<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
- To: "Mike O'Connor" <mike@xxxxxxxxxx>
- Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
- From: Don Blumenthal <dblumenthal@xxxxxxx>
- Date: Mon, 23 Sep 2013 09:54:43 -0400
I agree that the original language covers the need for a legal review but
this language focuses it better. Current thin registries have been that
way for a long time. A few more months (I'll be optimistic) won't hurt.
Don
On 9/22/13 9:46 AM, "Mike O'Connor" <mike@xxxxxxxxxx> wrote:
>hi Steve,
>
>i realized that i didn't really respond to your whole argument with my
>reply. i'm working my way through Lyme's Disease or Ehrlichiosis (nobody
>is quite sure which) and some days my energy level is a little lower --
>your note caught me on one of those days. my apologies for that.
>
>i think that Section 5 *does* support the "legal review" modification
>being proposed. here are the paragraphs from Section 5 i would put
>forward to back that argument -- the paragraphs immediately preceding the
>language in my 2) suggestion. here's the quote -- it's the four
>paragraphs immediately preceding the Conclusions section you're referring
>to:
>
>
> "However, the fact that the WG has not seen analyses or objections from
>the contracted party community does not prove a lack of problems. In
>addition, data protection and privacy laws and regulations change over
>time so any analyses from the past might need to be revisited
>periodically. RSEPs (Registry Services Evaluation Panel) initiated by
>.cat and .tel suggest that they have identified data protection and
>privacy legal issues that they considered valid even if no formal
>government action was initiated. While registrars are required under the
>Registrar Accreditation Agreement to obtain registrants¹ consent to uses
>made of data collected from them, whether registrants are aware of the
>full ramifications of data publication, legal or real, might be
>questioned, and local rules concerning coercive contract provisions
>conceivably could come into play.
>
> "The WG has made every effort to examine thin vs. thick registry models
>in a broad sense. However, any requirement that all registries use the
>thick model will require that existing thin registries move to thick
>environments. This situation will raise concerns that, while limited in
>the long run, are significant given the numbers of domains and
>registrants involved. The WG expects that data transfers will be in
>volumes unprecedented in Whois operations and urges that increased
>information systems and protections are put in place, which are
>appropriate to handle the volumes.
>
> "Some registrations may have occurred based on a registrant¹s
>consideration of local rules governing a registrar or registry. In that
>event, registrants¹ data protection expectations will be affected when
>publication of Whois data moves to a registry that is in a different
>jurisdiction from the relevant registrar. Thorough examination must be
>given to the extent to which data protection guarantees governing a
>registrar can be binding on a registry. Should data protections in the
>jurisdiction of a registrant, registrar, or registry control? Should
>registry or registrar accreditation agreements contain language that
>specifies whose protection environment applies?
>
> "Again, these questions must be explored in more depth by ICANN Staff,
>starting with the General Counsel¹s Office, and by the community. As an
>added benefit, analyses concerning change of applicable laws with respect
>to transition from a thin to a thick environment also may prove valuable
>in the event of changes in a registry¹s management, presumably an
>increasing likelihood given the volume of new gTLDs on the horizon."
>[note, this is the paragraph i'm proposing to move down into the
>immediately-following Conclusions section you're quoting from]
>
>
>
>your #1 citation says "The WG finds that requiring thick Whois for all
>gTLD registries does not raise data protection issues that are specific
>to thin v. thick Whois." that quote refers to the topic of data
>protection, not privacy -- the sub-team went to a lot of trouble to
>separate those two issues and so i don't think that point is relevant to
>this discussion.
>
>your #2 citation says "There are currently issues with respect to privacy
>related to Whois and these will only grow in the future..... None of
>these issues *SEEM* to be related to whether a thick or thin Whois model
>is being used. " [emphasis mine] which doesn't rule out the possibility
>of a legal review, especially given the (i think) consensus view that we
>don't really have the expertise on this WG to evaluate the nuances of
>those issues.
>
>your #3 citation says "So although privacy issues may become a
>substantive issue in the future, and should certainly be part of the
>investigation of a replacement for Whois, it is not a reason not to
>proceed with the PDP WG recommending thick Whois for all." i'm not sure
>i follow how a legal review (which seems prudent in any case) contradicts
>that argument.
>
>Steve, is your concern that the legal review could be used to *block* the
>transition to thick Whois? if that's the case, i share your concern.
>but i view it more in the "identify and mitigate risks" department and
>hope that others would too. i would be open to clarifying that language
>if folks felt the need.
