Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1
hi Steve, thanks for your edits -- i want to highlight them to the rest of the group. i've made one clarifying edit in the last paragraph that inserts the notion that the Board ask the GNSO to *charter* an issue report, so we don't have to bash through the details of doing that ourselves (per your comment). the question of the scope and framing of that issue report are pretty far afield for us to undertake, i think. i think my change is friendly to yours Steve, but you'll want to take a look. unfortunately, we've fallen victim to the Author/Author problem again folks, so my changes and Steve's are indistinguishable in the draft. the good ideas are his, the bad ideas are mine. barring further edits by others, this is the draft that we'll look at tomorrow. Steve i think i'm a victim of my own fuzzy thinking with that "consensus policy" blather. i'd like to unring that bell if i can. the point i was ham-handedly trying to make is that 7.1 is where our WG recommendations lie and thus go up through the GNSO/Board approval process and ultimately modify the way that gTLDs are operated. i was trying to distinguish 7.1 from 7.3 which are "observations" and not binding. i tried to cut a corner with "consensus policy" short hand -- sorry about that. mikey Attachment:
Thick Whois -- Proposal - MOC Metalitz 23-sept.doc On Sep 23, 2013, at 1:05 PM, "Metalitz, Steven" <met@xxxxxxx> wrote: > Mikey, > > Thanks for drawing this proposal into one document, and I hope you are > feeling better. > > You wrote on last Friday that "putting a recommendation in 7.1 puts it into > consensus policy, putting a recommendation in 7.3 puts in in the > "suggestions" pile." Based on that distinction I still don't understand > why your proposal in item 1 fits into consensus policy. I look forward to > discussing that on our call tomorrow. > > I also offer the attached edits to your text for consideration by the group. > > > Steve > > > > > > -----Original Message----- > From: Mike O'Connor [mailto:mike@xxxxxxxxxx] > Sent: Sunday, September 22, 2013 9:47 AM > To: Metalitz, Steven > Cc: Avri Doria; Thick Whois > Subject: Re: [gnso-thickwhoispdp-wg] missing recommendation in 7.1 > > hi Steve, > > i realized that i didn't really respond to your whole argument with my reply. > i'm working my way through Lyme's Disease or Ehrlichiosis (nobody is quite > sure which) and some days my energy level is a little lower -- your note > caught me on one of those days. my apologies for that. > > i think that Section 5 *does* support the "legal review" modification being > proposed. here are the paragraphs from Section 5 i would put forward to back > that argument -- the paragraphs immediately preceding the language in my 2) > suggestion. here's the quote -- it's the four paragraphs immediately > preceding the Conclusions section you're referring to: > > > "However, the fact that the WG has not seen analyses or objections from > the contracted party community does not prove a lack of problems. In > addition, data protection and privacy laws and regulations change over time > so any analyses from the past might need to be revisited periodically. RSEPs > (Registry Services Evaluation Panel) initiated by .cat and .tel suggest that > they have identified data protection and privacy legal issues that they > considered valid even if no formal government action was initiated. While > registrars are required under the Registrar Accreditation Agreement to obtain > registrants' consent to uses made of data collected from them, whether > registrants are aware of the full ramifications of data publication, legal or > real, might be questioned, and local rules concerning coercive contract > provisions conceivably could come into play. > > "The WG has made every effort to examine thin vs. thick registry models > in a broad sense. However, any requirement that all registries use the thick > model will require that existing thin registries move to thick environments. > This situation will raise concerns that, while limited in the long run, are > significant given the numbers of domains and registrants involved. The WG > expects that data transfers will be in volumes unprecedented in Whois > operations and urges that increased information systems and protections are > put in place, which are appropriate to handle the volumes. > > "Some registrations may have occurred based on a registrant's > consideration of local rules governing a registrar or registry. In that > event, registrants' data protection expectations will be affected when > publication of Whois data moves to a registry that is in a different > jurisdiction from the relevant registrar. Thorough examination must be given > to the extent to which data protection guarantees governing a registrar can > be binding on a registry. Should data protections in the jurisdiction of a > registrant, registrar, or registry control? Should registry or registrar > accreditation agreements contain language that specifies whose protection > environment applies? > > "Again, these questions must be explored in more depth by ICANN Staff, > starting with the General Counsel's Office, and by the community. As an added > benefit, analyses concerning change of applicable laws with respect to > transition from a thin to a thick environment also may prove valuable in the > event of changes in a registry's management, presumably an increasing > likelihood given the volume of new gTLDs on the horizon." [note, this is the > paragraph i'm proposing to move down into the immediately-following > Conclusions section you're quoting from] > > > > your #1 citation says "The WG finds that requiring thick Whois for all gTLD > registries does not raise data protection issues that are specific to thin v. > thick Whois." that quote refers to the topic of data protection, not privacy > -- the sub-team went to a lot of trouble to separate those two issues and so > i don't think that point is relevant to this discussion. > > your #2 citation says "There are currently issues with respect to privacy > related to Whois and these will only grow in the future..... None of these > issues *SEEM* to be related to whether a thick or thin Whois model is being > used. " [emphasis mine] which doesn't rule out the possibility of a legal > review, especially given the (i think) consensus view that we don't really > have the expertise on this WG to evaluate the nuances of those issues. > > your #3 citation says "So although privacy issues may become a substantive > issue in the future, and should certainly be part of the investigation of a > replacement for Whois, it is not a reason not to proceed with the PDP WG > recommending thick Whois for all." i'm not sure i follow how a legal review > (which seems prudent in any case) contradicts that argument. > > Steve, is your concern that the legal review could be used to *block* the > transition to thick Whois? if that's the case, i share your concern. but i > view it more in the "identify and mitigate risks" department and hope that > others would too. i would be open to clarifying that language if folks felt > the need. > > regarding your point on the "undermine at the last minute" argument -- i > think i mentioned this on the call. i as the Chair bear the responsibility > for not testing more aggressively for consensus *much* earlier in the > process. most of my frustration on the last call was with myself for > allowing this issue to slide to the end. but the fact is, we don't have > consensus yet and we need to work on getting there. > > to that end i've pulled my little 3-point recommendation into a Word document > and include it into this post for people to contemplate and edit. i decided > it was time to move the text into something that can be red-lined rather than > using the pretty-limited text-only email format. > > thanks all for a spirited discussion -- let's contemplate this some more and > see if we can get to a place where we can all live with the result. > > thanks, > > mikey > > <Thick Whois --redline of MOC draft of 092213 (5564537).DOC> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.) Attachment:
smime.p7s
|