To Tijani's point, even registrants are end users and while they are end users, we're trying to protect their interests. It's NOT a distinct group of people but a type of use of the internet which is pervasive. We are ALL "end users" (ie making reservations, doing banking, etc.) MOST of the time. I would content that our job is the represent the interests of people engaged in end user activities. On 8/6/18, 12:08 PM, "GTLD-WG on behalf of Marita Moll" <gtld-wg-bounces@atlarge-lists.icann.org on behalf of mmoll@ca.inter.net> wrote: I am in agreement with Tijani, Holly, Bastian and Michele. Perhaps it is unintentional, but the language does send the message that we are looking more carefully at security than privacy. I am also not convinced that end-users would want us to do that. Marita On 8/3/2018 10:30 AM, Tijani BEN JEMAA wrote: > Very interesting discussion. This issue has been discussed several > times and the positions didn’t change. > What bothers me is the presentation of the registrants interest > as opposite to the remaining users ones. they are not since the > registrants are also subject to the domain abuse. > You are speaking about 4 billion users; these include all: contracted > parties, business, registrants, governments, etc. We are about > defending the interest of all of them as individual end users, not as > registry, registrar, businessman, minister, etc…. > You included the cybersecurity researchers; you know how Cambridge > Analytica got the American data from Facebook? They requested to have > access to these data for research, and the result was the American > election result impacted. > > So, I agree with Bastiaan that we need to be careful and care about > the protection of personal data as well as the prevention of any > harmful use of the domain names, both together. > ----------------------------------------------------------------------------- > *Tijani BEN JEMAA* > Executive Director > Mediterranean Federation of Internet Associations (*FMAI*) > Phone: +216 98 330 114 > +216 52 385 114 > ----------------------------------------------------------------------------- > > >> Le 3 août 2018 à 07:22, Bastiaan Goslings >> <bastiaan.goslings@ams-ix.net <mailto:bastiaan.goslings@ams-ix.net>> >> a écrit : >> >> Thanks for clarifying, Alan. >> >> As a matter of principle I agree with Holly - and Michele. While I >> think I understand the good intent of what you are saying, your >> earlier responses almost sound to me like a false ‘security versus >> privacy’ dichotomy. Like, the number of people (users) that care >> about security as opposed to those (registrants) that want their >> privacy protected to the max is larger. Etc. >> >> Apologies if I am oversimplifying things here, I do not mean to. >> >> In this particular EPDP case though I am convinced that we can find a >> common ground on what the ALAC members and alternates should bring to >> the table. In terms of perceived registrants’ and general Internet >> end-users’ interests. As you rightly state, it is about being GDPR >> compliant. So we do not have to be philosophical about a rather broad >> term like ‘privacy’ and argue about whether it is in conflict with >> e.g. the interest of LEAs. Indeed, ‘Privacy is not absolute’. >> However, ‘due process’ is a(nother) no brainer, not just because it >> might be a legal requirement. From what I understand the work being >> done on defining Access and Accreditation criteria is keeping that >> principle in mind, and within in the MS context of the EPDP we can >> together see to it that it does end up properly enshrined in policy >> and contracts. >> >> -Bastiaan >> >> >> >>> On 3 Aug 2018, at 01:10, Alan Greenberg <alan.greenberg@mcgill.ca >>> <mailto:alan.greenberg@mcgill.ca>> wrote: >>> >>> Holly, the original statement ends with "All within the constraints >>> of GDPR of course." >>> >>> I don't know how to make that clearer. We would be absolutely >>> FOOLISH to argue for anything else, since it will not be implementable. >>> >>> That being said, if through the EPDP or otherwise we can help make >>> the legal argument for why good access for the folks we list at the >>> end is within GDPR, more power to us. >>> >>> GDPR (and eventually similar legislation/regulation elsewhere) is >>> the overall constraint. It is equivalent to the laws of physics >>> which for the moment we need to consider inviolate. >>> >>> So my statement that "other issues trump privacy" is within that >>> context. But just as proportionality governs what GDPR will decree >>> as private in any given case, so it will govern what is not private. >>> It all depends on making the legal argument and ultimately in needed >>> convincing the courts. They are the arbiters, not me or anyone else >>> in ICANN. >>> >>> In the US, there is the constitutional right to freedom of speech, >>> but it is not unconstrained and there are limits to what you are >>> allowed and not allowed to say. And from time to time, the courts >>> and legislatures weigh in and decide where the line is. >>> >>> Alan >>> >>> >>> At 02/08/2018 06:42 PM, Holly Raiche wrote: >>>> Hi Alan >>>> >>>> I have concerns with your statement - and since your reply below, >>>> with our statement of principles for the EPDP. >>>> >>>> As I suggested in my email of 1 August, we need to be VERY clear >>>> that we are NOT arguing against implementation a policy that is >>>> compliant with the GDPR. We are arguing for other issues that >>>> impact on users - WITHIN the umbrella of the GDPR. And if we do >>>> not make that very clear, then we look as if we are not prepared to >>>> operate within the bounds of the EPDP - which is all about >>>> developing a new policy to replace the RDS requirements that will >>>> allow registries/registrars to comply with their ICANN contracts >>>> and operate within the GDPR framework. >>>> >>>> So your statement below that yes, other issues trump privacy - >>>> misstates that. What we are (or should be) arguing for is a >>>> balance of rights of access that - to the greatest extend possible >>>> - recognises the value of RDS to some constituencies with >>>> legitimate purposes - WITHIN the GDPR framework. That implicitly >>>> accepts that people/organisations that once had free and >>>> unrestricted access to the data will no longer have that open access. >>>> >>>> And for ALAC generally, I will repeat what I said in my 1 August >>>> email - our statement of principles must be VERY clear that we are >>>> NOT arguing for a new RDS policy that goes outside of the GDPR. >>>> >>>> Holly >>>> >>>> >>>> On 3 Aug 2018, at 1:29 am, Alan Greenberg <alan.greenberg@mcgill.ca >>>> <mailto:alan.greenberg@mcgill.ca> > wrote: >>>> >>>>> At 02/08/2018 10:37 AM, Michele Neylon - Blacknight wrote: >>>>>> Jonathan / Alan >>>>>> >>>>>> Thanks for the clarifications. >>>>>> >>>>>> 3 - I don't know how you can know what the interests of a user >>>>>> are. The assumption you seem to be making is that due process and >>>>>> privacy should take a backseat to access to data >>>>> >>>>> Privacy is not absolute but based on various other issues. So yes, >>>>> we are saying that in some cases, the other issues trump privacy. >>>>> Perhaps we differ on where the dividing line is. >>>>> >>>>> >>>>>> 4 - Same as 3. Plenty of ccTLDs never offered PII in their public >>>>>> whois and there weren't any issues with security or stability. >>>>>> >>>>>> Skipping due process for "ease of access" is a very slippery and >>>>>> dangerous slope. >>>>> >>>>> Both here and in reply to #3, the term "due process" tends to be >>>>> used in reference to legal constraints associated with law >>>>> enforcement actions as sanctioned by laws and courts. That is one >>>>> path to unlocking otherwise private information. A major aspect of >>>>> the GDPR implementation will be identifying other less cumbersome >>>>> and restricted processes for accessing WHOIS data by a variety of >>>>> partners. It will not be unconstrained nor will it be as >>>>> cumbersome as going to court (hopefully). >>>>> >>>>> Alan >>>>> >>>>> >>>>>> Regards >>>>>> >>>>>> Michele >>>>>> >>>>>> >>>>>> -- >>>>>> Mr Michele Neylon >>>>>> Blacknight Solutions >>>>>> Hosting, Colocation & Domains >>>>>> https://www.blacknight.com/ >>>>>> https://blacknight.blog/ >>>>>> Intl. +353 (0) 59 9183072 >>>>>> Direct Dial: +353 (0)59 9183090 >>>>>> Personal blog: https://michele.blog/ >>>>>> Some thoughts: https://ceo.hosting/ >>>>>> ------------------------------- >>>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business >>>>>> Park,Sleaty >>>>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 >>>>>> >>>>>> On 02/08/2018, 15:03, "Jonathan Zuck" >>>>>> <JZuck@innovatorsnetwork.org> wrote: >>>>>> >>>>>> Thanks Michele! >>>>>> 3. Where there appears to be a conflict of interest between a >>>>>> registrant and non-registrant end user, we'll be endeavoring to >>>>>> represent the interests of the non-registrant end user. >>>>>> 4. Related to 3. This is simply an affirmation of the interests >>>>>> of end users in a stable and secure internet and it is those >>>>>> interests we'll be representing. We've included law enforcement >>>>>> because efficiencies regarding their access may come up. Just >>>>>> because there's always a way for them to get to data doesn't mean >>>>>> it's the best way. >>>>>> >>>>>> Make sense? >>>>>> Jonathan >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: GTLD-WG <gtld-wg-bounces@atlarge-lists.icann.org> On >>>>>> Behalf Of Michele Neylon - Blacknight >>>>>> Sent: Wednesday, August 1, 2018 12:34 PM >>>>>> To: Alan Greenberg <alan.greenberg@mcgill.ca>; CPWG >>>>>> <cpwg@icann.org> >>>>>> Subject: Re: [GTLD-WG] [CPWG] [registration-issues-wg] ALAC >>>>>> Statement regarding EPDP >>>>>> >>>>>> Alan >>>>>> >>>>>> 1 - good >>>>>> 2 - good >>>>>> 3 - I don't understand what that means >>>>>> 4 - Why are you combining law enforcement and private parties? >>>>>> Law enforcement can always get access to data when they follow >>>>>> due process. >>>>>> >>>>>> Regards >>>>>> >>>>>> Michele >>>>>> >>>>>> >>>>>> -- >>>>>> Mr Michele Neylon >>>>>> Blacknight Solutions >>>>>> Hosting, Colocation & Domains >>>>>> https://www.blacknight.com/ >>>>>> https://blacknight.blog/ >>>>>> Intl. +353 (0) 59 9183072 >>>>>> Direct Dial: +353 (0)59 9183090 >>>>>> Personal blog: https://michele.blog/ >>>>>> Some thoughts: https://ceo.hosting/ >>>>>> ------------------------------- >>>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business >>>>>> Park,Sleaty >>>>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 >>>>>> >>>>>> On 01/08/2018, 17:27, "registration-issues-wg on behalf of Alan >>>>>> Greenberg" >>>>>> <registration-issues-wg-bounces@atlarge-lists.icann.org on behalf >>>>>> of alan.greenberg@mcgill.ca> wrote: >>>>>> >>>>>> Yesterday, the EPDP Members were asked to present a 1-3 minute >>>>>> summary of their groups position in regard to the EPDP. The >>>>>> following >>>>>> is the statement agreed to by me, Hadia, Holly and Seun. >>>>>> >>>>>> 1. The ALAC believes that the EPDP MUST succeed and will >>>>>> be working >>>>>> toward that end. >>>>>> >>>>>> 2. We have a support structure that we are organizing to >>>>>> ensure >>>>>> that what we present here is understood by our community >>>>>> and has >>>>>> their input and support. >>>>>> >>>>>> 3. The ALAC believes that individual registrants are >>>>>> users and we >>>>>> have regularly worked on their behalf (as in the PDP that we >>>>>> initiated to protect registrant rights when their domains >>>>>> expire), if >>>>>> registrant needs differ from those of the 4 billion >>>>>> Internet users >>>>>> who are not registrants, those latter needs take precedence. We >>>>>> believe that GDPR and this EPDP are such a situation. >>>>>> >>>>>> 4. Although some Internet users consult WHOIS and will >>>>>> not be able >>>>>> to do so in some cases going forward, our main concern is >>>>>> access for >>>>>> those third parties who work to ensure that the Internet is >>>>>> a safe >>>>>> and secure place for users and that means that law enforcement, >>>>>> cybersecurity researchers, those combatting fraud in domain >>>>>> names, >>>>>> and others who help protect users from phishing, malware, spam, >>>>>> fraud, DDoS attacks and such can work with minimal reduction in >>>>>> access to WHOIS data. All within the constraints of GDPR of >>>>>> course. >>>>>> >>>>>> _______________________________________________ >>>>>> CPWG mailing list >>>>>> CPWG@icann.org >>>>>> https://mm.icann.org/mailman/listinfo/cpwg >>>>>> _______________________________________________ >>>>>> registration-issues-wg mailing list >>>>>> registration-issues-wg@atlarge-lists.icann.org >>>>>> https://mm.icann.org/mailman/listinfo/registration-issues-wg >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> CPWG mailing list >>>>>> CPWG@icann.org >>>>>> https://mm.icann.org/mailman/listinfo/cpwg >>>>>> _______________________________________________ >>>>>> GTLD-WG mailing list >>>>>> GTLD-WG@atlarge-lists.icann.org >>>>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg >>>>>> >>>>>> Working Group direct URL: >>>>>> https://community.icann.org/display/atlarge/New+GTLDs >>>>> >>>>> _______________________________________________ >>>>> CPWG mailing list >>>>> CPWG@icann.org <mailto:CPWG@icann.org> >>>>> https://mm.icann.org/mailman/listinfo/cpwg >>>>> _______________________________________________ >>>>> registration-issues-wg mailing list >>>>> registration-issues-wg@atlarge-lists.icann.org >>>>> https://mm.icann.org/mailman/listinfo/registration-issues-wg >>> _______________________________________________ >>> CPWG mailing list >>> CPWG@icann.org <mailto:CPWG@icann.org> >>> https://mm.icann.org/mailman/listinfo/cpwg >> >> _______________________________________________ >> CPWG mailing list >> CPWG@icann.org <mailto:CPWG@icann.org> >> https://mm.icann.org/mailman/listinfo/cpwg > > > > _______________________________________________ > CPWG mailing list > CPWG@icann.org > https://mm.icann.org/mailman/listinfo/cpwg