Re: [ALAC] [Accred-Model] Comment - Alan Greenberg
Alan I see a lot wrong with it - and I see a lot that I disagree with in Jonathan’s first draft. I have been tied up teaching, but finally have a bit of time to put my thoughts down - and I decidedly do NOT think the IPC/BC is a great model. For a very different view, read the NCSG response- attached. So PLEASE - give people at least a bit more time to look at what Jonathan’s response - and mine. Holly On 21 Apr 2018, at 8:20 am, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
This comment has been circulated within the ALAC and At-Large, but there has not been sufficient time to decide to what extent if it fully accepted. As such, it is being submitted here purely on my personal behalf.
===============
There has been significant community comment that this proposal was originally (and to some extent still is) a creature of the BC.
I APPLAUD that the BC/IPC have taken the initiative to do this! I and many of us have been saying for several months (certainly starting before the Abu Dhabi meeting) that the accreditation model is an absolute key to moving forward.
The BC/IPC have done something and put it down on paper. Bravo!
I think this model is a great start.
I see problems with it, but we need to start the discussion somewhere. What do I see as problematic? I think the provision to give access to "All users", while it would be nice for me personally, is more than a bit loose. We are going to need something MUCH stronger to grant access over and above the other accredited channels. A single tier is not sufficient. There should be more granularity based on the uses. Perhaps we could start with this single and improve later, but my preference would be to use the use-cases we have already built to provide more than one few tier (ie more than just a) thin WHOIS, or b) ALL of the data.) I look forward to the work that the document says the SSAC is doing regarding credentialization. I STRONGLY support the comments from the Anti-Phishing Working Group (APWG). These comments make the model more effective and implementable. The only one I find possible questionable related to funding the accreditation process. Although I would prefer that it is an integral part of the DNS and WHOIS (and thus funded by ICANN through its normal sources), I would not want to see implementation delayed over this issue. _______________________________________________ Accred-Model mailing list Accred-Model@icann.org https://mm.icann.org/mailman/listinfo/accred-model
Holly, I don't set the deadlines. Regarding Jonathan's posted comment on the Article 29 letter, we can tell them to withdraw it if there is a consensus to do so. Regarding my comment, I said there was no agreement in the ALAC and posted it on my own behalf. I have since been told it was submitted to late and will not be considered for this pass. The NCSG statement does not talk about the model as such but the basis for its existence. It ignores the phrase "or ny a third party" in Article 6, section 1e of the Regulations which allow the needs of a third party to be considered, and it PRESUMES that the privacy needs with out-weigh the needs for access to provide for the safety and security of the Internet. That is a presumption that I do not agree with. The NCSG strongly objects to a model originating in the BC/IPC. I on the other hand welcome ANYONE working on such a model and specifically would welcome it being transferred to the community as a whole if there were any interest. Alan At 20/04/2018 06:32 PM, Holly Raiche wrote:
Alan
I see a lot wrong with it - and I see a lot that I disagree with in Jonathanâs first draft. I have been tied up teaching, but finally have a bit of time to put my thoughts down - and I decidedly do NOT think the IPC/BC is a great model. For a very different view, read the NCSG response- attached. So PLEASE - give people at least a bit more time to look at what Jonathanâs response - and mine.
Holly
On 21 Apr 2018, at 8:20 am, Alan Greenberg <<mailto:alan.greenberg@mcgill.ca>alan.greenberg@mcgill.ca> wrote:
This comment has been circulated within the ALAC and At-Large, but there has not been sufficient time to decide to what extent if it fully accepted. As such, it is being submitted here purely on my personal behalf.
===============
There has been significant community comment that this proposal was originally (and to some extent still is) a creature of the BC.
I APPLAUD that the BC/IPC have taken the initiative to do this! I and many of us have been saying for several months (certainly starting before the Abu Dhabi meeting) that the accreditation model is an absolute key to moving forward.
The BC/IPC have done something and put it down on paper. Bravo!
I think this model is a great start.
