RE: [gnso-thickwhoispdp-wg] missing recommendation in 7.1

["Metalitz, Steven" <met@xxxxxxx>]

The existing words do not include the parenthetical [before transition to Thick 
Whois].  That is not what the report already says on page 30.   

-----Original Message-----
From: Alan Greenberg [mailto:alan.greenberg@xxxxxxxxx] 
Sent: Friday, September 20, 2013 5:01 PM
To: Mike O'Connor
Cc: Metalitz, Steven; Avri Doria; Thick Whois
Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1

I can live with the existing words (although including them would not have been 
my choice). I find the term "legal review" more onerous. But perhaps that is 
just me.

As I said, I cannot believe that the Board will approve it without getting 
legal agreement.

Alan

At 20/09/2013 02:51 PM, Mike O'Connor wrote:
>hi Alan,
>
>could you expand your reasons for why do you disagree with a 
>recommendation for a legal review?
>
>isn't that what the privacy and data protection section of the report 
>already says on page
>30?   "Again, these questions must be explored 
>in more depth by ICANN Staff [before transition to thick whois], 
>starting with the General Counsel's Office, and by the community. As an 
>added benefit, analyses concerning change of applicable laws with 
>respect to transition from a thin to a thick environment also may prove 
>valuable in the event of changes in a registry's management, presumably 
>an increasing likelihood given the volume of new gTLDs on the horizon."
>
>thanks,
>
>mikey
>
>On Sep 20, 2013, at 12:58 PM, Alan Greenberg <alan.greenberg@xxxxxxxxx> wrote:
>
> > If ICANN feels the need to do a legal review
> prior to implementation, so be it. We have no control over that. But I 
> strongly disagree with recommending that.
> >
> > Alan
> >
> > At 20/09/2013 01:04 PM, Mike O'Connor wrote:
> >> hi Steve
> >>
> >> i generally try to stay out of the "content" 
> part of the discussion if i can, but i have to admit that it seems 
> quite prudent to do a legal review, along the lines of the one that 
> the sub-team recommended.  i don't quite understand the value of doing 
> that review *after* the transition, so i'd just assumed it would come 
> first.
> >>
> >> i think we could put some speed-pressure on
> by elevating our language about the urgency of the process to cover 
> both the legal review and the transition.
> >>
> >>
> >> On Sep 20, 2013, at 11:54 AM, "Metalitz, Steven" <met@xxxxxxx> wrote:
> >>
> >> > So it is now being proposed that an
> independent legal review before transition to thick Whois be a 
> consensus policy?
> >> >
> >> > -----Original Message-----
> >> > From: Mike O'Connor [mailto:mike@xxxxxxxxxx]
> >> > Sent: Friday, September 20, 2013 12:45 PM
> >> > To: Metalitz, Steven
> >> > Cc: Avri Doria; Thick Whois
> >> > Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 
> >> > 7.1
> >> >
> >> > hi Steve,
> >> >
> >> > the "little-r" "big-R" recommendation talk
> is short hand for the idea that section 7.1 is where our single actual 
> "recommendation" is -- the recommendation to require thick whois.
> >> >
> >> > section 7.3 is "Additional Observations" 
> and is set forth as documentation for the Council or the staff to take 
> further action if "deemed appropriate and timely."  so putting a 
> recommendation in 7.1 puts it into consensus policy, putting a 
> recommendation in 7.3 puts in in the "suggestions" pile.
> >> >
> >> > mikey
> >> >
> >> >
> >> > On Sep 20, 2013, at 11:38 AM, "Metalitz, Steven" <met@xxxxxxx> wrote:
> >> >
> >> >> Mikey,
> >> >>
> >> >> I do not share your assumption that the
> transition to thick Whois  must be delayed 
> pending a legal review.   This is entirely 
> unsupported by the findings of our report.
> >> >>
> >> >> 1.  "The WG finds that requiring thick
> Whois for all gTLD registries does not raise data protection issues 
> that are specific to thin v. thick Whois. "
> >> >>
> >> >> 2.  "There are currently issues with
> respect to privacy related to Whois and these will only grow in the 
> future..... None of these issues seem to be related to whether a thick 
> or thin Whois model is being used. "
> >> >>
> >> >> 3.  "So although privacy issues may
> become a substantive issue in the future, and should certainly be part 
> of the investigation of a replacement for Whois, it is not a reason 
> not to proceed with the PDP WG recommending thick Whois for all."
