Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1

[Don Blumenthal <dblumenthal@xxxxxxx>]

Steve,

Thanks for flagging this point. Again, I don't have access to my files
right now. Freud would have a field day analyzing why I didn't copy my
Whois-related (sorry for using that term) projects folder to my travel
computer. I will recheck my notes and documents when I get home tomorrow.

Don

On 9/20/13 12:38 PM, "Metalitz, Steven" <met@xxxxxxx> wrote:

>
>Mikey,
>
>I do not share your assumption that the transition to thick Whois  must
>be delayed pending a legal review.   This is entirely unsupported by the
>findings of our report.
>
>1.  "The WG finds that requiring thick Whois for all gTLD registries does
>not raise data protection issues that are specific to thin v. thick
>Whois. "
>
>2.  "There are currently issues with respect to privacy related to Whois
>and these will only grow in the future..... None of these issues seem to
>be related to whether a thick or thin Whois model is being used. "
>
>3.  "So although privacy issues may become a substantive issue in the
>future, and should certainly be part of the investigation of a
>replacement for Whois, it is not a reason not to proceed with the PDP WG
>recommending thick Whois for all."
>
>All these quotes are from the conclusion to section 5.5 of our report.  I
>believe this text represents a consensus of the participants in the
>privacy subgroup of our WG.  Don can confirm or correct this.
>
>I encourage everyone to re-read section 5.5.  It makes very clear that,
>based on over a decade of  experience with thick gTLD registries,
>including the successful transition of one of the largest gTLD registries
>from thin to thick; the complete absence of any legal challenges during
>that time period to the operation of such registries on privacy grounds;,
>and the support of registrars and registries --- the entities with the
>greatest incentive to take seriously the potential legal exposure
>involved  --   for the thick model,  that there is no privacy- or data
>protection-based reason to delay adoption and implementation of the thick
>Whois requirement.
>
>This conclusion reflects the thoroughly discussed and fully negotiated
>view of those who participated actively in this WG over the past year.
>It should not be set aside or undermined at the last minute.
>
>I continue to disagree as well with your point 3 for the reasons already
>thoroughly discussed on this list.
>
>Could you explain what is the difference, in your view, between a
>"little-r recommendation" in section 7.3 and a "big-R recommendation" in
>section 7.1, especially since you propose that both take the form of a
>statement that "We recommend....".
>
>Steve
>-----Original Message-----
>From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx
>[mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Mike O'Connor
>Sent: Friday, September 20, 2013 11:58 AM
>To: Avri Doria
>Cc: Thick Whois
>Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
>
>i think maybe i need to put all the stuff in one post.
>
>1) we put a big-R recommendation to do the legal review in 7.1.  here's
>the language that Volker proposed with some rough draft "sequence"
>language in brackets.
>
>> We recommend that the ICANN Board request an independent legal review
>>to be undertaken [before transition to thick whois] on the privacy
>>implications of a transfer of registrant data between jurisdictions.
>
>2) we beef up the body of the report to support that recommendation --
>the language is already there, i just think it ought to be moved down
>into a more recommendation-focused paragraph.  again rough-draft
>"sequence" language in brackets.
>
>> page 30:  "Again, these questions must be explored in more depth by
>>ICANN Staff [before transition to thick whois], starting with the
>>General Counsel's Office, and by the community. As an added benefit,
>>analyses concerning change of applicable laws with respect to transition
>>from a thin to a thick environment also may prove valuable in the event
>>of changes in a registry's management, presumably an increasing
>>likelihood given the volume of new gTLDs on the horizon."
>
>3) we put a version of your little-r recommendation in section 7.3
>
>> The WG  discussed many of the issues involved in moving from having a
>>registration currently governed under the privacy rules by one
>>jurisdiction in a thick whois to another jurisdiction, the jurisdiction
>>of the Registry in a thick whois.  The WG did not feel it was competent
>>to fully discuss these privacy issues and was not able to fully separate
>>the privacy issues involved in such a move from the general privacy
>>issues that need to be resolved in Whois.  there was also concern with
>>intersection with other related Privacy issues that ICANN currently
>>needs to work on.  The Working group therefore makes the following
>>recommendation:
>>
>> . We recommend that the ICANN Board request a GNSO issues report to
>>cover the issue of Privacy as related to WHOIS and other related GNSO
>>policies.
