Brian wrote:

 

Some registrar interests that are in conflict (objectively) with providing access are:

a) operational efficiency;

 

MM: would be improved substantially by an SSAD with centralized requesting

 

b) GDPR penalties

 

MM: um, if they get penalized for disclosure, then the disclosure should not have happened, no? You might also think about the risks of concentrating all GDPR liability in a single source.

 

c) future customer business

 

MM: first, registrars have an interest in weeding out true bad guys as much as any of us. But from a data subject view, the impact of market discipline is a feature, not a bug. Switch it around. Would it be reasonable for advocates of end users/registrants to trust authorization providers who have NO accountability to end users? Why would NCSG ever accept that?