> >> >>
> >> >> All these quotes are from the conclusion
> to section 5.5 of our report.  I believe this text represents a 
> consensus of the participants in the privacy subgroup of our WG.  Don 
> can confirm or correct this.
> >> >>
> >> >> I encourage everyone to re-read section
> 5.5.  It makes very clear that, based on over a decade of  experience 
> with thick gTLD registries, including the successful transition of one 
> of the largest gTLD registries from thin to thick; the complete 
> absence of any legal challenges during that time period to the 
> operation of such registries on privacy grounds;, and the support of 
> registrars and registries --- the entities with the greatest incentive 
> to take seriously the potential legal
> exposure involved  --   for the thick 
> model,  that there is no privacy- or data protection-based reason to 
> delay adoption and implementation of the thick Whois requirement.
> >> >>
> >> >> This conclusion reflects the thoroughly
> discussed and fully negotiated view of those who participated actively 
> in this WG over the
> past year.   It should not be set aside or undermined at the last minute.
> >> >>
> >> >> I continue to disagree as well with your
> point 3 for the reasons already thoroughly discussed on this list.
> >> >>
> >> >> Could you explain what is the difference,
> in your view, between a "little-r
> recommendation" in section 7.3 and a "big-R recommendation" in section 
> 7.1, especially since you propose that both take the form of a 
> statement that "We recommend....".
> >> >>
> >> >> Steve
> >> >> -----Original Message-----
> >> >> From: 
> owner-gnso-thickwhoispdp-wg@xxxxxxxxx
> [mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Mike 
> O'Connor
> >> >> Sent: Friday, September 20, 2013 11:58 AM
> >> >> To: Avri Doria
> >> >> Cc: Thick Whois
> >> >> Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 
> >> >> 7.1
> >> >>
> >> >> i think maybe i need to put all the stuff in one post.
> >> >>
> >> >> 1) we put a big-R recommendation to do
> the legal review in 7.1.  here's the language that Volker proposed 
> with some rough draft "sequence" language in brackets.
> >> >>
> >> >>> We recommend that the ICANN Board
> request an independent legal review to be undertaken [before 
> transition to thick whois] on the privacy implications of a transfer 
> of registrant data between jurisdictions.
> >> >>
> >> >> 2) we beef up the body of the report to
> support that recommendation -- the language is already there, i just 
> think it ought to be moved down into a more recommendation-focused 
> paragraph.  again rough-draft "sequence" language in brackets.
> >> >>
> >> >>> page 30:  "Again, these questions must
> be explored in more depth by ICANN Staff [before transition to thick 
> whois], starting with the General Counsel's Office, and by the 
> community. As an added benefit, analyses concerning change of 
> applicable laws with respect to transition from a thin to a thick 
> environment also may prove valuable in the event of changes in a 
> registry's management, presumably an increasing likelihood given the 
> volume of new gTLDs on the horizon."
> >> >>
> >> >> 3) we put a version of your little-r recommendation in section 
> >> >> 7.3
> >> >>
> >> >>> The WG  discussed many of the issues
> involved in moving from having a registration currently governed under 
> the privacy rules by one jurisdiction in a thick whois to another 
> jurisdiction, the jurisdiction of the Registry in a thick whois.  The 
> WG did not feel it was competent to fully discuss these privacy issues 
> and was not able to fully separate the privacy issues involved in such 
> a move from the general privacy issues that need to be resolved in 
> Whois.  there was also concern with intersection with other related 
> Privacy issues that ICANN currently needs to work on.  The Working 
> group therefore makes the following recommendation:
> >> >>>
> >> >>> . We recommend that the ICANN Board
> request a GNSO issues report to cover the issue of Privacy as related 
> to WHOIS and other related GNSO policies.
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> On Sep 20, 2013, at 9:24 AM, Avri Doria <avri@xxxxxxx> wrote:
> >> >>
> >> >>>
> >> >>> Hi,
> >> >>>
> >> >>> All lovely ideas, but they don't meet
> the need to put the privacy issues on the front burner.
> >> >>>
> >> >>> avri
> >> >>>
> >> >>> On 20 Sep 2013, at 09:24, Mike O'Connor wrote:
> >> >>>
> >> >>>> [hijacking this thread back to its original topic]
> >> >>>>
> >> >>>> hi Avri,
> >> >>>>
> >> >>>> i, for one, think turnabout on the way
> to consensus is one of the very best things about ICANN.  thanks Avri
> >> >>>>
> >> >>>> here's language describing that legal
> review as it stands (this is the last paragraph of Discussion section 
> of 5.5 Data Protection
> >> >>>>
> >> >>>> page 30:  "Again, these questions must
> be explored in more depth by ICANN Staff, starting with the General 
> Counsel's Office, and by the community. As an added benefit, analyses 
> concerning change of applicable laws with respect to transition from a 
> thin to a thick environment also may prove valuable in the event of 
> changes in a registry's management, presumably an increasing 
> likelihood given the volume of new gTLDs on the horizon."
