Re: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois

[Rick Wesson <rick@xxxxxxxxxxxxxxxxxxxxxxxx>]

Volker,

key-systems was around when we transitioned .ORG. Did you offer your
registrants at the time to delete their domain before you pushed it to
the registry? How about all the other ccTLDs in the intervening years
that have implemented thick EPP based registries? I suspect with all
the transitions that your organization never made the offer to delete
their domain than send the information to the registry.

-rick


On Wed, Jan 30, 2013 at 6:42 AM, Volker Greimann
<vgreimann@xxxxxxxxxxxxxxx> wrote:
>
> Hi Jeff,
>
> I am aware of our T&Cs, but not all T&Cs are created equal. Also the
> agreements need to be looked at in their context, i.e. the situation at the
> time the registrant accepted them. At this point in time, in thin
> registries, we are the data controller and control the data under an
> agreement with the registrant, whereas for thin registries we are a mere
> data processor.
>
> To look at it from another angle:
> If the switch from thin to thick happened, we would at the minimum need to
> inform our customers about this fact to allow them to delete their domain
> names before that switch as the material nature of the data handling and our
> role concerning that handling would change.
>
> Volker
>
>> Volker,
>>
>> This is taken from one of your registrars Ts and Cs (Domain Discount 24).
>> It already has a provision in there stating that the registrant consents to
>> transmitting all of this data (REGARDLESS OF THE TLD) to the registry. See
>> http://www.domaindiscount24.com/en/legal-notice/terms-and-conditions#dom_reg.
>> It doesn't say you wont do it for com, net and jobs.  It says you do it for
>> all TLDs.  So you already have the permissions you need in your existing
>> legal agreement to sent it to the registry (no matter where in the world it
>> is.
>>
>> This is my point.  In THEORY, it could be an issue if a registrant signed
>> a legal agreement that stated its data would not be sent out of the
>> jurisdiction and then it was because the registry was thin and is now
>> requiring thick.
>>
>> But THE EVIDENCE is not there for any of the legal agreements I have
>> looked at from the registrars to show that this is an actual issue.
>>
>>
>>
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>>
>>
>> 3. Domain owner data
>>   1. The customer is commited to supply Registrar with the following
>> information and data for the purpose of forwarding to the registry and
>> possibly for the purpose of publishing in the public WHOIS of registered
>> domain names. By entering and changing the data in the online-interface
>> Customer assures that his information is correct, complete and truthful.
>> This concerns in particular:
>>   .Current and complete information about the full name or name of a legal
>> person, mailing address, e-mail address, voice telephone number and - if
>> available - fax;
>>   .The IP address of the domain name server (primary and secondary server)
>> and the name of these servers;
>>   .the full name, postal address, e-mail address, voice telephone and fax
>> number of the administrative contact, the technical contact and the billing
>> contact.
>>   2. The necessary information and data may vary depending on the TLD. As
>> far as more data is required, this data must be provided during the
>> registration process or alternatively delivered upon request from Registrar.
>>   3. The information and data has to be updated when necessary, incomplete
>> data must be completed. Customer acknowledges that the provision of false
>> data can directly lead to loss of rights from the service without refund.
>> This also applies in the event that Customer does not comply with any
>> request of Registrar to correct the data or provide proof of its accuracy
>> within the time allowed.
>>   4. By providing data of a third party Customer confirms that he has
>> informed the third party about the provision and use of the data and that
>> the third party has expressly agreed with this provision and use.
>>
>> Jeffrey J. Neuman
>> Neustar, Inc. / Vice President, Business Affairs
>>
>>
>> -----Original Message-----
>> From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx
>> [mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Volker Greimann
>> Sent: Wednesday, January 30, 2013 9:09 AM
>> To: Alan Greenberg
>> Cc: Avri Doria; Thick Whois
>> Subject: Re: [gnso-thickwhoispdp-wg] Dangers and risks of thick Whois
>>
>>
>> Ah, that is a misconception, Alan. Just because the data is publicly
>> available does not make it less private. The individual to whom the data
>> belonds may have agreed to certain uses of his private data, such as
>> transmission to a registry or publication in the whois, but in the end it
>> remains his own private data, in his sole ownership and he may request
>> deletion of that data at any time (which may cost him the domain name, or
>> the fees of a privacy provider, of course).
>>
>> Owenership of your own private data is very well regulated over here. ;-)
>>
>> Best,
>>
>> Volker
>>>
>>> The data passed to the registry is the same data that the registrar
>>> would make fully public in Whois.
