Unified Access Model published for community input
All, As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input. https://www.icann.org/news/blog/possible-unified-access-model -published-for-community-input The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks! Greg -- Greg Shatan greg@isoc-ny.org "The Internet is for everyone"
Dear Greg Shatan: Thankyou for this draft. Please find below a few comments on my part. May I draw particular attention to the point about no bulk access. Regards Christopher Wilkinson ------------------------------- Proposed Framework for Unified Access Model – GDPR/WHOIS I would have the following comments and suggestions on the draft that we have received. They are noted in the order in which they appear in the document, not in the order of importance. I have focussed on a few high-profile issues. Most of the rest of the draft seems to be quite reasonable, if rather long in this context. A. Introduction 1. Intellectual Property Rights Holders. (p.3): It would be useful to specify from the beginning that this refers to the individual rights holder of a specific IPR and not to any agent or other third party. This definition should be incorporated into the qualifications for predictable access. B. Brief Summary… 2. 'appropriate balance… is not over ridden…' (p. 3): This formulation is unsettling. Some parts of the ICANN community seem to still think that the status quo ante was an appropriate balance, whereas it was largely infringing European data protection and privacy law, long before GDPR. 3. Terms of Use (pp 3-4): Speak of 'the eligible user'. It is not clear who are the 'groups', if any. E. Community Views (p.7): I can imagine the advantages of the 'decentralized' authentication process, but it should come with certain strict caveats. * certainly NOT separate authenticating bodies for each type of eligible user group. That would be a classic poacher/gamekeeper situation. * if decentralization is done on a geographical basis, there should be no extraterritoriality, notably with law-enforcement. * (NB the use of the word 'returned' is ambiguous to most uninstructed readers; returned by who to whom?) * The option of a 'centralized repository' (p.14) would doubtless prove to be unfeasible in light of the languages, scripts and jurisdictions involved. F. Summary Description: 'User groups might include IPR holders' (p.9). On the basis of authenticating only the primary right holder, not agents and other third parties. Who provides access? (p. 10): This has to be BOTH Registries and Registrars. The boundary between the two business categories has become blurred since the flawed vertical integration practice was allowed. It would be helpful to clarify that in the case of a Registrar holding multiple Registries, where exactly is the WHOIS data retained? 'Scope of data available…' (p.12): We have known for more than 20 years that bulk access breached data protection laws. That ICANN still adumbrates this option is frankly surprising. Strongly recommend deletion of that paragraph (pp. 11-12). 'Terms of use' (pp. 14-15): The proposal provides that data shall not be forwarded to unauthorized third parties, of course. But the paper is silent about the duration of retention and final deletion of accessed data. The authorized users should not be able to accumulate data that they acquire through their access to Whois. Christopher Wilkinson 23 August 2018
El 23 de agosto de 2018 a las 6:25 Greg Shatan <greg@isoc-ny.org> escribió:
All,
As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input.
https://www.icann.org/news/blog/possible-unified-access-model -published-for-community-input
The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...>
I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks!