>
>regarding your point on the "undermine at the last minute" argument -- i
>think i mentioned this on the call. i as the Chair bear the
>responsibility for not testing more aggressively for consensus *much*
>earlier in the process. most of my frustration on the last call was with
>myself for allowing this issue to slide to the end. but the fact is, we
>don't have consensus yet and we need to work on getting there.
>
>to that end i've pulled my little 3-point recommendation into a Word
>document and include it into this post for people to contemplate and
>edit. i decided it was time to move the text into something that can be
>red-lined rather than using the pretty-limited text-only email format.
>
>thanks all for a spirited discussion -- let's contemplate this some more
>and see if we can get to a place where we can all live with the result.
>
>thanks,
>
>mikey
>
>
>
>
>
>On Sep 20, 2013, at 11:38 AM, "Metalitz, Steven" <met@xxxxxxx> wrote:
>
>>
>> Mikey,
>>
>> I do not share your assumption that the transition to thick Whois must
>>be delayed pending a legal review. This is entirely unsupported by the
>>findings of our report.
>>
>> 1. "The WG finds that requiring thick Whois for all gTLD registries
>>does not raise data protection issues that are specific to thin v. thick
>>Whois. "
>>
>> 2. "There are currently issues with respect to privacy related to
>>Whois and these will only grow in the future..... None of these issues
>>seem to be related to whether a thick or thin Whois model is being used.
>>"
>>
>> 3. "So although privacy issues may become a substantive issue in the
>>future, and should certainly be part of the investigation of a
>>replacement for Whois, it is not a reason not to proceed with the PDP WG
>>recommending thick Whois for all."
>>
>> All these quotes are from the conclusion to section 5.5 of our report.
>>I believe this text represents a consensus of the participants in the
>>privacy subgroup of our WG. Don can confirm or correct this.
>>
>> I encourage everyone to re-read section 5.5. It makes very clear that,
>>based on over a decade of experience with thick gTLD registries,
>>including the successful transition of one of the largest gTLD
>>registries from thin to thick; the complete absence of any legal
>>challenges during that time period to the operation of such registries
>>on privacy grounds;, and the support of registrars and registries ---
>>the entities with the greatest incentive to take seriously the potential
>>legal exposure involved -- for the thick model, that there is no
>>privacy- or data protection-based reason to delay adoption and
>>implementation of the thick Whois requirement.
>>
>> This conclusion reflects the thoroughly discussed and fully negotiated
>>view of those who participated actively in this WG over the past year.
>>It should not be set aside or undermined at the last minute.
>>
>> I continue to disagree as well with your point 3 for the reasons
>>already thoroughly discussed on this list.
>>
>> Could you explain what is the difference, in your view, between a
>>"little-r recommendation" in section 7.3 and a "big-R recommendation" in
>>section 7.1, especially since you propose that both take the form of a
>>statement that "We recommend....".
>>
>> Steve
>> -----Original Message-----
>> From: owner-gnso-thickwhoispdp-wg@xxxxxxxxx
>>[mailto:owner-gnso-thickwhoispdp-wg@xxxxxxxxx] On Behalf Of Mike O'Connor
>> Sent: Friday, September 20, 2013 11:58 AM
>> To: Avri Doria
>> Cc: Thick Whois
>> Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
>>
>> i think maybe i need to put all the stuff in one post.
>>
>> 1) we put a big-R recommendation to do the legal review in 7.1. here's
>>the language that Volker proposed with some rough draft "sequence"
>>language in brackets.
>>
>>> We recommend that the ICANN Board request an independent legal review
>>>to be undertaken [before transition to thick whois] on the privacy
>>>implications of a transfer of registrant data between jurisdictions.
>>
>> 2) we beef up the body of the report to support that recommendation --
>>the language is already there, i just think it ought to be moved down
>>into a more recommendation-focused paragraph. again rough-draft
>>"sequence" language in brackets.
>>
>>> page 30: "Again, these questions must be explored in more depth by
>>>ICANN Staff [before transition to thick whois], starting with the
>>>General Counsel's Office, and by the community. As an added benefit,
>>>analyses concerning change of applicable laws with respect to
>>>transition from a thin to a thick environment also may prove valuable
>>>in the event of changes in a registry's management, presumably an
>>>increasing likelihood given the volume of new gTLDs on the horizon."