I see problems with it, but we need to start the discussion somewhere. What do I see as problematic? * I think the provision to give access to "All users", while it would be nice for me personally, is more than a bit loose. We are going to need something MUCH stronger to grant access over and above the other accredited channels. * A single tier is not sufficient. There should be more granularity based on the uses. Perhaps we could start with this single and improve later, but my preference would be to use the use-cases we have already built to provide more than one few tier (ie more than just a) thin WHOIS, or b) ALL of the data.) * I look forward to the work that the document says the SSAC is doing regarding credentialization. * I STRONGLY support the <https://community.icann.org/download/attachments/84213851/APWG-GDPR-Accreditationplancomments-5April2018-0001.pdf?version=1&modificationDate=1524004586000&api=v2>comments from the Anti-Phishing Working Group (APWG). These comments make the model more effective and implementable. The only one I find possible questionable related to funding the accreditation process. Although I would prefer that it is an integral part of the DNS and WHOIS (and thus funded by ICANN through its normal sources), I would not want to see implementation delayed over this issue. _______________________________________________ Accred-Model mailing list <mailto:Accred-Model@icann.org>Accred-Model@icann.org https://mm.icann.org/mailman/listinfo/accred-model
X-Microsoft-Exchange-Diagnostics:
1;YTOPR01MB0396;27:PKJyDSpsleGA7L6y7RiwBWziWgjRyLKmjJE77denCviuJRonQvhayYu4Jsewrfvt4fIHBqSNNWOBEgH6tcsIpx/yB9IZo4nij6rTRL0swEKjjZoAA+vJDEXnuDHQVhGx X-Microsoft-Antispam-Message-Info:
t7CF4QknGdnCrBtkrn++DCPtIcMwWyxRraaDjbfhq11S3RQdLImsQGC2GtWCSFDrPmNQZou5n5JOlIuZQTOUBeQ6sQP2XaMw7THt/ZDwIDenl+SOx7PZdl8RT4FTdnfTp/o4mTusjq+jfUg8j0l7XQ8HEt8bxT5NHcOqaTSTYFtk/vpY7ogBepV2zUJGrYg40WdJ0o25loPiwyTUj8HJYbr2Fe+CKcEgU+hnYA8On9dj3/MLRrpl2k68WmjhHUAAbq7D+I0Zd3qoD7VB+giyXyNE7P9Pbc8O9hhUzK5L7ztLe5U+grXCSXN8QwH8x0SK7zdFFWywE/MuzgZaGBNAXe2gFr/MWGrv8LmqxMBBFuJzm0dOX+uV77Xdy2Hd9atmu+cU98j8e/5nhFGPnSPEGXWnQK8s2eN7feivbEPsxoZl2a1LBTOAfi0iFxUxh5s5H/THLm7kN3GI29E6blMhZA== Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="NCSG Comments to Draft IPC_BC Purpose Statement Final.docx" Content-Description: NCSG Comments to Draft IPC_BC Purpose Statement Final.docx Content-Disposition: attachment; filename="NCSG Comments to Draft IPC_BC Purpose Statement Final.docx"; size=36187; creation-date="Fri, 20 Apr 2018 22:33:49 GMT"; modification-date="Fri, 20 Apr 2018 22:33:49 GMT" Content-ID: <ED1DF51241BD3343915D6F3ABE3B1724@CANPRD01.PROD.OUTLOOK.COM>
Alan Finally finished my contribution. I know it may not look terribly different, but it makes points that I want to make: ALAC has, in my view, two concerns - not one. Yes, trust in the security and safety of the Internet, but also privacy protections as well we should not be defending the IP community’s - or anyone else’s access to data just because they have used it in the past. Even in Article 29th statement, there is mention not only of LEAs but other governmental authorities - which would include corporate regulators and consumer protection agencies - things we approve of I hope this isn’t too late (remember, it was night time here, which chewed up some of the time I have to respond) Holly On 21 Apr 2018, at 8:32 am, Holly Raiche <h.raiche@internode.on.net> wrote:
Alan
I see a lot wrong with it - and I see a lot that I disagree with in Jonathan’s first draft. I have been tied up teaching, but finally have a bit of time to put my thoughts down - and I decidedly do NOT think the IPC/BC is a great model. For a very different view, read the NCSG response- attached. So PLEASE - give people at least a bit more time to look at what Jonathan’s response - and mine.
Holly
<NCSG Comments to Draft IPC_BC Purpose Statement Final.docx>
On 21 Apr 2018, at 8:20 am, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
This comment has been circulated within the ALAC and At-Large, but there has not been sufficient time to decide to what extent if it fully accepted. As such, it is being submitted here purely on my personal behalf.
