Exactly right.

Sent from my iPhone

On Mar 10, 2023, at 5:49 PM, Paul McGrady <paul@elstermcgrady.com> wrote:



Thanks Steve.

 

I wouldn’t be surprised if the WHOIS queries are as significantly less as you suggest.  But that doesn’t mean that the problem is solved.  This is like saying that people used to turn the water faucet on for water 5 billion times a day but since water doesn’t come out anymore and people quit trying to turn it on (it would be insane to keep doing something that isn’t working) that the water shortage has been solved. 

 

Best,

Paul

 

 

From: Steve Crocker <steve@shinkuro.com>
Sent: Friday, March 10, 2023 5:04 PM
To: Paul McGrady <paul@elstermcgrady.com>
Cc: Marika Konings <marika.konings@icann.org>; gnso-epdpp2-smallteam@icann.org; Steve Crocker <steve@shinkuro.com>
Subject: Re: [GNSO-EPDPP2-SmallTeam] EPDP Phase 2 Small Team meeting at ICANN76

 

Paul,

 

Your comment and question are entirely appropriate.  I don't have the kind of data you're asking for and that I too would ask for if someone else said this, so I'll accept the label of "Crocker's opinion."  That said, I understand the total number of whois queries prior to GDPR was on the order of five billion per month.  That includes queries for what we would now consider public as well as non-public data, and it includes both the ccTLDs and gTLDs.

 

Five billion is a big number.  I don't know what the current query level is, but I believe it is less.  And not just a little bit less, but hugely less.  I'd guess it's closer to 1/1000 of the prior level.

 

As a general, you can't change a key part of any system by a factor of a thousand without making a major impact.  Where did those five billion queries per month go?  What were people doing with them, and what are they doing instead?

 

I haven't seen any attempt to provide a sensible understanding.  It still needs to be done.

 

Thanks,

 

Steve

 

 

On Fri, Mar 10, 2023 at 4:44 PM Paul McGrady <paul@elstermcgrady.com> wrote:

Thank Steve.  I would be interested in any data or studies that you have seen that support this proposition:

 

“It has taken several years to reach this point.  In the meantime, those who had made use of the Whois system for legitimate purposes have evolved toward using other methods to meet their needs.  An evaluation of the RDRS must include the broader picture in order to understand where the RDRS -- or any other replacement of the Whois system -- will fit in the overall ecosystem.  In the extreme, ne could argue that the world has gotten along well enough without any systematic solution for access to non public registration data, so there's no need to do anything.  Any attempt to define measures of success will need to address this situation.”

 

If you have no data or studies, can you just confirm that we are in the zone of your personal opinion?  That still carries weight, of course, but this reads as fact claims and I would be very interested in any factual support you may have.  I doubt those who have been phished, defrauded, or trafficked think “the world has gotten along well enough” but that is, of course, in the zone of my opinion.

 

Safe travels,

Paul

 

 

 

From: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org> On Behalf Of Steve Crocker
Sent: Friday, March 10, 2023 12:43 PM
To: Marika Konings <marika.konings@icann.org>; gnso-epdpp2-smallteam@icann.org
Subject: Re: [GNSO-EPDPP2-SmallTeam] EPDP Phase 2 Small Team meeting at ICANN76

 

Marika, et al,

 

I will be in the air headed to Cancún tomorrow during this meeting.  I remain very interested and will stay involved, but I cannot attend tomorrow.  I will read the transcript as soon as it's available.

 

My understanding is the board has approved the implementation of the system, now renamed as the Registration Data Request System, but has asked that the criteria and measures of success be defined.  My concerns about this system include the following.

  1. There has been no work toward developing a set of guidelines or agreements on what requests will be honored.  The formal stance from ICANN Org is that each registrar will have to make its own determination for each and every request.

    It's easy to understand ICANN Org's position: it avoids all liability in case someone objects to particular disclosures.  On the other hand, this process doesn't scale well.  Both the requesters and the registrars will benefit if there is at least some degree of order and certainty.

    We can expect that as requesters and registrars gain experience with this system, they will begin to see patterns that have worked previously.  Requesters will tend to tailor their requests to match prior successful queries, and they will likely tend to avoid making requests that are similar to previously failed attempts.  Similarly, on the registrar side of this equation, registrars will likely streamline their internal processing to reduce the cost and time of handling requests that are comfortably similar to previously honored requests.

    The above scenario can be improved quite a bit if the requesters share information with each other, if the registrars share information with each other, and if the requesters and registrars jointly share information.

    Thus, the first improvement to make is to either create or ask the requesters and registrars to create processes for sharing information and developing guidelines or agreements that will streamline the processes on both sides.
  2. The current design of the RDRS does not include APIs to allow the requesters and registrars to automate the interaction between their systems and the RDRS.  This is a fundamental error in system design.
  3. Use of the RDRS is optional for requesters.  They will continue to be permitted to make requests directly to registrars.  Indeed, some requesters have private arrangements with some registrars.  It will be somewhat challenging to assess the success of the RDRS without some understanding of the requests to registrars that are taking place without going through the RDRS.
  4. Participation in the RDRS is optional for registrars.  A similar comment applies regarding determination of the success of the effort.
  5. It has taken several years to reach this point.  In the meantime, those who had made use of the Whois system for legitimate purposes have evolved toward using other methods to meet their needs.  An evaluation of the RDRS must include the broader picture in order to understand where the RDRS -- or any other replacement of the Whois system -- will fit in the overall ecosystem.  In the extreme, ne could argue that the world has gotten along well enough without any systematic solution for access to non public registration data, so there's no need to do anything.  Any attempt to define measures of success will need to address this situation.

I hope these points will be helpful as the small team resumes its interactions.

 

See you in Cancún.

 

Steve

 

 

On Fri, Mar 10, 2023 at 9:59 AM Marika Konings <marika.konings@icann.org> wrote:

Dear All,

 

As you will have hopefully seen, the next meeting of the EPDP Phase 2 small team meeting will take place Saturday 11 March from 13.15 – 14.30 local time (18.15 – 19.30 UTC) in room Gran Cancun 2. For those not attending the ICANN meeting in person, you will be able to find the remote participation details here: https://icann76.sched.com/event/1J2Kp/gnso-epdp-phase-2-ssad-implementation-of-whois-disclosure-system.

 

The proposed agenda for the meeting is as follows:

 

  1. Welcome (Sebastien Ducos - small team lead)
  2. ICANN org update on status of implementation & open issues / questions for small team
  3. ICANN org & small team discussion
  4. Confirmation of action items and next steps

 

You can find the recent correspondence on this topic from the ICANN Board to the GNSO Council here: https://gnso.icann.org/sites/default/files/policy/2023/correspondence/sinha-to-ducos-06mar23-en.pdf.  The Board resolution is available at: https://www.icann.org/en/board-activities-and-meetings/materials/approved-resolutions-special-meeting-of-the-icann-board-27-02-2023-en.

 

Looking forward to seeing you in person or virtually,

 

Marika

_______________________________________________
GNSO-EPDPP2-SmallTeam mailing list
GNSO-EPDPP2-SmallTeam@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdpp2-smallteam

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.