>
>
>
>
>On Sep 20, 2013, at 9:24 AM, Avri Doria <avri@xxxxxxx> wrote:
>
>>
>> Hi,
>>
>> All lovely ideas, but they don't meet the need to put the privacy
>>issues on the front burner.
>>
>> avri
>>
>> On 20 Sep 2013, at 09:24, Mike O'Connor wrote:
>>
>>> [hijacking this thread back to its original topic]
>>>
>>> hi Avri,
>>>
>>> i, for one, think turnabout on the way to consensus is one of the very
>>>best things about ICANN.  thanks Avri
>>>
>>> here's language describing that legal review as it stands (this is the
>>>last paragraph of Discussion section of 5.5 Data Protection
>>>
>>> page 30:  "Again, these questions must be explored in more depth by
>>>ICANN Staff, starting with the General Counsel's Office, and by the
>>>community. As an added benefit, analyses concerning change of
>>>applicable laws with respect to transition from a thin to a thick
>>>environment also may prove valuable in the event of changes in a
>>>registry's management, presumably an increasing likelihood given the
>>>volume of new gTLDs on the horizon."
>>>
>>> i *think* that's the only place it shows up in the current draft,
>>>which means that while we worked hard on the language, it's not really
>>>a recommendation right now and kindof buried down in the details.  it's
>>>also vague on the sequencing -- but i have been presuming that the
>>>legal review would have to happen before the conversion and would be
>>>comfortable clarifying that.
>>>
>>> from a report-drafting standpoint if we pursue this direction, i think
>>>we'd want to do a few minor revisions to provide support for that big-R
>>>recommendation that's being proposed.
>>>
>>> - clarify that sequence
>>>
>>> - move that paragraph from the "Discussion" section of 5.5 down to the
>>>"Conclusions" section to provide stronger underpinnings for the
>>>recommendation
>>>
>>> all pretty easy to do from a mechanical report-drafting point of view,
>>>if the group agrees on that approach.
>>>
>>> good work.  carry on,
>>>
>>> mikey
>>>
>>>
>>>
>>>
>>> On Sep 19, 2013, at 10:47 AM, Avri Doria <avri@xxxxxxx> wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> Forgive me for doing this bit of turnabout: is this legal review
>>>>something that would occur before the thick whois for incumbent
>>>>registries was put into effect?
>>>>
>>>> At first blush, if this was combined with a 7.3. recommendation for a
>>>>full Issues report, I might be able to accept it and convince the NCSG
>>>>that this was a good compromise.
>>>>
>>>> thanks
>>>>
>>>> avri
>>>>
>>>>
>>>> On 19 Sep 2013, at 11:14, Volker Greimann wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I still find Avri's proposed language too broad, so I tried my hand
>>>>>at a quick rewrite. Probably still needs a little fiddling, but more
>>>>>in the direction what I could support, although putting this into 7.1
>>>>>is a bit iffy to me.
>>>>> The WG discussed many of the issues involved in moving from having a
>>>>>registration currently governed under the privacy rules by one
>>>>>jurisdiction in a thin whois to another jurisdiction, the
>>>>>jurisdiction of the Registry in a thick whois.  The WG did not feel
>>>>>it was competent to reach a final conclusion on these issues
>>>>>involving international privacy laws.
>>>>> The Working group therefore makes the following recommendation:
>>>>>
>>>>> . We recommend that the ICANN Board
>>>>> request an independent legal review to be undertaken on the privacy
>>>>>implications of a transfer of registrant data between jurisdictions.
>>>>> Reasons: If we could not find ourselves competent to decide a small
>>>>>matter like the transfer of private data, how can we expect another
>>>>>PDP to tackle an even broader issue of privacy issues surrounding
>>>>>WHOIS in general? For the purposes of this WG, the determination that
>>>>>we were unable to reach a final conclusion on could and should be
>>>>>resolved by independent counsel.
>>>>>
>>>>> While a new PDP on WHOIS and privacy issues is certainly something
>>>>>worth considering and something I would welcome, I do not feel that
>>>>>this WG needs to make that recommendation as it would be much broader
>>>>>than the smaller issue we were tasked to tackle.
>>>>>
>>>>> Volker
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> For me this needs to be a Recommendation (7.1, big R), not an extra
>>>>>>consideration.  This issue was within the purview of the group and
>>>>>>the group bailed on it for lack of capability.  Fine, then lets step
>>>>>>and recommend that those that have the capability do so.    In this
>>>>>>age of world attention on privacy issues, I can't beleive we are
>>>>>>still dancing around the point.
>>>>>>
>>>>>> I am currently working on getting the NCSG to endorse this.  As the
>>>>>>alternate chair of the NCSG Policy committee I beleive this is
>>>>>>something that will be supported by the NCSG.  I will personally
>>>>>>submit a minority position and work to get the NCSG to endorse it,
>>>>>>if this recommendation is not included in 7.1.  For myself at this
>>>>>>point, I will reject the entire report without this, as the report
>>>>>>is incomplete without this as a primary Recommendation.  To my mind
>>>>>>NCSG would be shirking it responsibilities if we let this report go
>>>>>>out without such a recommendation.
>>>>>>
>>>>>> Incidentally, my impression from the list discussion was that there
>>>>>>was support, but that wording needed changing.  It was changed.
>>>>>>
>>>>>> I understand that there are those who may be playing divide and
>>>>>>conquer games behind the scenes, claiming that my position will hurt
>>>>>>NCSG's reputation.  I have bcc'e d the NCSG on this note so that
>>>>>>they themselves can determine if it is reputation damaging.  There
>>>>>>are others who are are cynically claiming that I am going against
>>>>>>the bottom-up model by insisting on privacy considerations.  I
>>>>>>reject those claims.
>>>>>>
>>>>>> avri
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 19 Sep 2013, at 10:25, Mike O'Connor wrote:
>>>>>>
>>>>>>
>>>>>>> hi all,
>>>>>>>
>>>>>>> i may have been the culprit here.  Avri, my interpretation of the
>>>>>>>desultory conversation on the list was that there *wasn't* much
>>>>>>>support for the idea.  and then when you didn't show up on last
>>>>>>>week's call to pitch/push it, i forgot to bring it up.  my bad --
>>>>>>>sorry about that.
>>>>>>>
>>>>>>> let's try to have a vigorous conversation about this on the list,
>>>>>>>and drive to a conclusion on the call next week.
>>>>>>>
>>>>>>> Avri, you and i had a one-to-one email exchange about this and i
>>>>>>>suggested that this recommendation might fit better, and be more
>>>>>>>widely accepted, if it was in the privacy and data protection part
>>>>>>>of our report (Section 7.3).  could you give us an indication of
>>>>>>>whether acceptance of this version of the recommendation is
>>>>>>>required?  in more casual terms, is there any wiggle room here?  i
>>>>>>>think it would be helpful for the rest of the group to know the
>>>>>>>framework for the conversation.
>>>>>>>
>>>>>>> carry on folks,
>>>>>>>
>>>>>>> mikey
>>>>>>>
>>>>>>>
>>>>>>> On Sep 18, 2013, at 6:39 PM, Avri Doria
>>>>>>> <avri@xxxxxxx>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I was disappointed to not see the recommendation for the Issues
>>>>>>>>report included in 7.1.    I thought we had discussed it on this
>>>>>>>>list and thee had been little opposition, though there was some.
>>>>>>>>I cannot support this report with a strong recommendation for
>>>>>>>>follow on work on the Privacy issues.  And, contrary to what
>>>>>>>>others may beleive, I do not see any such work currently ongoing
>>>>>>>>in ICANN.  I think it i s unfortunate that we keep pushing off
>>>>>>>>this work and are not willing to face it directly.  I beleive I
>>>>>>>>have the support of others in the NCSG, though the content of a
>>>>>>>>minority statement has yet to be decided on.