Greg -- Greg Shatan greg@isoc-ny.org
"The Internet is for everyone"
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
Dear Christopher, Do you want your comments attached published separately under your name, or are they meant to be a part of a larger group submitting a combined document for publishing? Thank you. From: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Reply-To: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Date: Thursday, August 23, 2018 at 15:09 To: Greg Shatan <greg@isoc-ny.org>, CPWG <cpwg@icann.org> Cc: "gdpr@icann.org" <gdpr@icann.org> Subject: [Ext] Re: [GTLD-WG] [CPWG] Unified Access Model published for community input Dear Greg Shatan: Thankyou for this draft. Please find below a few comments on my part. May I draw particular attention to the point about no bulk access. Regards Christopher Wilkinson ------------------------------- Proposed Framework for Unified Access Model – GDPR/WHOIS I would have the following comments and suggestions on the draft that we have received. They are noted in the order in which they appear in the document, not in the order of importance. I have focussed on a few high-profile issues. Most of the rest of the draft seems to be quite reasonable, if rather long in this context. A. Introduction 1. Intellectual Property Rights Holders. (p.3): It would be useful to specify from the beginning that this refers to the individual rights holder of a specific IPR and not to any agent or other third party. This definition should be incorporated into the qualifications for predictable access. B. Brief Summary… 2. 'appropriate balance… is not over ridden…' (p. 3): This formulation is unsettling. Some parts of the ICANN community seem to still think that the status quo ante was an appropriate balance, whereas it was largely infringing European data protection and privacy law, long before GDPR. 3. Terms of Use (pp 3-4): Speak of 'the eligible user'. It is not clear who are the 'groups', if any. E. Community Views (p.7): I can imagine the advantages of the 'decentralized' authentication process, but it should come with certain strict caveats. * certainly NOT separate authenticating bodies for each type of eligible user group. That would be a classic poacher/gamekeeper situation. * if decentralization is done on a geographical basis, there should be no extraterritoriality, notably with law-enforcement. * (NB the use of the word 'returned' is ambiguous to most uninstructed readers; returned by who to whom?) * The option of a 'centralized repository' (p.14) would doubtless prove to be unfeasible in light of the languages, scripts and jurisdictions involved. F. Summary Description: 'User groups might include IPR holders' (p.9). On the basis of authenticating only the primary right holder, not agents and other third parties. Who provides access? (p. 10): This has to be BOTH Registries and Registrars. The boundary between the two business categories has become blurred since the flawed vertical integration practice was allowed. It would be helpful to clarify that in the case of a Registrar holding multiple Registries, where exactly is the WHOIS data retained? 'Scope of data available…' (p.12): We have known for more than 20 years that bulk access breached data protection laws. That ICANN still adumbrates this option is frankly surprising. Strongly recommend deletion of that paragraph (pp. 11-12). 'Terms of use' (pp. 14-15): The proposal provides that data shall not be forwarded to unauthorized third parties, of course. But the paper is silent about the duration of retention and final deletion of accessed data. The authorized users should not be able to accumulate data that they acquire through their access to Whois. Christopher Wilkinson 23 August 2018 El 23 de agosto de 2018 a las 6:25 Greg Shatan <greg@isoc-ny.org> escribió: All, As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input. https://www.icann.org/news/blog/possible-unified-access-model [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_news_blog...> -published-for-community-input The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks! Greg -- Greg Shatan greg@isoc-ny.org "The Internet is for everyone" _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg [atlarge-lists.icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__atlarge-2Dlists.icann.o...> Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
Well, both. I replied in the context of CPWG, but my views go beyond current responses. Because I have a long historical perspective. I shall return to this question when I know what CPWG makes of this and other comments. CW PS: Who are you? Who wrote the (unsigned) paper in the first place ?
El 23 de agosto de 2018 a las 21:17 GDPR Questions <gdpr-questions@icann.org> escribió:
Dear Christopher,
Do you want your comments attached published separately under your name, or are they meant to be a part of a larger group submitting a combined document for publishing?
Thank you.
From: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Reply-To: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Date: Thursday, August 23, 2018 at 15:09 To: Greg Shatan <greg@isoc-ny.org>, CPWG <cpwg@icann.org> Cc: "gdpr@icann.org" <gdpr@icann.org> Subject: [Ext] Re: [GTLD-WG] [CPWG] Unified Access Model published for community input
Dear Greg Shatan:
Thankyou for this draft. Please find below a few comments on my part. May I draw particular attention to the point about no bulk access.
Regards
Christopher Wilkinson
-------------------------------
Proposed Framework for Unified Access Model – GDPR/WHOIS
I would have the following comments and suggestions on the draft that we have received. They are noted in the order in which they appear in the document, not in the order of importance. I have focussed on a few high-profile issues. Most of the rest of the draft seems to be quite reasonable, if rather long in this context.