> >> >>>>
> >> >>>> i *think* that's the only place it
> shows up in the current draft, which means that while we worked hard 
> on the language, it's not really a recommendation right now and kindof 
> buried down in the details.  it's also vague on the sequencing -- but 
> i have been presuming that the legal review would have to happen 
> before the conversion and would be comfortable clarifying that.
> >> >>>>
> >> >>>> from a report-drafting standpoint if we
> pursue this direction, i think we'd want to do a few minor revisions 
> to provide support for that big-R recommendation that's being 
> proposed.
> >> >>>>
> >> >>>> - clarify that sequence
> >> >>>>
> >> >>>> - move that paragraph from the
> "Discussion" section of 5.5 down to the "Conclusions" section to 
> provide stronger underpinnings for the recommendation
> >> >>>>
> >> >>>> all pretty easy to do from a mechanical
> report-drafting point of view, if the group agrees on that approach.
> >> >>>>
> >> >>>> good work.  carry on,
> >> >>>>
> >> >>>> mikey
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> On Sep 19, 2013, at 10:47 AM, Avri Doria <avri@xxxxxxx> wrote:
> >> >>>>
> >> >>>>>
> >> >>>>> Hi,
> >> >>>>>
> >> >>>>> Forgive me for doing this bit of
> turnabout: is this legal review something that would occur before the 
> thick whois for incumbent registries was put into effect?
> >> >>>>>
> >> >>>>> At first blush, if this was combined
> with a 7.3. recommendation for a full Issues report, I might be able 
> to accept it and convince the NCSG that this was a good compromise.
> >> >>>>>
> >> >>>>> thanks
> >> >>>>>
> >> >>>>> avri
> >> >>>>>
> >> >>>>>
> >> >>>>> On 19 Sep 2013, at 11:14, Volker Greimann wrote:
> >> >>>>>
> >> >>>>>> Hi all,
> >> >>>>>>
> >> >>>>>> I still find Avri's proposed language
> too broad, so I tried my hand at a quick rewrite. Probably still needs 
> a little fiddling, but more in the direction what I could support, 
> although putting this into 7.1 is a bit iffy to me.
> >> >>>>>> The WG discussed many of the issues
> involved in moving from having a registration currently governed under 
> the privacy rules by one jurisdiction in a thin whois to another 
> jurisdiction, the jurisdiction of the Registry in a thick whois.  The 
> WG did not feel it was competent to reach a final conclusion on these 
> issues involving international privacy laws.
> >> >>>>>> The Working group therefore makes the following recommendation:
> >> >>>>>>
> >> >>>>>> . We recommend that the ICANN Board request an independent 
> >> >>>>>> legal review
> to be undertaken on the privacy implications of a transfer of 
> registrant data between jurisdictions.
> >> >>>>>> Reasons: If we could not find
> ourselves competent to decide a small matter like the transfer of 
> private data, how can we expect another PDP to tackle an even broader 
> issue of privacy issues surrounding WHOIS in general? For the purposes 
> of this WG, the determination that we were unable to reach a final 
> conclusion on could and should be resolved by independent counsel.
> >> >>>>>>
> >> >>>>>> While a new PDP on WHOIS and privacy
> issues is certainly something worth considering and something I would 
> welcome, I do not feel that this WG needs to make that recommendation 
> as it would be much broader than the smaller issue we were tasked to tackle.
> >> >>>>>>
> >> >>>>>> Volker
> >> >>>>>>
> >> >>>>>>> Hi,
> >> >>>>>>>
> >> >>>>>>> For me this needs to be a
> Recommendation (7.1, big R), not an extra consideration.  This issue 
> was within the purview of the group and the group bailed on it for 
> lack of capability.  Fine, then lets step and recommend that those 
> that have the
> capability do so.    In this age of world 
> attention on privacy issues, I can't beleive we are still dancing 
> around the point.