>>>>>>>>
>>>>>>>> While still somewhat inadequate, I am ready to argue for going
>>>>>>>>along with consensus on this document if the following is included
>>>>>>>>in 7.1:
>>>>>>>>
>>>>>>>>
>>>>>>>> The WG  discussed many of the issues involved in moving from
>>>>>>>>having a registration currently governed under the privacy rules
>>>>>>>>by one jurisdiction in a thick whois to another jurisdiction, the
>>>>>>>>jurisdiction of the Registry in a thick whois.  The WG did not
>>>>>>>>feel it was competent to fully discuss these privacy issues and
>>>>>>>>was not able to fully separate the privacy issues involved in such
>>>>>>>>a move from the general privacy issues that need to be resolved in
>>>>>>>>Whois.  there was also concern with intersection with other
>>>>>>>>related Privacy issues that ICANN currently needs to work on.  The
>>>>>>>>Working group therefore makes the following recommendation:
>>>>>>>>
>>>>>>>> . We recommend that the ICANN Board request a GNSO issues report
>>>>>>>>to cover the issue of Privacy as related to WHOIS and other
>>>>>>>>related GNSO policies.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> avri
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB:
>>>>>>> www.haven2.com
>>>>>>> , HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>>>>
>>>>> Mit freundlichen Grüßen,
>>>>>
>>>>> Volker A. Greimann
>>>>> - Rechtsabteilung -
>>>>>
>>>>> Key-Systems GmbH
>>>>> Im Oberen Werk 1
>>>>> 66386 St. Ingbert
>>>>> Tel.: +49 (0) 6894 - 9396 901
>>>>> Fax.: +49 (0) 6894 - 9396 851
>>>>> Email:
>>>>> vgreimann@xxxxxxxxxxxxxxx
>>>>>
>>>>>
>>>>> Web:
>>>>> www.key-systems.net / www.RRPproxy.net
>>>>> www.domaindiscount24.com / www.BrandShelter.com
>>>>>
>>>>>
>>>>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>>>>>
>>>>> www.facebook.com/KeySystems
>>>>> www.twitter.com/key_systems
>>>>>
>>>>>
>>>>> Geschäftsführer: Alexander Siffrin
>>>>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>>>>> Umsatzsteuer ID.: DE211006534
>>>>>
>>>>> Member of the KEYDRIVE GROUP
>>>>>
>>>>> www.keydrive.lu
>>>>>
>>>>>
>>>>> Der Inhalt dieser Nachricht ist vertraulich und nur für den
>>>>>angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe,
>>>>>Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist
>>>>>unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so
>>>>>bitten wir Sie, sich mit uns per E-Mail oder telefonisch in
>>>>>Verbindung zu setzen.
>>>>>
>>>>> --------------------------------------------
>>>>>
>>>>> Should you have any further questions, please do not hesitate to
>>>>>contact us.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Volker A. Greimann
>>>>> - legal department -
>>>>>
>>>>> Key-Systems GmbH
>>>>> Im Oberen Werk 1
>>>>> 66386 St. Ingbert
>>>>> Tel.: +49 (0) 6894 - 9396 901
>>>>> Fax.: +49 (0) 6894 - 9396 851
>>>>> Email:
>>>>> vgreimann@xxxxxxxxxxxxxxx
>>>>>
>>>>>
>>>>> Web:
>>>>> www.key-systems.net / www.RRPproxy.net
>>>>> www.domaindiscount24.com / www.BrandShelter.com
>>>>>
>>>>>
>>>>> Follow us on Twitter or join our fan community on Facebook and stay
>>>>>updated:
>>>>>
>>>>> www.facebook.com/KeySystems
>>>>> www.twitter.com/key_systems
>>>>>
>>>>>
>>>>> CEO: Alexander Siffrin
>>>>> Registration No.: HR B 18835 - Saarbruecken
>>>>> V.A.T. ID.: DE211006534
>>>>>
>>>>> Member of the KEYDRIVE GROUP
>>>>>
>>>>> www.keydrive.lu
>>>>>
>>>>>
>>>>> This e-mail and its attachments is intended only for the person to
>>>>>whom it is addressed. Furthermore it is not permitted to publish any
>>>>>content of this email. You must not use, disclose, copy, print or
>>>>>rely on this e-mail. If an addressing or transmission error has
>>>>>misdirected this e-mail, kindly notify the author by replying to this
>>>>>e-mail or contacting us by telephone.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
>>>OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>>>
>>
>>
>
>
>PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
>OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>
>