A. Introduction
1. Intellectual Property Rights Holders. (p.3): It would be useful to specify from the beginning that this refers to the individual rights holder of a specific IPR and not to any agent or other third party. This definition should be incorporated into the qualifications for predictable access.
B. Brief Summary…
2. 'appropriate balance… is not over ridden…' (p. 3): This formulation is unsettling. Some parts of the ICANN community seem to still think that the status quo ante was an appropriate balance, whereas it was largely infringing European data protection and privacy law, long before GDPR.
3. Terms of Use (pp 3-4): Speak of 'the eligible user'. It is not clear who are the 'groups', if any.
E. Community Views (p.7):
I can imagine the advantages of the 'decentralized' authentication process, but it should come with certain strict caveats.
* certainly NOT separate authenticating bodies for each type of eligible user group. That would be a classic poacher/gamekeeper situation.
* if decentralization is done on a geographical basis, there should be no extraterritoriality, notably with law-enforcement. * (NB the use of the word 'returned' is ambiguous to most uninstructed readers; returned by who to whom?)
* The option of a 'centralized repository' (p.14) would doubtless prove to be unfeasible in light of the languages, scripts and jurisdictions involved.
F. Summary Description:
'User groups might include IPR holders' (p.9). On the basis of authenticating only the primary right holder, not agents and other third parties.
Who provides access? (p. 10): This has to be BOTH Registries and Registrars. The boundary between the two business categories has become blurred since the flawed vertical integration practice was allowed.
It would be helpful to clarify that in the case of a Registrar holding multiple Registries, where exactly is the WHOIS data retained?
'Scope of data available…' (p.12): We have known for more than 20 years that bulk access breached data protection laws. That ICANN still adumbrates this option is frankly surprising. Strongly recommend deletion of that paragraph (pp. 11-12).
'Terms of use' (pp. 14-15): The proposal provides that data shall not be forwarded to unauthorized third parties, of course. But the paper is silent about the duration of retention and final deletion of accessed data. The authorized users should not be able to accumulate data that they acquire through their access to Whois.
Christopher Wilkinson
23 August 2018
> >
El 23 de agosto de 2018 a las 6:25 Greg Shatan <greg@isoc-ny.org> escribió:
All,
As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input.
https://www.icann.org/news/blog/possible-unified-access-model [icann.org] https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_news_blog... -published-for-community-input
The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...>
I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks!
Greg -- Greg Shatan greg@isoc-ny.org
"The Internet is for everyone"
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg [atlarge-lists.icann.org] https://urldefense.proofpoint.com/v2/url?u=https-3A__atlarge-2Dlists.icann.o...
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
>
Dear Christopher, My name is Diana Middleton, and I’m a project manager at ICANN working on GDPR, including going through submissions via our gdpr@icann.org<mailto:gdpr@icann.org> inbox. This proposed version of a unified access model builds on work from across the ICANN organization as well as discussions with the broader community and the European Data Protection Board. I will publish the comments you submitted separately per your request. Best, Diana From: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Reply-To: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Date: Thursday, August 23, 2018 at 13:28 To: Greg Shatan <greg@isoc-ny.org>, GDPR Questions <gdpr-questions@icann.org>, CPWG <cpwg@icann.org> Subject: Re: [Ext] Re: [GTLD-WG] [CPWG] Unified Access Model published for community input Well, both. I replied in the context of CPWG, but my views go beyond current responses. Because I have a long historical perspective. I shall return to this question when I know what CPWG makes of this and other comments. CW PS: Who are you? Who wrote the (unsigned) paper in the first place ? El 23 de agosto de 2018 a las 21:17 GDPR Questions <gdpr-questions@icann.org> escribió: Dear Christopher, Do you want your comments attached published separately under your name, or are they meant to be a part of a larger group submitting a combined document for publishing? Thank you. From: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Reply-To: "mail@christopherwilkinson.eu CW" <mail@christopherwilkinson.eu> Date: Thursday, August 23, 2018 at 15:09 To: Greg Shatan <greg@isoc-ny.org>, CPWG <cpwg@icann.org> Cc: "gdpr@icann.org" <gdpr@icann.org> Subject: [Ext] Re: [GTLD-WG] [CPWG] Unified Access Model published for community input Dear Greg Shatan: Thankyou for this draft. Please find below a few comments on my part. May I draw particular attention to the point about no bulk access. Regards Christopher Wilkinson ------------------------------- Proposed Framework for Unified Access Model – GDPR/WHOIS I would have the following comments and suggestions on the draft that we have received. They are noted in the order in which they appear in the document, not in the order of importance. I have focussed on a few high-profile issues. Most of the rest of the draft seems to be quite reasonable, if rather long in this context. A. Introduction 1. Intellectual Property Rights Holders. (p.3): It would be useful to specify from the beginning that this refers to the individual rights holder of a specific IPR and not to any agent or other third party. This definition should be incorporated into the qualifications for predictable access. B. Brief Summary… 2. 