RE: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
Mikey, Thanks for drawing this proposal into one document, and I hope you are feeling better. You wrote on last Friday that "putting a recommendation in 7.1 puts it into consensus policy, putting a recommendation in 7.3 puts in in the "suggestions" pile." Based on that distinction I still don't understand why your proposal in item 1 fits into consensus policy. I look forward to discussing that on our call tomorrow. I also offer the attached edits to your text for consideration by the group. Steve -----Original Message----- From: Mike O'Connor [mailto:mike@xxxxxxxxxx] Sent: Sunday, September 22, 2013 9:47 AM To: Metalitz, Steven Cc: Avri Doria; Thick Whois Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1 hi Steve, i realized that i didn't really respond to your whole argument with my reply. i'm working my way through Lyme's Disease or Ehrlichiosis (nobody is quite sure which) and some days my energy level is a little lower -- your note caught me on one of those days. my apologies for that. i think that Section 5 *does* support the "legal review" modification being proposed. here are the paragraphs from Section 5 i would put forward to back that argument -- the paragraphs immediately preceding the language in my 2) suggestion. here's the quote -- it's the four paragraphs immediately preceding the Conclusions section you're referring to: "However, the fact that the WG has not seen analyses or objections from the contracted party community does not prove a lack of problems. In addition, data protection and privacy laws and regulations change over time so any analyses from the past might need to be revisited periodically. RSEPs (Registry Services Evaluation Panel) initiated by .cat and .tel suggest that they have identified data protection and privacy legal issues that they considered valid even if no formal government action was initiated. While registrars are required under the Registrar Accreditation Agreement to obtain registrants' consent to uses made of data collected from them, whether registrants are aware of the full ramifications of data publication, legal or real, might be questioned, and local rules concerning coercive contract provisions conceivably could come into play. "The WG has made every effort to examine thin vs. thick registry models in a broad sense. However, any requirement that all registries use the thick model will require that existing thin registries move to thick environments. This situation will raise concerns that, while limited in the long run, are significant given the numbers of domains and registrants involved. The WG expects that data transfers will be in volumes unprecedented in Whois operations and urges that increased information systems and protections are put in place, which are appropriate to handle the volumes. "Some registrations may have occurred based on a registrant's consideration of local rules governing a registrar or registry. In that event, registrants' data protection expectations will be affected when publication of Whois data moves to a registry that is in a different jurisdiction from the relevant registrar. Thorough examination must be given to the extent to which data protection guarantees governing a registrar can be binding on a registry. Should data protections in the jurisdiction of a registrant, registrar, or registry control? Should registry or registrar accreditation agreements contain language that specifies whose protection environment applies? "Again, these questions must be explored in more depth by ICANN Staff, starting with the General Counsel's Office, and by the community. As an added benefit, analyses concerning change of applicable laws with respect to transition from a thin to a thick environment also may prove valuable in the event of changes in a registry's management, presumably an increasing likelihood given the volume of new gTLDs on the horizon." [note, this is the paragraph i'm proposing to move down into the immediately-following Conclusions section you're quoting from] your #1 citation says "The WG finds that requiring thick Whois for all gTLD registries does not raise data protection issues that are specific to thin v. thick Whois." that quote refers to the topic of data protection, not privacy -- the sub-team went to a lot of trouble to separate those two issues and so i don't think that point is relevant to this discussion. your #2 citation says "There are currently issues with respect to privacy related to Whois and these will only grow in the future..... None of these issues *SEEM* to be related to whether a thick or thin Whois model is being used. " [emphasis mine] which doesn't rule out the possibility of a legal review, especially given the (i think) consensus view that we don't really have the expertise on this WG to evaluate the nuances of those issues. your #3 citation says "So although privacy issues may become a substantive issue in the future, and should certainly be part of the investigation of a replacement for Whois, it is not a reason not to proceed with the PDP WG recommending thick Whois for all." i'm not sure i follow how a legal review (which seems prudent in any case) contradicts that argument. Steve, is your concern that the legal review could be used to *block* the transition to thick Whois? if that's the case, i share your concern. but i view it more in the "identify and mitigate risks" department and hope that others would too. i would be open to clarifying that language if folks felt the need. regarding your point on the "undermine at the last minute" argument -- i think i mentioned this on the call. i as the Chair bear the responsibility for not testing more aggressively for consensus *much* earlier in the process. most of my frustration on the last call was with myself for allowing this issue to slide to the end. but the fact is, we don't have consensus yet and we need to work on getting there. to that end i've pulled my little 3-point recommendation into a Word document and include it into this post for people to contemplate and edit. i decided it was time to move the text into something that can be red-lined rather than using the pretty-limited text-only email format. thanks all for a spirited discussion -- let's contemplate this some more and see if we can get to a place where we can all live with the result. thanks, mikey Attachment:
Thick Whois --redline of MOC draft of 092213 (5564537).DOC
|