[gnso-thickwhoispdp-wg] 24 September call

[Alan Greenberg <alan.greenberg@xxxxxxxxx>]

I have listened to the recording of today's call, a very painful 
process given that I could not see the ever-changing document that 
everyone was talking about, and that I could not raise my hand to put 
my own thoughts into the conversation.
A few thoughts came out of this which I present in no particular order.

- ICANN is regularly criticized for being a risk-adverse 
organiazation. Do we really think that it would institute a change 
like this without assessing risk (and a risk to individual privacy 
WOULD translate into a risk for ICANN)?
- There were again comments about the movement of private data across 
jurisdictions (for instance when one transitions from a privacy 
service in one jurisdiction to one in another). That is not what we 
are talking about here. It is ONLY the movement of public data.
- Although we are talking about moving the data of many registrants 
en masse, the actual transition is EXACTLY what happens MANY times 
per day. On every new registration for all TLDs except those we are 
talking about, if you register a name with a registrar in a 
jurisdiction different from that of the registry, your data takes a 
trip across national boundaries. According to monthly reports, .org 
aloe sees about 200,000 net adds per month, or about 6,000 per day. I 
don't know what percentage of those originate outside of the US, but 
it cannot be trivial. Each of those have publuc data moving across 
the same jurisdictional boundaries that we are discussing.
- The wording about the legal review is too prescriptive. At best, it 
should suggest that national and international policy experts and 
regulators be consulted "as applicable" or "as necessary". Without 
any limitation, the results will always be subject to criticism that 
they did not consult the "right" experts or did not consult a 
specific one, voiding the results.
- I still have difficulty understanding just want the new PDP will 
do. the PD of PDP means "Policy Development". What policy are we 
considering. At best this sounds like a "White Paper" investigating 
the issues surrounding privacy and registration data.
- The current last paragraph does not read well and is confusing: "We 
recommend that the ICANN Board request that the GNSO charter an 
issues report to cover the issue of Privacy as related to WHOIS if it 
concludes that this issue is not adequately addressed within the 
scope of the Board-initiated PDP on gTLD registration data services, 
or otherwise." Perhaps "We recommend that if the Board concludes that 
privacy issues will not be adequately addressed within the scope of 
the Board-initiated PDP on gTLD registration data services, or 
otherwise be addressed, that the Board initiate such action as to 
ensure that privacy issues are fully and adequately addressed."
Alan