:39 AM
To: Don Blumenthal <dblumenthal@xxxxxxx<mailto:dblumenthal@xxxxxxx>>, 
"gnso-dataprotection-thickwhois@xxxxxxxxx<mailto:gnso-dataprotection-thickwhois@xxxxxxxxx>"
 
<gnso-dataprotection-thickwhois@xxxxxxxxx<mailto:gnso-dataprotection-thickwhois@xxxxxxxxx>>
Subject: Re: [gnso-dataprotection-thickwhois] RE: [gnso-thickwhoispdp-wg] 
Addition to Privacy summary

The summary (and latest addition) were just done to try to move things forward. 
I have no problem scrapping it or changing it, but I do believe that we need a 
GO or NO-GO conclusion for this section.

Alan

At 14/05/2013 11:21 AM, Don Blumenthal wrote:
To the subteam list.

I’m having second thoughts about the wisdom of doing a summary but I guess it’s 
too late. Sometimes summaries can create more contention about whether they 
accurately reflect a document than the document itself generated. I understand 
the concept that the report is in the full WG now but I think that we had two 
conversations going this morning, at least based on what I saw in the chat and 
what little I could hear.

1)      Is the summary a fair description of the paper?
2)      Was the paper right or wrong?

I’ve been a bit scarce because of travel, as always, and two major hard stop 
deadlines tomorrow. I’ll be able to reengage on Thursday but as a quick 
comment, I have no problem with statement about unease but I’m not clear about 
the meaning of the “not translated” part. As a point of clarification, the 
formal procedures for resolving data protection conflicts apply to both 
registries and registrars. The new RAA only changes the threshold for raising 
issues. As an aside, I expect from side conversations to see comments 
suggesting that the draft language be amended to include data publication 
rather than just collection and retention.

Don



From: 
owner-gnso-thickwhoispdp-wg@xxxxxxxxx<mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx>
 [ mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Alan Greenberg
Sent: Tuesday, May 14, 2013 11:01 AM
To: Thick Whois WG
Subject: [gnso-thickwhoispdp-wg] Addition to Privacy summary

Although Mikey assigned the first gauntlet to Amr, I had already drafted 
something while we were speaking, so I will toss it out here in case it is 
applicable. It is in BOLD BLUE below. (which I hope the mailing list will not 
delete.)

Alan

Summary of Thick Whois PDP WG Data Protection and Privacy Paper

There are currently issues with respect to privacy related to Whois, and these 
will only grow in the future. Those issues apply to other gTLDs as well, and 
thus will need to be addressed by ICANN. Existing Registry policy and practice 
allows flexibility when needed, and the new draft RAA provides similar options 
for registrars. None of these issues seem to be related to whether a thick or 
thin Whois model is being used. The support of the Registrar Stakeholder Group 
related to a thin-to-thick transition implies that they perceive no immediate 
issue. There are still WG participants who feel uneasy with the vast amounts of 
data that will need to be transferred across jurisdictional boundaries, but 
those have not translated into concrete concerns. So although privacy issues 
may become a substantive issue in the future, and should certainly be part of 
the investigation of a replacement for Whois, it is not a reason to not proceed 
with this PDP WG recommending thick Whois for all.




<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy