ICANN ICANN Email List Archives

[gnso-thickwhoispdp-wg]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1

  • To: "Mike O'Connor" <mike@xxxxxxxxxx>
  • Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
  • From: Rick Wesson <rick@xxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 22 Sep 2013 08:41:51 -0700

Is it not reasonable to mention that a large TLD was transitioned from
thick to thin with zero measured impact in the transfer of all .ORG
contacts to the US jurisdiction. 5 million domains at the time represented
the 2nt or 3rd largest TLD in the world.

Looking at transfers between registrar under .com there literally millions
of domains per week that preform this same legal acrobatics.

Given all the domain registrar transfers over the last 10 years one could
argue that more domains have preformed this legal jurisdiction gymnastics
than are currently active in com/net. Thats a very large number that will
be difficult to ignore.

No one seemed to notice that the activity or mobility of a jurisdiction
that a registrants's whois moves around a lot over a domains lifecycle. We
should be capable of noting historical and current activity within our
report on this observation.

-rick




On Sun, Sep 22, 2013 at 6:46 AM, Mike O'Connor <mike@xxxxxxxxxx> wrote:

> hi Steve,
>
> i realized that i didn't really respond to your whole argument with my
> reply.  i'm working my way through Lyme's Disease or Ehrlichiosis (nobody
> is quite sure which) and some days my energy level is a little lower --
> your note caught me on one of those days.  my apologies for that.
>
> i think that Section 5 *does* support the "legal review" modification
> being proposed.  here are the paragraphs from Section 5 i would put forward
> to back that argument -- the paragraphs immediately preceding the language
> in my 2) suggestion.  here's the quote -- it's the four paragraphs
> immediately preceding the Conclusions section you're referring to:
>
>
>         "However, the fact that the WG has not seen analyses or objections
> from the contracted party community does not prove a lack of problems. In
> addition, data protection and privacy laws and regulations change over time
> so any analyses from the past might need to be revisited periodically.
> RSEPs (Registry Services Evaluation Panel) initiated by .cat and .tel
> suggest that they have identified data protection and privacy legal issues
> that they considered valid even if no formal government action was
> initiated.  While registrars are required under the Registrar Accreditation
> Agreement to obtain registrants’ consent to uses made of data collected
> from them, whether registrants are aware of the full ramifications of data
> publication, legal or real, might be questioned, and local rules concerning
> coercive contract provisions conceivably could come into play.
>
>         "The WG has made every effort to examine thin vs. thick registry
> models in a broad sense. However, any requirement that all registries use
> the thick model will require that existing thin registries move to thick
> environments. This situation will raise concerns that, while limited in the
> long run, are significant given the numbers of domains and registrants
> involved. The WG expects that data transfers will be in volumes
> unprecedented in Whois operations and urges that increased information
> systems and protections are put in place, which are appropriate to handle
> the volumes.
>
>         "Some registrations may have occurred based on a registrant’s
> consideration of local rules governing a registrar or registry.  In that
> event, registrants’ data protection expectations will be affected when
> publication of Whois data moves to a registry that is in a different
> jurisdiction from the relevant registrar.  Thorough examination must be
> given to the extent to which data protection guarantees governing a
> registrar can be binding on a registry. Should data protections in the
> jurisdiction of a registrant, registrar, or registry control? Should
> registry or registrar accreditation agreements contain language that
> specifies whose protection environment applies?
>
>         "Again, these questions must be explored in more depth by ICANN
> Staff, starting with the General Counsel’s Office, and by the community. As
> an added benefit, analyses concerning change of applicable laws with
> respect to transition from a thin to a thick environment also may prove
> valuable in the event of changes in a registry’s management, presumably an
> increasing likelihood given the volume of new gTLDs on the horizon."
>  [note, this is the paragraph i'm proposing to move down into the
> immediately-following Conclusions section you're quoting from]
>
>
>
> your #1 citation says "The WG finds that requiring thick Whois for all
> gTLD registries does not raise data protection issues that are specific to
> thin v. thick Whois."  that quote refers to the topic of data protection,
> not privacy -- the sub-team went to a lot of trouble to separate those two
> issues and so i don't think that point is relevant to this discussion.
>
> your #2 citation says "There are currently issues with respect to privacy
> related to Whois and these will only grow in the future..... None of these
> issues *SEEM* to be related to whether a thick or thin Whois model is being
> used. " [emphasis mine]  which doesn't rule out the possibility of a legal
> review, especially given the (i think) consensus view that we don't really
> have the expertise on this WG to evaluate the nuances of those issues.
>
> your #3 citation says "So although privacy issues may become a substantive
> issue in the future, and should certainly be part of the investigation of a
> replacement for Whois, it is not a reason not to proceed with the PDP WG
> recommending thick Whois for all."  i'm not sure i follow how a legal
> review (which seems prudent in any case) contradicts that argument.
>
> Steve, is your concern that the legal review could be used to *block* the
> transition to thick Whois?  if that's the case, i share your concern.  but
> i view it more in the "identify and mitigate risks" department and hope
> that others would too.  i would be open to clarifying that language if
> folks felt the need.
>
> regarding your point on the "undermine at the last minute" argument -- i
> think i mentioned this on the call.  i as the Chair bear the responsibility
> for not testing more aggressively for consensus *much* earlier in the
> process.  most of my frustration on the last call was with myself for
> allowing this issue to slide to the end.  but the fact is, we don't have
> consensus yet and we need to work on getting there.
>
> to that end i've pulled my little 3-point recommendation into a Word
> document and include it into this post for people to contemplate and edit.
>  i decided it was time to move the text into something that can be
> red-lined rather than using the pretty-limited text-only email format.
>
> thanks all for a spirited discussion -- let's contemplate this some more
> and see if we can get to a place where we can all live with the result.
>
> thanks,
>
> mikey
>
>
>
>
>
>
> On Sep 20, 2013, at 11:38 AM, "Metalitz, Steven" <met@xxxxxxx> wrote:
>
> >
> > Mikey,
> >
> > I do not share your assumption that the transition to thick Whois  must
> be delayed pending a legal review.   This is entirely unsupported by the
> findings of our report.
> >
> > 1.  "The WG finds that requiring thick Whois for all gTLD registries
> does not raise data protection issues that are specific to thin v. thick
> Whois. "
> >
> > 2.  "There are currently issues with respect to privacy related to Whois
> and these will only grow in the future..... None of these issues seem to be
> related to whether a thick or thin Whois model is being used. "
> >
> > 3.  "So although privacy issues may become a substantive issue in the
> future, and should certainly be part of the investigation of a replacement
> for Whois, it is not a reason not to proceed with the PDP WG recommending
> thick Whois for all."
> >
> > All these quotes are from the conclusion to section 5.5 of our report.
>  I believe this text represents a consensus of the participants in the
> privacy subgroup of our WG.  Don can confirm or correct this.
> >
> > I encourage everyone to re-read section 5.5.  It makes very clear that,
> based on over a decade of  experience with thick gTLD registries, including
> the successful transition of one of the largest gTLD registries from thin
> to thick; the complete absence of any legal challenges during that time
> period to the operation of such registries on privacy grounds;, and the
> support of registrars and registries --- the entities with the greatest
> incentive to take seriously the potential legal exposure involved  --   for
> the thick model,  that there is no privacy- or data protection-based reason
> to delay adoption and implementation of the thick Whois requirement.
> >
> > This conclusion reflects the thoroughly discussed and fully negotiated
> view of those who participated actively in this WG over the past year.   It
> should not be set aside or undermined at the last minute.
> >
> > I continue to disagree as well with your point 3 for the reasons already
> thoroughly discussed on this list.
> >
> > Could you explain what is the difference, in your view, between a
> "little-r recommendation" in section 7.3 and a "big-R recommendation" in
> section 7.1, especially since you propose that both take the form of a
> statement that "We recommend....".
> >
> > Steve
> > -----Original Message-----