> >> >>>>>>>
> >> >>>>>>> I am currently working on getting
> the NCSG to endorse this.  As the alternate chair of the NCSG Policy 
> committee I beleive this is something that will be supported by the 
> NCSG.  I will personally submit a minority position and work to get 
> the NCSG to endorse it, if this recommendation is not included in 7.1.  
> For myself at this point, I will reject the entire report without 
> this, as the report is incomplete without this as a primary 
> Recommendation.  To my mind NCSG would be shirking it responsibilities 
> if we let this report go out without such a recommendation.
> >> >>>>>>>
> >> >>>>>>> Incidentally, my impression from the
> list discussion was that there was support, but that wording needed 
> changing.  It was changed.
> >> >>>>>>>
> >> >>>>>>> I understand that there are those
> who may be playing divide and conquer games behind the scenes, 
> claiming that my position will hurt NCSG's reputation.  I have bcc'e d 
> the NCSG on this note so that they themselves can determine if it is 
> reputation damaging.  There are others who are are cynically claiming 
> that I am going against the bottom-up model by insisting on privacy 
> considerations.  I reject those claims.
> >> >>>>>>>
> >> >>>>>>> avri
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>> On 19 Sep 2013, at 10:25, Mike O'Connor wrote:
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>>> hi all,
> >> >>>>>>>>
> >> >>>>>>>> i may have been the culprit
> here.  Avri, my interpretation of the desultory conversation on the 
> list was that there
> *wasn't* much support for the idea.  and then when you didn't show up 
> on last week's call to pitch/push it, i forgot to bring it up.  my bad 
> -- sorry about that.
> >> >>>>>>>>
> >> >>>>>>>> let's try to have a vigorous
> conversation about this on the list, and drive to a conclusion on the 
> call next week.
> >> >>>>>>>>
> >> >>>>>>>> Avri, you and i had a one-to-one
> email exchange about this and i suggested that this recommendation 
> might fit better, and be more widely accepted, if it was in the 
> privacy and data protection part of our report (Section 7.3).  could 
> you give us an indication of whether acceptance of this version of the 
> recommendation is required?  in more casual terms, is there any wiggle 
> room here?  i think it would be helpful for the rest of the group to 
> know the framework for the conversation.
> >> >>>>>>>>
> >> >>>>>>>> carry on folks,
> >> >>>>>>>>
> >> >>>>>>>> mikey
> >> >>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>> On Sep 18, 2013, at 6:39 PM, Avri Doria <avri@xxxxxxx>
> >> >>>>>>>> wrote:
> >> >>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>>> Hi,
> >> >>>>>>>>>
> >> >>>>>>>>> I was disappointed to not see the 
> recommendation for the Issues report included 
> in 7.1.    I thought we had discussed it on 
> this list and thee had been little opposition, 
> though there was some.  I cannot support this 
> report with a strong recommendation for follow 
> on work on the Privacy issues.  And, contrary 
> to what others may beleive, I do not see any 
> such work currently ongoing in ICANN.  I think 
> it i s unfortunate that we keep pushing off 
> this work and are not willing to face it 
> directly.  I beleive I have the support of 
> others in the NCSG, though the content of a 
> minority statement has yet to be decided on.
> >> >>>>>>>>>
> >> >>>>>>>>> While still somewhat inadequate, I 
> am ready to argue for going along with 
> consensus on this document if the following is included in 7.1:
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>> The WG  discussed many of the 
> issues involved in moving from having a 
> registration currently governed under the 
> privacy rules by one jurisdiction in a thick 
> whois to another jurisdiction, the jurisdiction 
> of the Registry in a thick whois.  The WG did 
> not feel it was competent to fully discuss 
> these privacy issues and was not able to fully 
> separate the privacy issues involved in such a 
> move from the general privacy issues that need 
> to be resolved in Whois.  there was also 
> concern with intersection with other related 
> Privacy issues that ICANN currently needs to 
> work on.  The Working group therefore makes the following recommendation:
> >> >>>>>>>>>
> >> >>>>>>>>> . We recommend that the ICANN 
> Board request a GNSO issues report to cover the 
> issue of Privacy as related to WHOIS and other related GNSO policies.