'appropriate balance… is not over ridden…' (p. 3): This formulation is unsettling. Some parts of the ICANN community seem to still think that the status quo ante was an appropriate balance, whereas it was largely infringing European data protection and privacy law, long before GDPR. 3. Terms of Use (pp 3-4): Speak of 'the eligible user'. It is not clear who are the 'groups', if any. E. Community Views (p.7): I can imagine the advantages of the 'decentralized' authentication process, but it should come with certain strict caveats. * certainly NOT separate authenticating bodies for each type of eligible user group. That would be a classic poacher/gamekeeper situation. * if decentralization is done on a geographical basis, there should be no extraterritoriality, notably with law-enforcement. * (NB the use of the word 'returned' is ambiguous to most uninstructed readers; returned by who to whom?) * The option of a 'centralized repository' (p.14) would doubtless prove to be unfeasible in light of the languages, scripts and jurisdictions involved. F. Summary Description: 'User groups might include IPR holders' (p.9). On the basis of authenticating only the primary right holder, not agents and other third parties. Who provides access? (p. 10): This has to be BOTH Registries and Registrars. The boundary between the two business categories has become blurred since the flawed vertical integration practice was allowed. It would be helpful to clarify that in the case of a Registrar holding multiple Registries, where exactly is the WHOIS data retained? 'Scope of data available…' (p.12): We have known for more than 20 years that bulk access breached data protection laws. That ICANN still adumbrates this option is frankly surprising. Strongly recommend deletion of that paragraph (pp. 11-12). 'Terms of use' (pp. 14-15): The proposal provides that data shall not be forwarded to unauthorized third parties, of course. But the paper is silent about the duration of retention and final deletion of accessed data. The authorized users should not be able to accumulate data that they acquire through their access to Whois. Christopher Wilkinson 23 August 2018 El 23 de agosto de 2018 a las 6:25 Greg Shatan <greg@isoc-ny.org> escribió: All, As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input. https://www.icann.org/news/blog/possible-unified-access-model [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_news_blog...> -published-for-community-input The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks! Greg -- Greg Shatan greg@isoc-ny.org "The Internet is for everyone" _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg [atlarge-lists.icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__atlarge-2Dlists.icann.o...> Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
Hello, Greg: I apologize for being so late with my reply here. I have read Chris' remarks and I do take point on the subject of “separate authenticating bodies for each type of eligible user group” and he is right about the possibility of gaming strategies. On the other hand, it may be difficult to avoid this in some cases. Certain groups have accreditation/governing bodies that might be used for this purpose – they have already validated their “community members”. The challenge here is to examine the gaming possibilities and build mechanisms to avoid them. On Chris' concern about data retention: I would recommend that the intended data retention period be part of the data access request, along with a statement of purpose that covers the proposed use of the data and its retention. On the topic of bulk data access, we need a much sharper definition of what we mean by this. It certainly cannot be a wholesale download of the whole, or even part of the database. It might be, for example, a stream of selected fields across a region that is to be used for statistical purposes (and with a tightly restricted retention period). This sort of access needs to be spelled out. Requests by Law Enforcement Agencies present their own challenges, though. On some of the questions in Section E (pages 7-8): 1. I believe that requests for non-public WHOIS data should describe its purpose on each request. I really need to see the arguments against this. 2. Full WHOIS data should not be returned on a request unless that request specifically asks for it and provides a legitimate reason. 3. Again, I would need to see the arguments against this one, but I feel that the registrant should be allowed to request access to the logs of query activities. On question 5 (page 8) the suggestion that fees would be desirable has been mentioned in discussions I have had, including with members of my ALS. There was some sympathy for the position some Registrars have taken; another suggestion was that this might curb “frivolous” requests. Regards, Gordon Chillcott Greater Toronto Area Linux Users Group On Thu, 2018-08-23 at 00:25 -0400, Greg Shatan wrote:
All,
As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input.
https://www.icann.org/news/blog/possible-unified-access-model-published-for-...
The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion
I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks!
Greg
-- Greg Shatan greg@isoc-ny.org
"The Internet is for everyone" _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
I am going to take many exceptions to all of this. I am one of those individuals who track down spammers. I know several other people who do similar work, but this is not a business per se. As a mail service provider I use the Whois information in deciding to filter, capture, block spam. Spam filters may do this. I capture Whois information of some spam coming in to detect patterns, determine if the spam is in violation of California law and to determine if I will file a lawsuit. Whether I am a lawyer is not relevant as I have brought lawsuits on my own. Even if I did decide to retain an attorney, I would have had to make the determination to bring a lawsuit. What people seemed to have ignored, or forgotten, is that the domain name registration is voluntary and one does not need to register a domain name. What about the right of a recipient knowing the identity of the person sending them e-mail? What about the right of a mail service provider to be able to determine who is using my resources and determine if the person is a spammer? What about Spamhaus? Doesn't Spamhaus use this information to identify and track spammers? What about other spam filters or reporters? On Tue, August 28, 2018 10:41 am, Gordon Chillcott wrote:
Hello, Greg:
I apologize for being so late with my reply here.
I have read Chris' remarks and I do take point on the subject of âseparate authenticating bodies for each type of eligible user groupâ and he is right about the possibility of gaming strategies. On the other hand, it may be difficult to avoid this in some cases. Certain groups have accreditation/governing bodies that might be used for this purpose â they have already validated their âcommunity membersâ.
The challenge here is to examine the gaming possibilities and build mechanisms to avoid them.
On Chris' concern about data retention: I would recommend that the intended data retention period be part of the data access request, along with a statement of purpose that covers the proposed use of the data and its retention.
On the topic of bulk data access, we need a much sharper definition of what we mean by this. It certainly cannot be a wholesale download of the whole, or even part of the database. It might be, for example, a stream of selected fields across a region that is to be used for statistical purposes (and with a tightly restricted retention period). This sort of access needs to be spelled out. Requests by Law Enforcement Agencies present their own challenges, though.
On some of the questions in Section E (pages 7-8):
1. I believe that requests for non-public WHOIS data should describe its purpose on each request. I really need to see the arguments against this.
2. Full WHOIS data should not be returned on a request unless that request specifically asks for it and provides a legitimate reason.
3. Again, I would need to see the arguments against this one, but I feel that the registrant should be allowed to request access to the logs of query activities.
On question 5 (page 8) the suggestion that fees would be desirable has been mentioned in discussions I have had, including with members of my ALS. There was some sympathy for the position some Registrars have taken; another suggestion was that this might curb âfrivolousâ requests.
Regards,
Gordon Chillcott Greater Toronto Area Linux Users Group
On Thu, 2018-08-23 at 00:25 -0400, Greg Shatan wrote:
All,
As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input.
https://www.icann.org/news/blog/possible-unified-access-model-published-for-...
The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data â For Discussion
I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks!
Greg
-- Greg Shatan greg@isoc-ny.org
"The Internet is for everyone" _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
Bill, I would have seen your email earlier, but it was caught in my spam filter. Best regards, Greg On Tue, Aug 28, 2018 at 2:22 PM Bill Silverstein <"icann.org@sorehands.com"@ sorehands.com> wrote:
I am going to take many exceptions to all of this.
I am one of those individuals who track down spammers. I know several other people who do similar work, but this is not a business per se.
As a mail service provider I use the Whois information in deciding to filter, capture, block spam. Spam filters may do this.
I capture Whois information of some spam coming in to detect patterns, determine if the spam is in violation of California law and to determine if I will file a lawsuit. Whether I am a lawyer is not relevant as I have brought lawsuits on my own. Even if I did decide to retain an attorney, I would have had to make the determination to bring a lawsuit.
What people seemed to have ignored, or forgotten, is that the domain name registration is voluntary and one does not need to register a domain name.
What about the right of a recipient knowing the identity of the person sending them e-mail? What about the right of a mail service provider to be able to determine who is using my resources and determine if the person is a spammer? What about Spamhaus? Doesn't Spamhaus use this information to identify and track spammers? What about other spam filters or reporters?
On Tue, August 28, 2018 10:41 am, Gordon Chillcott wrote:
Hello, Greg:
I apologize for being so late with my reply here.
I have read Chris' remarks and I do take point on the subject of “separate authenticating bodies for each type of eligible user group†and he is right about the possibility of gaming strategies. On the other hand, it may be difficult to avoid this in some cases. Certain groups have accreditation/governing bodies that might be used for this purpose – they have already validated their “community members†.
The challenge here is to examine the gaming possibilities and build mechanisms to avoid them.
On Chris' concern about data retention: I would recommend that the intended data retention period be part of the data access request, along with a statement of purpose that covers the proposed use of the data and its retention.
On the topic of bulk data access, we need a much sharper definition of what we mean by this. It certainly cannot be a wholesale download of the whole, or even part of the database. It might be, for example, a stream of selected fields across a region that is to be used for statistical purposes (and with a tightly restricted retention period). This sort of access needs to be spelled out. Requests by Law Enforcement Agencies present their own challenges, though.
On some of the questions in Section E (pages 7-8):
1. I believe that requests for non-public WHOIS data should describe its purpose on each request. I really need to see the arguments against this.
2. Full WHOIS data should not be returned on a request unless that request specifically asks for it and provides a legitimate reason.
3. Again, I would need to see the arguments against this one, but I feel that the registrant should be allowed to request access to the logs of query activities.
On question 5 (page 8) the suggestion that fees would be desirable has been mentioned in discussions I have had, including with members of my ALS. There was some sympathy for the position some Registrars have taken; another suggestion was that this might curb “frivolous†requests.
Regards,
Gordon Chillcott Greater Toronto Area Linux Users Group
On Thu, 2018-08-23 at 00:25 -0400, Greg Shatan wrote:
All,
As mentioned on today's CPWG call, ICANN org published a blog earlier this week releasing the proposed Unified Access Model for community input.
https://www.icann.org/news/blog/possible-unified-access-model-published-for-...
The proposal itself can be found here: Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion
I am the penholder on this comment. Please reply to this email if your are interested in commenting. Thanks!
Greg
-- Greg Shatan greg@isoc-ny.org
"The Internet is for everyone" _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
-- Greg Shatan greg@isoc-ny.org "The Internet is for everyone"
participants (5)
-
Bill Silverstein -
GDPR Questions -
Gordon Chillcott -
Greg Shatan -
mail@christopherwilkinson.eu CW