===============
There has been significant community comment that this proposal was originally (and to some extent still is) a creature of the BC.
I APPLAUD that the BC/IPC have taken the initiative to do this! I and many of us have been saying for several months (certainly starting before the Abu Dhabi meeting) that the accreditation model is an absolute key to moving forward.
The BC/IPC have done something and put it down on paper. Bravo!
I think this model is a great start.
I see problems with it, but we need to start the discussion somewhere. What do I see as problematic? I think the provision to give access to "All users", while it would be nice for me personally, is more than a bit loose. We are going to need something MUCH stronger to grant access over and above the other accredited channels. A single tier is not sufficient. There should be more granularity based on the uses. Perhaps we could start with this single and improve later, but my preference would be to use the use-cases we have already built to provide more than one few tier (ie more than just a) thin WHOIS, or b) ALL of the data.) I look forward to the work that the document says the SSAC is doing regarding credentialization. I STRONGLY support the comments from the Anti-Phishing Working Group (APWG). These comments make the model more effective and implementable. The only one I find possible questionable related to funding the accreditation process. Although I would prefer that it is an integral part of the DNS and WHOIS (and thus funded by ICANN through its normal sources), I would not want to see implementation delayed over this issue. _______________________________________________ Accred-Model mailing list Accred-Model@icann.org https://mm.icann.org/mailman/listinfo/accred-model
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Good morning Holly, I was looking for the link to see what Jonathan wrote. I wanted to support your position since it’s exactly mine. But I wanted to see Jonathan’ comment to better understand the discussion. As for the capacity building WG, I will ask staff to be sure you are subscribed. The Capacity Building Working Group link is https://community.icann.org/display/atlarge/At-Large+Capacity+Building+Worki... <https://community.icann.org/display/atlarge/At-Large+Capacity+Building+Worki...> In the bottom of the page, you find a table with both 2017 and 2018 program (you can switch from one to the other by clicking on the right space). I also attach the 2018 program for your convenience. Have a nice evening ----------------------------------------------------------------------------- Tijani BEN JEMAA Executive Director Mediterranean Federation of Internet Associations (FMAI) Phone: +216 98 330 114 +216 52 385 114 -----------------------------------------------------------------------------
Le 20 avr. 2018 à 23:32, Holly Raiche <h.raiche@internode.on.net> a écrit :
I see a lot wrong with it - and I see a lot that I disagree with in Jonathan’s first draft. I have been tied up teaching, but finally have a bit of time to put my thoughts down - and I decidedly do NOT think the IPC/BC is a great model. For a very different view, read the NCSG response- attached. So PLEASE - give people at least a bit more time to look at what Jonathan’s response - and mine.
Holly
<NCSG Comments to Draft IPC_BC Purpose Statement Final.docx>
On 21 Apr 2018, at 8:20 am, Alan Greenberg <alan.greenberg@mcgill.ca <mailto:alan.greenberg@mcgill.ca>> wrote:
This comment has been circulated within the ALAC and At-Large, but there has not been sufficient time to decide to what extent if it fully accepted. As such, it is being submitted here purely on my personal behalf.
===============
There has been significant community comment that this proposal was originally (and to some extent still is) a creature of the BC.
I APPLAUD that the BC/IPC have taken the initiative to do this! I and many of us have been saying for several months (certainly starting before the Abu Dhabi meeting) that the accreditation model is an absolute key to moving forward.
The BC/IPC have done something and put it down on paper. Bravo!
I think this model is a great start.
I see problems with it, but we need to start the discussion somewhere. What do I see as problematic? I think the provision to give access to "All users", while it would be nice for me personally, is more than a bit loose. We are going to need something MUCH stronger to grant access over and above the other accredited channels. A single tier is not sufficient. There should be more granularity based on the uses. Perhaps we could start with this single and improve later, but my preference would be to use the use-cases we have already built to provide more than one few tier (ie more than just a) thin WHOIS, or b) ALL of the data.) I look forward to the work that the document says the SSAC is doing regarding credentialization. I STRONGLY support the comments from the Anti-Phishing Working Group (APWG) <https://community.icann.org/download/attachments/84213851/APWG-GDPR-Accredit...>. These comments make the model more effective and implementable. The only one I find possible questionable related to funding the accreditation process. Although I would prefer that it is an integral part of the DNS and WHOIS (and thus funded by ICANN through its normal sources), I would not want to see implementation delayed over this issue.
Thanks Tijani Jonathan’s comments are actually on the ALAC policy page. And after a careful reading, I can agree with most of what Jonathan said. My one concern - and I told him this - is that the whole process MUST start with the purpose question - NOT what the data has been used for in the past. In most privacy regimes, there are exceptions for law enforcement agencies - which can be more broadly drawn, so we can push for a more safe and secure Internet - but on the foundation of the data protection regime. In the end, I think that is where everyone will have to get to. It will just take time. Thank you for your kind thoughts - and for putting me on the capacity building list and for the webinar list. I really found the last one - indeed all the ones I have listened to - very helpful Holly On 22 Apr 2018, at 6:04 pm, Tijani BEN JEMAA <tijani.benjemaa@fmai.org.tn> wrote:
Good morning Holly,
I was looking for the link to see what Jonathan wrote. I wanted to support your position since it’s exactly mine. But I wanted to see Jonathan’ comment to better understand the discussion.
As for the capacity building WG, I will ask staff to be sure you are subscribed. The Capacity Building Working Group link is https://community.icann.org/display/atlarge/At-Large+Capacity+Building+Worki... In the bottom of the page, you find a table with both 2017 and 2018 program (you can switch from one to the other by clicking on the right space). I also attach the 2018 program for your convenience. Have a nice evening <2018_Topics_Proposed_Selected.xlsx>
----------------------------------------------------------------------------- Tijani BEN JEMAA Executive Director Mediterranean Federation of Internet Associations (FMAI) Phone: +216 98 330 114 +216 52 385 114 -----------------------------------------------------------------------------
Le 20 avr. 2018 à 23:32, Holly Raiche <h.raiche@internode.on.net> a écrit :
I see a lot wrong with it - and I see a lot that I disagree with in Jonathan’s first draft. I have been tied up teaching, but finally have a bit of time to put my thoughts down - and I decidedly do NOT think the IPC/BC is a great model. For a very different view, read the NCSG response- attached. So PLEASE - give people at least a bit more time to look at what Jonathan’s response - and mine.
Holly
<NCSG Comments to Draft IPC_BC Purpose Statement Final.docx>
On 21 Apr 2018, at 8:20 am, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
This comment has been circulated within the ALAC and At-Large, but there has not been sufficient time to decide to what extent if it fully accepted. As such, it is being submitted here purely on my personal behalf.
===============
There has been significant community comment that this proposal was originally (and to some extent still is) a creature of the BC.
I APPLAUD that the BC/IPC have taken the initiative to do this! I and many of us have been saying for several months (certainly starting before the Abu Dhabi meeting) that the accreditation model is an absolute key to moving forward.
The BC/IPC have done something and put it down on paper. Bravo!
I think this model is a great start.
I see problems with it, but we need to start the discussion somewhere. What do I see as problematic? I think the provision to give access to "All users", while it would be nice for me personally, is more than a bit loose. We are going to need something MUCH stronger to grant access over and above the other accredited channels. A single tier is not sufficient. There should be more granularity based on the uses. Perhaps we could start with this single and improve later, but my preference would be to use the use-cases we have already built to provide more than one few tier (ie more than just a) thin WHOIS, or b) ALL of the data.) I look forward to the work that the document says the SSAC is doing regarding credentialization. I STRONGLY support the comments from the Anti-Phishing Working Group (APWG). These comments make the model more effective and implementable. The only one I find possible questionable related to funding the accreditation process. Although I would prefer that it is an integral part of the DNS and WHOIS (and thus funded by ICANN through its normal sources), I would not want to see implementation delayed over this issue.
Dear, I did not read Jonathan's comments. The issue of law enforcement agencies: if there is an order from a judge, there is no one who can oppose in any way the delivery of the information requested. Therefore, if there is information considered private, only with an order from a judge can it be delivered. Maybe in our rules, in that kind of information, I should say that it will only be delivered through a court order. Kind regards Alberto De: ALAC <alac-bounces@atlarge-lists.icann.org> En nombre de Holly Raiche Enviado el: domingo, 22 de abril de 2018 08:42 a.m. Para: Tijani BEN JEMAA <tijani.benjemaa@fmai.org.tn> CC: ALAC <alac@atlarge-lists.icann.org>; Alan Greenberg <alan.greenberg@mcgill.ca> Asunto: Re: [ALAC] [Accred-Model] Comment - Alan Greenberg Thanks Tijani Jonathans comments are actually on the ALAC policy page. And after a careful reading, I can agree with most of what Jonathan said. My one concern - and I told him this - is that the whole process MUST start with the purpose question - NOT what the data has been used for in the past. In most privacy regimes, there are exceptions for law enforcement agencies - which can be more broadly drawn, so we can push for a more safe and secure Internet - but on the foundation of the data protection regime. In the end, I think that is where everyone will have to get to. It will just take time. Thank you for your kind thoughts - and for putting me on the capacity building list and for the webinar list. I really found the last one - indeed all the ones I have listened to - very helpful Holly On 22 Apr 2018, at 6:04 pm, Tijani BEN JEMAA <tijani.benjemaa@fmai.org.tn <mailto:tijani.benjemaa@fmai.org.tn> > wrote: Good morning Holly, I was looking for the link to see what Jonathan wrote. I wanted to support your position since its exactly mine. But I wanted to see Jonathan comment to better understand the discussion. As for the capacity building WG, I will ask staff to be sure you are subscribed. The Capacity Building Working Group link is https://community.icann.org/display/atlarge/At-Large+Capacity+Building+Worki ng+Group In the bottom of the page, you find a table with both 2017 and 2018 program (you can switch from one to the other by clicking on the right space). I also attach the 2018 program for your convenience. Have a nice evening <2018_Topics_Proposed_Selected.xlsx> ---------------------------------------------------------------------------- - Tijani BEN JEMAA Executive Director Mediterranean Federation of Internet Associations (FMAI) Phone: +216 98 330 114 +216 52 385 114 ---------------------------------------------------------------------------- - Le 20 avr. 2018 à 23:32, Holly Raiche <h.raiche@internode.on.net <mailto:h.raiche@internode.on.net> > a écrit : I see a lot wrong with it - and I see a lot that I disagree with in Jonathans first draft. I have been tied up teaching, but finally have a bit of time to put my thoughts down - and I decidedly do NOT think the IPC/BC is a great model. For a very different view, read the NCSG response- attached. So PLEASE - give people at least a bit more time to look at what Jonathans response - and mine. Holly <NCSG Comments to Draft IPC_BC Purpose Statement Final.docx> On 21 Apr 2018, at 8:20 am, Alan Greenberg <alan.greenberg@mcgill.ca <mailto:alan.greenberg@mcgill.ca> > wrote: This comment has been circulated within the ALAC and At-Large, but there has not been sufficient time to decide to what extent if it fully accepted. As such, it is being submitted here purely on my personal behalf. =============== There has been significant community comment that this proposal was originally (and to some extent still is) a creature of the BC. I APPLAUD that the BC/IPC have taken the initiative to do this! I and many of us have been saying for several months (certainly starting before the Abu Dhabi meeting) that the accreditation model is an absolute key to moving forward. The BC/IPC have done something and put it down on paper. Bravo! I think this model is a great start. I see problems with it, but we need to start the discussion somewhere. What do I see as problematic? * I think the provision to give access to "All users", while it would be nice for me personally, is more than a bit loose. We are going to need something MUCH stronger to grant access over and above the other accredited channels. * A single tier is not sufficient. There should be more granularity based on the uses. Perhaps we could start with this single and improve later, but my preference would be to use the use-cases we have already built to provide more than one few tier (ie more than just a) thin WHOIS, or b) ALL of the data.) * I look forward to the work that the document says the SSAC is doing regarding credentialization. * I STRONGLY support the comments from the Anti-Phishing Working Group (APWG) <https://community.icann.org/download/attachments/84213851/APWG-GDPR-Accredi tationplancomments-5April2018-0001.pdf?version=1&modificationDate=1524004586 000&api=v2> . These comments make the model more effective and implementable. The only one I find possible questionable related to funding the accreditation process. Although I would prefer that it is an integral part of the DNS and WHOIS (and thus funded by ICANN through its normal sources), I would not want to see implementation delayed over this issue.
participants (4)
-
Alan Greenberg -
Alberto Soto -
Holly Raiche -
Tijani BEN JEMAA