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>> Thanks
> >> >>>>>>>>>
> >> >>>>>>>>> avri
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB:
> >> >>>>>>>> www.haven2.com
> >> >>>>>>>> , HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
> >> >>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> --
> >> >>>>>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> >> >>>>>>
> >> >>>>>> Mit freundlichen Grüßen,
> >> >>>>>>
> >> >>>>>> Volker A. Greimann
> >> >>>>>> - Rechtsabteilung -
> >> >>>>>>
> >> >>>>>> Key-Systems GmbH
> >> >>>>>> Im Oberen Werk 1
> >> >>>>>> 66386 St. Ingbert
> >> >>>>>> Tel.: +49 (0) 6894 - 9396 901
> >> >>>>>> Fax.: +49 (0) 6894 - 9396 851
> >> >>>>>> Email:
> >> >>>>>> vgreimann@xxxxxxxxxxxxxxx
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> Web:
> >> >>>>>> www.key-systems.net / www.RRPproxy.net
> >> >>>>>> www.domaindiscount24.com / www.BrandShelter.com
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> >> >>>>>>
> >> >>>>>> www.facebook.com/KeySystems
> >> >>>>>> www.twitter.com/key_systems
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> Geschäftsführer: Alexander Siffrin
> >> >>>>>> Handelsregister Nr.: HR B 18835 - Saarbruecken
> >> >>>>>> Umsatzsteuer ID.: DE211006534
> >> >>>>>>
> >> >>>>>> Member of the KEYDRIVE GROUP
> >> >>>>>>
> >> >>>>>> www.keydrive.lu
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> Der Inhalt dieser Nachricht ist 
> vertraulich und nur für den angegebenen 
> Empfänger bestimmt. Jede Form der Kenntnisgabe, 
> Veröffentlichung oder Weitergabe an Dritte 
> durch den Empfänger ist unzulässig. Sollte 
> diese Nachricht nicht für Sie bestimmt sein, so 
> bitten wir Sie, sich mit uns per E-Mail oder 
> telefonisch in Verbindung zu setzen.
> >> >>>>>>
> >> >>>>>> --------------------------------------------
> >> >>>>>>
> >> >>>>>> Should you have any further 
> questions, please do not hesitate to contact us.
> >> >>>>>>
> >> >>>>>> Best regards,
> >> >>>>>>
> >> >>>>>> Volker A. Greimann
> >> >>>>>> - legal department -
> >> >>>>>>
> >> >>>>>> Key-Systems GmbH
> >> >>>>>> Im Oberen Werk 1
> >> >>>>>> 66386 St. Ingbert
> >> >>>>>> Tel.: +49 (0) 6894 - 9396 901
> >> >>>>>> Fax.: +49 (0) 6894 - 9396 851
> >> >>>>>> Email:
> >> >>>>>> vgreimann@xxxxxxxxxxxxxxx
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> Web:
> >> >>>>>> www.key-systems.net / www.RRPproxy.net
> >> >>>>>> www.domaindiscount24.com / www.BrandShelter.com
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> Follow us on Twitter or join our fan 
> community on Facebook and stay updated:
> >> >>>>>>
> >> >>>>>> www.facebook.com/KeySystems
> >> >>>>>> www.twitter.com/key_systems
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> CEO: Alexander Siffrin
> >> >>>>>> Registration No.: HR B 18835 - Saarbruecken
> >> >>>>>> V.A.T. ID.: DE211006534
> >> >>>>>>
> >> >>>>>> Member of the KEYDRIVE GROUP
> >> >>>>>>
> >> >>>>>> www.keydrive.lu
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> This e-mail and its attachments is 
> intended only for the person to whom it is 
> addressed. Furthermore it is not permitted to 
> publish any content of this email. You must not 
> use, disclose, copy, print or rely on this 
> e-mail. If an addressing or transmission error 
> has misdirected this e-mail, kindly notify the 
> author by replying to this e-mail or contacting us by telephone.
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>> PHONE: 651-647-6109, FAX: 866-280-2356, 
> WEB: www.haven2.com, HANDLE: OConnorStP (ID for 
> Twitter, Facebook, LinkedIn, etc.)
> >> >>>>
> >> >>>
> >> >>>
> >> >>
> >> >>
> >> >> PHONE: 651-647-6109, FAX: 866-280-2356, 
> WEB: www.haven2.com, HANDLE: OConnorStP (ID for 
> Twitter, Facebook, LinkedIn, etc.)
> >> >>
> >> >
> >> >
> >> > PHONE: 651-647-6109, FAX: 866-280-2356, 
> WEB: www.haven2.com, HANDLE: OConnorStP (ID for 
> Twitter, Facebook, LinkedIn, etc.)
> >> >
> >>
> >>
> >> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: 
> www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
> >>
> >>
> >
>
>
>PHONE: 651-647-6109, FAX: 866-280-2356, WEB: 
>www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>
>