>>>
>>> Yes, the information may be transferred to another jurisdiction. and
>>> that jurisdiction may treat PRIVATE information differently. If a
>>> thick whois required a registrar to transfer PRIVATE information, it
>>> could be an issue. But there is *NO* private data involved in this
>>> transfer. So how that target jurisdiction treats private information
>>> does not impact this discussion.
>>>
>>> Alan
>>>
>>> At 29/01/2013 01:51 PM, Avri Doria wrote:
>>>
>>>> Hi,
>>>>
>>>> As I understand it, in a thick whois, the Registrar would be forced
>>>> to pass all that information to the Registry.  At this point they
>>>> don't need to.
>>>>
>>>> So the information will then be transferred from one national
>>>> jurisdiction to another.  And those jurisdictions could have a very
>>>> different treatment of that private information.  That jurisdictional
>>>> shift is the crux of the problem.
>>>>
>>>> To the group: Apologies for making Rick so very angry at me.
>>>>
>>>> avri
>>>>
>>>>
>>>>
>>>> On 29 Jan 2013, at 10:39, Alan Greenberg wrote:
>>>>
>>>>> I agree on all of these principles, but do not understand the
>>>>
>>>> relevance to thick/thin Whois model. Why does the registry holding a
>>>> copy of the data WHICH IS ALREADY PUBLICLY AVAILABLE alter anything?
>>>> Privacy is still protected by the original registrar or proxy
>>>> provider based on the laws in their jurisdiction.
>>>>>
>>>>> An organization that works on gay issues can register in a country
>>>>
>>>> and with a registrar that will hide their identity under multiple
>>>> levels and will even defend a UDRP if necessary, without unmasking
>>>> the original registrant". All that will show up in the registry
>>>> database is the top proxy provider - exactly what the registrar would
>>>> show in its Whois output in the thin model.
>>>>>
>>>>> I do note that as alluded to above, that most proxy providers will
>>>>
>>>> unmask the original registrant as soon as a UDRP is filed, even if
>>>> that UDRP might have little merit. And even if the UDRP is lost, the
>>>> original registrant's name will be published in the public report on
>>>> the UDRP. I have never heard of anyone fighting to change that rule!
>>>>>
>>>>> Alan
>>
>>
>> --
>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>
>> Mit freundlichen Grüßen,
>>
>> Volker A. Greimann
>> - Rechtsabteilung -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann@xxxxxxxxxxxxxxx
>>
>> Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com /
>> www.BrandShelter.com
>>
>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>> www.facebook.com/KeySystems
>> www.twitter.com/key_systems
>>
>> Geschäftsführer: Alexander Siffrin
>> Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.:
>> DE211006534
>>
>> Member of the KEYDRIVE GROUP
>> www.keydrive.lu
>>
>> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen
>> Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder
>> Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese
>> Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per
>> E-Mail oder telefonisch in Verbindung zu setzen.
>>
>> --------------------------------------------
>>
>> Should you have any further questions, please do not hesitate to contact
>> us.
>>
>> Best regards,
>>
>> Volker A. Greimann
>> - legal department -
>>
>> Key-Systems GmbH
>> Im Oberen Werk 1
>> 66386 St. Ingbert
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann@xxxxxxxxxxxxxxx
>>
>> Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com /
>> www.BrandShelter.com
>>
>> Follow us on Twitter or join our fan community on Facebook and stay
>> updated:
>> www.facebook.com/KeySystems
>> www.twitter.com/key_systems
>>
>> CEO: Alexander Siffrin
>> Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUP
>> www.keydrive.lu
>>
>> This e-mail and its attachments is intended only for the person to whom it
>> is addressed. Furthermore it is not permitted to publish any content of this
>> email. You must not use, disclose, copy, print or rely on this e-mail. If an
>> addressing or transmission error has misdirected this e-mail, kindly notify
>> the author by replying to this e-mail or contacting us by telephone.
>>
>>
>>
>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann@xxxxxxxxxxxxxxx
>
> Web: www.key-systems.net / www.RRPproxy.net
> www.domaindiscount24.com / www.BrandShelter.com
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen
> Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder
> Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese
> Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per
> E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann@xxxxxxxxxxxxxxx
>
> Web: www.key-systems.net / www.RRPproxy.net
> www.domaindiscount24.com / www.BrandShelter.com
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu
>
> This e-mail and its attachments is intended only for the person to whom it
> is addressed. Furthermore it is not permitted to publish any content of this
> email. You must not use, disclose, copy, print or rely on this e-mail. If an
> addressing or transmission error has misdirected this e-mail, kindly notify
> the author by replying to this e-mail or contacting us by telephone.
>
>
>