>>
>> 3) we put a version of your little-r recommendation in section 7.3
>>
>>> The WG discussed many of the issues involved in moving from having a
>>>registration currently governed under the privacy rules by one
>>>jurisdiction in a thick whois to another jurisdiction, the jurisdiction
>>>of the Registry in a thick whois. The WG did not feel it was competent
>>>to fully discuss these privacy issues and was not able to fully
>>>separate the privacy issues involved in such a move from the general
>>>privacy issues that need to be resolved in Whois. there was also
>>>concern with intersection with other related Privacy issues that ICANN
>>>currently needs to work on. The Working group therefore makes the
>>>following recommendation:
>>>
>>> . We recommend that the ICANN Board request a GNSO issues report to
>>>cover the issue of Privacy as related to WHOIS and other related GNSO
>>>policies.
>>
>>
>>
>>
>> On Sep 20, 2013, at 9:24 AM, Avri Doria <avri@xxxxxxx> wrote:
>>
>>>
>>> Hi,
>>>
>>> All lovely ideas, but they don't meet the need to put the privacy
>>>issues on the front burner.
>>>
>>> avri
>>>
>>> On 20 Sep 2013, at 09:24, Mike O'Connor wrote:
>>>
>>>> [hijacking this thread back to its original topic]
>>>>
>>>> hi Avri,
>>>>
>>>> i, for one, think turnabout on the way to consensus is one of the
>>>>very best things about ICANN. thanks Avri
>>>>
>>>> here's language describing that legal review as it stands (this is
>>>>the last paragraph of Discussion section of 5.5 Data Protection
>>>>
>>>> page 30: "Again, these questions must be explored in more depth by
>>>>ICANN Staff, starting with the General Counsel's Office, and by the
>>>>community. As an added benefit, analyses concerning change of
>>>>applicable laws with respect to transition from a thin to a thick
>>>>environment also may prove valuable in the event of changes in a
>>>>registry's management, presumably an increasing likelihood given the
>>>>volume of new gTLDs on the horizon."
>>>>
>>>> i *think* that's the only place it shows up in the current draft,
>>>>which means that while we worked hard on the language, it's not really
>>>>a recommendation right now and kindof buried down in the details.
>>>>it's also vague on the sequencing -- but i have been presuming that
>>>>the legal review would have to happen before the conversion and would
>>>>be comfortable clarifying that.
>>>>
>>>> from a report-drafting standpoint if we pursue this direction, i
>>>>think we'd want to do a few minor revisions to provide support for
>>>>that big-R recommendation that's being proposed.
>>>>
>>>> - clarify that sequence
>>>>
>>>> - move that paragraph from the "Discussion" section of 5.5 down to
>>>>the "Conclusions" section to provide stronger underpinnings for the
>>>>recommendation
>>>>
>>>> all pretty easy to do from a mechanical report-drafting point of
>>>>view, if the group agrees on that approach.
>>>>
>>>> good work. carry on,
>>>>
>>>> mikey
>>>>
>>>>
>>>>
>>>>
>>>> On Sep 19, 2013, at 10:47 AM, Avri Doria <avri@xxxxxxx> wrote:
>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> Forgive me for doing this bit of turnabout: is this legal review
>>>>>something that would occur before the thick whois for incumbent
>>>>>registries was put into effect?
>>>>>
>>>>> At first blush, if this was combined with a 7.3. recommendation for
>>>>>a full Issues report, I might be able to accept it and convince the
>>>>>NCSG that this was a good compromise.
>>>>>
>>>>> thanks
>>>>>
>>>>> avri
>>>>>
>>>>>
>>>>> On 19 Sep 2013, at 11:14, Volker Greimann wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I still find Avri's proposed language too broad, so I tried my hand
>>>>>>at a quick rewrite. Probably still needs a little fiddling, but more
>>>>>>in the direction what I could support, although putting this into
>>>>>>7.1 is a bit iffy to me.
>>>>>> The WG discussed many of the issues involved in moving from having
>>>>>>a registration currently governed under the privacy rules by one
>>>>>>jurisdiction in a thin whois to another jurisdiction, the
>>>>>>jurisdiction of the Registry in a thick whois. The WG did not feel
>>>>>>it was competent to reach a final conclusion on these issues
>>>>>>involving international privacy laws.
>>>>>> The Working group therefore makes the following recommendation:
>>>>>>
>>>>>> . We recommend that the ICANN Board
>>>>>> request an independent legal review to be undertaken on the privacy
>>>>>>implications of a transfer of registrant data between jurisdictions.
>>>>>> Reasons: If we could not find ourselves competent to decide a small
>>>>>>matter like the transfer of private data, how can we expect another
>>>>>>PDP to tackle an even broader issue of privacy issues surrounding
>>>>>>WHOIS in general? For the purposes of this WG, the determination
>>>>>>that we were unable to reach a final conclusion on could and should
>>>>>>be resolved by independent counsel.
>>>>>>
>>>>>> While a new PDP on WHOIS and privacy issues is certainly something
>>>>>>worth considering and something I would welcome, I do not feel that
>>>>>>this WG needs to make that recommendation as it would be much
>>>>>>broader than the smaller issue we were tasked to tackle.
>>>>>>
>>>>>> Volker
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> For me this needs to be a Recommendation (7.1, big R), not an
>>>>>>>extra consideration. This issue was within the purview of the
>>>>>>>group and the group bailed on it for lack of capability. Fine,
>>>>>>>then lets step and recommend that those that have the capability do
>>>>>>>so. In this age of world attention on privacy issues, I can't
>>>>>>>beleive we are still dancing around the point.
>>>>>>>
>>>>>>> I am currently working on getting the NCSG to endorse this. As
>>>>>>>the alternate chair of the NCSG Policy committee I beleive this is
>>>>>>>something that will be supported by the NCSG. I will personally
>>>>>>>submit a minority position and work to get the NCSG to endorse it,
>>>>>>>if this recommendation is not included in 7.1. For myself at this
>>>>>>>point, I will reject the entire report without this, as the report
>>>>>>>is incomplete without this as a primary Recommendation. To my mind
>>>>>>>NCSG would be shirking it responsibilities if we let this report go
>>>>>>>out without such a recommendation.
>>>>>>>
>>>>>>> Incidentally, my impression from the list discussion was that
>>>>>>>there was support, but that wording needed changing. It was
>>>>>>>changed.
>>>>>>>
>>>>>>> I understand that there are those who may be playing divide and
>>>>>>>conquer games behind the scenes, claiming that my position will
>>>>>>>hurt NCSG's reputation. I have bcc'e d the NCSG on this note so
>>>>>>>that they themselves can determine if it is reputation damaging.
>>>>>>>There are others who are are cynically claiming that I am going
>>>>>>>against the bottom-up model by insisting on privacy considerations.
>>>>>>> I reject those claims.
>>>>>>>
>>>>>>> avri
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 19 Sep 2013, at 10:25, Mike O'Connor wrote:
>>>>>>>
>>>>>>>
>>>>>>>> hi all,
>>>>>>>>
>>>>>>>> i may have been the culprit here. Avri, my interpretation of the
>>>>>>>>desultory conversation on the list was that there *wasn't* much
>>>>>>>>support for the idea. and then when you didn't show up on last
>>>>>>>>week's call to pitch/push it, i forgot to bring it up. my bad --
>>>>>>>>sorry about that.
>>>>>>>>
>>>>>>>> let's try to have a vigorous conversation about this on the list,
>>>>>>>>and drive to a conclusion on the call next week.
>>>>>>>>
>>>>>>>> Avri, you and i had a one-to-one email exchange about this and i
>>>>>>>>suggested that this recommendation might fit better, and be more
>>>>>>>>widely accepted, if it was in the privacy and data protection part
>>>>>>>>of our report (Section 7.3). could you give us an indication of
>>>>>>>>whether acceptance of this version of the recommendation is
>>>>>>>>required? in more casual terms, is there any wiggle room here? i
>>>>>>>>think it would be helpful for the rest of the group to know the
>>>>>>>>framework for the conversation.
>>>>>>>>
>>>>>>>> carry on folks,
>>>>>>>>
>>>>>>>> mikey
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sep 18, 2013, at 6:39 PM, Avri Doria
>>>>>>>> <avri@xxxxxxx>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I was disappointed to not see the recommendation for the Issues
>>>>>>>>>report included in 7.1. I thought we had discussed it on this
>>>>>>>>>list and thee had been little opposition, though there was some.
>>>>>>>>>I cannot support this report with a strong recommendation for
>>>>>>>>>follow on work on the Privacy issues. And, contrary to what
>>>>>>>>>others may beleive, I do not see any such work currently ongoing
>>>>>>>>>in ICANN. I think it i s unfortunate that we keep pushing off
>>>>>>>>>this work and are not willing to face it directly. I beleive I
>>>>>>>>>have the support of others in the NCSG, though the content of a
>>>>>>>>>minority statement has yet to be decided on.
>>>>>>>>>
>>>>>>>>> While still somewhat inadequate, I am ready to argue for going
>>>>>>>>>along with consensus on this document if the following is
>>>>>>>>>included in 7.1:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The WG discussed many of the issues involved in moving from
>>>>>>>>>having a registration currently governed under the privacy rules
>>>>>>>>>by one jurisdiction in a thick whois to another jurisdiction, the
>>>>>>>>>jurisdiction of the Registry in a thick whois. The WG did not
>>>>>>>>>feel it was competent to fully discuss these privacy issues and
>>>>>>>>>was not able to fully separate the privacy issues involved in
>>>>>>>>>such a move from the general privacy issues that need to be
>>>>>>>>>resolved in Whois. there was also concern with intersection with
>>>>>>>>>other related Privacy issues that ICANN currently needs to work
>>>>>>>>>on. The Working group therefore makes the following
>>>>>>>>>recommendation:
>>>>>>>>>
>>>>>>>>> . We recommend that the ICANN Board request a GNSO issues report
>>>>>>>>>to cover the issue of Privacy as related to WHOIS and other
>>>>>>>>>related GNSO policies.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> avri
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB:
>>>>>>>> www.haven2.com
>>>>>>>> , HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>>>>>
>>>>>> Mit freundlichen Grüßen,
>>>>>>
>>>>>> Volker A. Greimann
>>>>>> - Rechtsabteilung -
>>>>>>
>>>>>> Key-Systems GmbH
>>>>>> Im Oberen Werk 1
>>>>>> 66386 St. Ingbert
>>>>>> Tel.: +49 (0) 6894 - 9396 901
>>>>>> Fax.: +49 (0) 6894 - 9396 851
>>>>>> Email:
>>>>>> vgreimann@xxxxxxxxxxxxxxx
>>>>>>
>>>>>>
>>>>>> Web:
>>>>>> www.key-systems.net / www.RRPproxy.net
>>>>>> www.domaindiscount24.com / www.BrandShelter.com
>>>>>>
>>>>>>
>>>>>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>>>>>>
>>>>>> www.facebook.com/KeySystems
>>>>>> www.twitter.com/key_systems
>>>>>>
>>>>>>
>>>>>> Geschäftsführer: Alexander Siffrin
>>>>>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>>>>>> Umsatzsteuer ID.: DE211006534
>>>>>>
>>>>>> Member of the KEYDRIVE GROUP
>>>>>>
>>>>>> www.keydrive.lu
>>>>>>
>>>>>>
>>>>>> Der Inhalt dieser Nachricht ist vertraulich und nur für den
>>>>>>angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe,
>>>>>>Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist
>>>>>>unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so
>>>>>>bitten wir Sie, sich mit uns per E-Mail oder telefonisch in
>>>>>>Verbindung zu setzen.
>>>>>>
>>>>>> --------------------------------------------
>>>>>>
>>>>>> Should you have any further questions, please do not hesitate to
>>>>>>contact us.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Volker A. Greimann
>>>>>> - legal department -
>>>>>>
>>>>>> Key-Systems GmbH
>>>>>> Im Oberen Werk 1
>>>>>> 66386 St. Ingbert
>>>>>> Tel.: +49 (0) 6894 - 9396 901
>>>>>> Fax.: +49 (0) 6894 - 9396 851
>>>>>> Email:
>>>>>> vgreimann@xxxxxxxxxxxxxxx
>>>>>>
>>>>>>
>>>>>> Web:
>>>>>> www.key-systems.net / www.RRPproxy.net
>>>>>> www.domaindiscount24.com / www.BrandShelter.com
>>>>>>
>>>>>>
>>>>>> Follow us on Twitter or join our fan community on Facebook and stay
>>>>>>updated:
>>>>>>
>>>>>> www.facebook.com/KeySystems
>>>>>> www.twitter.com/key_systems
>>>>>>
>>>>>>
>>>>>> CEO: Alexander Siffrin
>>>>>> Registration No.: HR B 18835 - Saarbruecken
>>>>>> V.A.T. ID.: DE211006534
>>>>>>
>>>>>> Member of the KEYDRIVE GROUP
>>>>>>
>>>>>> www.keydrive.lu
>>>>>>
>>>>>>
>>>>>> This e-mail and its attachments is intended only for the person to
>>>>>>whom it is addressed. Furthermore it is not permitted to publish any
>>>>>>content of this email. You must not use, disclose, copy, print or
>>>>>>rely on this e-mail. If an addressing or transmission error has
>>>>>>misdirected this e-mail, kindly notify the author by replying to
>>>>>>this e-mail or contacting us by telephone.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
>>>>OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>>>>
>>>
>>>
>>
>>
>> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
>>OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>>
>>
>
>
>PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
>OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|