> > From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx [mailto:
> owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Mike O'Connor
> > Sent: Friday, September 20, 2013 11:58 AM
> > To: Avri Doria
> > Cc: Thick Whois
> > Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
> >
> > i think maybe i need to put all the stuff in one post.
> >
> > 1) we put a big-R recommendation to do the legal review in 7.1.  here's
> the language that Volker proposed with some rough draft "sequence" language
> in brackets.
> >
> >> We recommend that the ICANN Board request an independent legal review
> to be undertaken [before transition to thick whois] on the privacy
> implications of a transfer of registrant data between jurisdictions.
> >
> > 2) we beef up the body of the report to support that recommendation --
> the language is already there, i just think it ought to be moved down into
> a more recommendation-focused paragraph.  again rough-draft "sequence"
> language in brackets.
> >
> >> page 30:  "Again, these questions must be explored in more depth by
> ICANN Staff [before transition to thick whois], starting with the General
> Counsel's Office, and by the community. As an added benefit, analyses
> concerning change of applicable laws with respect to transition from a thin
> to a thick environment also may prove valuable in the event of changes in a
> registry's management, presumably an increasing likelihood given the volume
> of new gTLDs on the horizon."
> >
> > 3) we put a version of your little-r recommendation in section 7.3
> >
> >> The WG  discussed many of the issues involved in moving from having a
> registration currently governed under the privacy rules by one jurisdiction
> in a thick whois to another jurisdiction, the jurisdiction of the Registry
> in a thick whois.  The WG did not feel it was competent to fully discuss
> these privacy issues and was not able to fully separate the privacy issues
> involved in such a move from the general privacy issues that need to be
> resolved in Whois.  there was also concern with intersection with other
> related Privacy issues that ICANN currently needs to work on.  The Working
> group therefore makes the following recommendation:
> >>
> >> . We recommend that the ICANN Board request a GNSO issues report to
> cover the issue of Privacy as related to WHOIS and other related GNSO
> policies.
> >
> >
> >
> >
> > On Sep 20, 2013, at 9:24 AM, Avri Doria <avri@xxxxxxx> wrote:
> >
> >>
> >> Hi,
> >>
> >> All lovely ideas, but they don't meet the need to put the privacy
> issues on the front burner.
> >>
> >> avri
> >>
> >> On 20 Sep 2013, at 09:24, Mike O'Connor wrote:
> >>
> >>> [hijacking this thread back to its original topic]
> >>>
> >>> hi Avri,
> >>>
> >>> i, for one, think turnabout on the way to consensus is one of the very
> best things about ICANN.  thanks Avri
> >>>
> >>> here's language describing that legal review as it stands (this is the
> last paragraph of Discussion section of 5.5 Data Protection
> >>>
> >>> page 30:  "Again, these questions must be explored in more depth by
> ICANN Staff, starting with the General Counsel's Office, and by the
> community. As an added benefit, analyses concerning change of applicable
> laws with respect to transition from a thin to a thick environment also may
> prove valuable in the event of changes in a registry's management,
> presumably an increasing likelihood given the volume of new gTLDs on the
> horizon."
> >>>
> >>> i *think* that's the only place it shows up in the current draft,
> which means that while we worked hard on the language, it's not really a
> recommendation right now and kindof buried down in the details.  it's also
> vague on the sequencing -- but i have been presuming that the legal review
> would have to happen before the conversion and would be comfortable
> clarifying that.
> >>>
> >>> from a report-drafting standpoint if we pursue this direction, i think
> we'd want to do a few minor revisions to provide support for that big-R
> recommendation that's being proposed.
> >>>
> >>> - clarify that sequence
> >>>
> >>> - move that paragraph from the "Discussion" section of 5.5 down to the
> "Conclusions" section to provide stronger underpinnings for the
> recommendation
> >>>
> >>> all pretty easy to do from a mechanical report-drafting point of view,
> if the group agrees on that approach.
> >>>
> >>> good work.  carry on,
> >>>
> >>> mikey
> >>>
> >>>
> >>>
> >>>
> >>> On Sep 19, 2013, at 10:47 AM, Avri Doria <avri@xxxxxxx> wrote:
> >>>
> >>>>
> >>>> Hi,
> >>>>
> >>>> Forgive me for doing this bit of turnabout: is this legal review
> something that would occur before the thick whois for incumbent registries
> was put into effect?
> >>>>
> >>>> At first blush, if this was combined with a 7.3. recommendation for a
> full Issues report, I might be able to accept it and convince the NCSG that
> this was a good compromise.
> >>>>
> >>>> thanks
> >>>>
> >>>> avri
> >>>>
> >>>>
> >>>> On 19 Sep 2013, at 11:14, Volker Greimann wrote:
> >>>>
> >>>>> Hi all,
> >>>>>
> >>>>> I still find Avri's proposed language too broad, so I tried my hand
> at a quick rewrite. Probably still needs a little fiddling, but more in the
> direction what I could support, although putting this into 7.1 is a bit
> iffy to me.
> >>>>> The WG discussed many of the issues involved in moving from having a
> registration currently governed under the privacy rules by one jurisdiction
> in a thin whois to another jurisdiction, the jurisdiction of the Registry
> in a thick whois.  The WG did not feel it was competent to reach a final
> conclusion on these issues involving international privacy laws.
> >>>>> The Working group therefore makes the following recommendation:
> >>>>>
> >>>>> . We recommend that the ICANN Board
> >>>>> request an independent legal review to be undertaken on the privacy
> implications of a transfer of registrant data between jurisdictions.
> >>>>> Reasons: If we could not find ourselves competent to decide a small
> matter like the transfer of private data, how can we expect another PDP to
> tackle an even broader issue of privacy issues surrounding WHOIS in
> general? For the purposes of this WG, the determination that we were unable
> to reach a final conclusion on could and should be resolved by independent
> counsel.
> >>>>>
> >>>>> While a new PDP on WHOIS and privacy issues is certainly something
> worth considering and something I would welcome, I do not feel that this WG
> needs to make that recommendation as it would be much broader than the
> smaller issue we were tasked to tackle.
> >>>>>
> >>>>> Volker
> >>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> For me this needs to be a Recommendation (7.1, big R), not an extra
> consideration.  This issue was within the purview of the group and the
> group bailed on it for lack of capability.  Fine, then lets step and
> recommend that those that have the capability do so.    In this age of
> world attention on privacy issues, I can't beleive we are still dancing
> around the point.
> >>>>>>
> >>>>>> I am currently working on getting the NCSG to endorse this.  As the
> alternate chair of the NCSG Policy committee I beleive this is something
> that will be supported by the NCSG.  I will personally submit a minority
> position and work to get the NCSG to endorse it, if this recommendation is
> not included in 7.1.  For myself at this point, I will reject the entire
> report without this, as the report is incomplete without this as a primary
> Recommendation.  To my mind NCSG would be shirking it responsibilities if
> we let this report go out without such a recommendation.
> >>>>>>
> >>>>>> Incidentally, my impression from the list discussion was that there
> was support, but that wording needed changing.  It was changed.
> >>>>>>
> >>>>>> I understand that there are those who may be playing divide and
> conquer games behind the scenes, claiming that my position will hurt NCSG's
> reputation.  I have bcc'e d the NCSG on this note so that they themselves
> can determine if it is reputation damaging.  There are others who are are
> cynically claiming that I am going against the bottom-up model by insisting
> on privacy considerations.  I reject those claims.
> >>>>>>
> >>>>>> avri
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 19 Sep 2013, at 10:25, Mike O'Connor wrote:
> >>>>>>
> >>>>>>
> >>>>>>> hi all,
> >>>>>>>
> >>>>>>> i may have been the culprit here.  Avri, my interpretation of the
> desultory conversation on the list was that there *wasn't* much support for
> the idea.  and then when you didn't show up on last week's call to
> pitch/push it, i forgot to bring it up.  my bad -- sorry about that.
> >>>>>>>
> >>>>>>> let's try to have a vigorous conversation about this on the list,
> and drive to a conclusion on the call next week.
> >>>>>>>
> >>>>>>> Avri, you and i had a one-to-one email exchange about this and i
> suggested that this recommendation might fit better, and be more widely
> accepted, if it was in the privacy and data protection part of our report
> (Section 7.3).  could you give us an indication of whether acceptance of
> this version of the recommendation is required?  in more casual terms, is
> there any wiggle room here?  i think it would be helpful for the rest of
> the group to know the framework for the conversation.
> >>>>>>>
> >>>>>>> carry on folks,
> >>>>>>>
> >>>>>>> mikey
> >>>>>>>
> >>>>>>>
> >>>>>>> On Sep 18, 2013, at 6:39 PM, Avri Doria
> >>>>>>> <avri@xxxxxxx>
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>> Hi,
> >>>>>>>>
> >>>>>>>> I was disappointed to not see the recommendation for the Issues
> report included in 7.1.    I thought we had discussed it on this list and
> thee had been little opposition, though there was some.  I cannot support
> this report with a strong recommendation for follow on work on the Privacy
> issues.  And, contrary to what others may beleive, I do not see any such
> work currently ongoing in ICANN.  I think it i s unfortunate that we keep
> pushing off this work and are not willing to face it directly.  I beleive I
> have the support of others in the NCSG, though the content of a minority
> statement has yet to be decided on.
> >>>>>>>>
> >>>>>>>> While still somewhat inadequate, I am ready to argue for going
> along with consensus on this document if the following is included in 7.1:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> The WG  discussed many of the issues involved in moving from
> having a registration currently governed under the privacy rules by one
> jurisdiction in a thick whois to another jurisdiction, the jurisdiction of
> the Registry in a thick whois.  The WG did not feel it was competent to
> fully discuss these privacy issues and was not able to fully separate the
> privacy issues involved in such a move from the general privacy issues that
> need to be resolved in Whois.  there was also concern with intersection
> with other related Privacy issues that ICANN currently needs to work on.
>  The Working group therefore makes the following recommendation:
> >>>>>>>>
> >>>>>>>> . We recommend that the ICANN Board request a GNSO issues report
> to cover the issue of Privacy as related to WHOIS and other related GNSO
> policies.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Thanks
> >>>>>>>>
> >>>>>>>> avri
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB:
> >>>>>>> www.haven2.com
> >>>>>>> , HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> >>>>>
> >>>>> Mit freundlichen Grüßen,
> >>>>>
> >>>>> Volker A. Greimann
> >>>>> - Rechtsabteilung -
> >>>>>
> >>>>> Key-Systems GmbH
> >>>>> Im Oberen Werk 1
> >>>>> 66386 St. Ingbert
> >>>>> Tel.: +49 (0) 6894 - 9396 901
> >>>>> Fax.: +49 (0) 6894 - 9396 851
> >>>>> Email:
> >>>>> vgreimann@xxxxxxxxxxxxxxx
> >>>>>
> >>>>>
> >>>>> Web:
> >>>>> www.key-systems.net / www.RRPproxy.net
> >>>>> www.domaindiscount24.com / www.BrandShelter.com
> >>>>>
> >>>>>
> >>>>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> >>>>>
> >>>>> www.facebook.com/KeySystems
> >>>>> www.twitter.com/key_systems
> >>>>>
> >>>>>
> >>>>> Geschäftsführer: Alexander Siffrin
> >>>>> Handelsregister Nr.: HR B 18835 - Saarbruecken
> >>>>> Umsatzsteuer ID.: DE211006534
> >>>>>
> >>>>> Member of the KEYDRIVE GROUP
> >>>>>
> >>>>> www.keydrive.lu
> >>>>>
> >>>>>
> >>>>> Der Inhalt dieser Nachricht ist vertraulich und nur für den
> angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe,
> Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist
> unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten
> wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
> >>>>>
> >>>>> --------------------------------------------
> >>>>>
> >>>>> Should you have any further questions, please do not hesitate to
> contact us.
> >>>>>
> >>>>> Best regards,
> >>>>>
> >>>>> Volker A. Greimann
> >>>>> - legal department -
> >>>>>
> >>>>> Key-Systems GmbH
> >>>>> Im Oberen Werk 1
> >>>>> 66386 St. Ingbert
> >>>>> Tel.: +49 (0) 6894 - 9396 901
> >>>>> Fax.: +49 (0) 6894 - 9396 851
> >>>>> Email:
> >>>>> vgreimann@xxxxxxxxxxxxxxx
> >>>>>
> >>>>>
> >>>>> Web:
> >>>>> www.key-systems.net / www.RRPproxy.net
> >>>>> www.domaindiscount24.com / www.BrandShelter.com
> >>>>>
> >>>>>
> >>>>> Follow us on Twitter or join our fan community on Facebook and stay
> updated:
> >>>>>
> >>>>> www.facebook.com/KeySystems
> >>>>> www.twitter.com/key_systems
> >>>>>
> >>>>>
> >>>>> CEO: Alexander Siffrin
> >>>>> Registration No.: HR B 18835 - Saarbruecken
> >>>>> V.A.T. ID.: DE211006534
> >>>>>
> >>>>> Member of the KEYDRIVE GROUP
> >>>>>
> >>>>> www.keydrive.lu
> >>>>>
> >>>>>
> >>>>> This e-mail and its attachments is intended only for the person to
> whom it is addressed. Furthermore it is not permitted to publish any
> content of this email. You must not use, disclose, copy, print or rely on
> this e-mail. If an addressing or transmission error has misdirected this
> e-mail, kindly notify the author by replying to this e-mail or contacting
> us by telephone.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
> OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
> >>>
> >>
> >>
> >
> >
> > PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
> OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
> >
> >
>
>
> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
> OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>
>
>


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy