Re: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois

[Avri Doria <avri@xxxxxxx>]

Hi,

What is private, or should is say PRIVATE, information under one jurisdiction 
is not necessarily private under another.

We cannot assume an US-centric definition of what is private as determinative.

Part of the value of the separation of Registrar and Registry is that it allows 
for different jurisdictions.  Even the GNSO recognized this when it decided 
that no registrar could be forced to reveal data against its national laws.  
Moving all the data to the Registry eliminates these jurisdictional protections 
and eliminates one of the important differentiators between registrars.

avri


On 29 Jan 2013, at 11:48, Alan Greenberg wrote:

> 
> The data passed to the registry is the same data that the registrar would 
> make fully public in Whois.
> 
> Yes, the information may be transferred to another jurisdiction. and that 
> jurisdiction may treat PRIVATE information differently. If a thick whois 
> required a registrar to transfer PRIVATE information, it could be an issue. 
> But there is *NO* private data involved in this transfer. So how that target 
> jurisdiction treats private information does not impact this discussion.
> 
> Alan
> 
> At 29/01/2013 01:51 PM, Avri Doria wrote:
> 
>> Hi,
>> 
>> As I understand it, in a thick whois, the Registrar would be forced to pass 
>> all that information to the Registry.  At this point they don't need to.
>> 
>> So the information will then be transferred from one national jurisdiction 
>> to another.  And those jurisdictions could have a very different treatment 
>> of that private information.  That jurisdictional shift is the crux of the 
>> problem.
>> 
>> To the group: Apologies for making Rick so very angry at me.
>> 
>> avri
>> 
>> 
>> 
>> On 29 Jan 2013, at 10:39, Alan Greenberg wrote:
>> 
>> >
>> > I agree on all of these principles, but do not understand the relevance to 
>> > thick/thin Whois model. Why does the registry holding a copy of the data 
>> > WHICH IS ALREADY PUBLICLY AVAILABLE alter anything? Privacy is still 
>> > protected by the original registrar or proxy provider based on the laws in 
>> > their jurisdiction.
>> >
>> > An organization that works on gay issues can register in a country and 
>> > with a registrar that will hide their identity under multiple levels and 
>> > will even defend a UDRP if necessary, without unmasking the original 
>> > registrant". All that will show up in the registry database is the top 
>> > proxy provider - exactly what the registrar would show in its Whois output 
>> > in the thin model.
>> >
>> > I do note that as alluded to above, that most proxy providers will unmask 
>> > the original registrant as soon as a UDRP is filed, even if that UDRP 
>> > might have little merit. And even if the UDRP is lost, the original 
>> > registrant's name will be published in the public report on the UDRP. I 
>> > have never heard of anyone fighting to change that rule!
>> >
>> > Alan
> 
>