Thanks for this reminder, James. I've added two new paragraphs now to the Etherpad: The Internet is a powerful enabler of human rights. The freedoms fostered by the Internet to express ideas, connect and associate with others, and exercise our human creativity have had a transformative effect on the lives of over three billion people. This has transpired because users trust the Internet and the online services it delivers as being a secure and safe environment for commerce and communication. Key to building this trust in the Internet has been privacy. The OECD has labelled privacy an important enabler of one's autonomy, dignity, and freedom of expression. As such, at the core of the RDS must be a strong, privacy-by-design backbone, where only that data essential to the operation of the service is collected, and what little is collected is handled in a manner that is conducive to fostering trust in the Internet. Of course, the Internet cannot be an ungoverned Wild West. We need to strike the right balance between an Internet that supports fundamental freedoms and an Internet that recognises the legitimate interests that governments and private sector stakeholders have in stopping harmful activities. In this working group, we acknowledge the distinct requirements that each stakeholder group has for collecting data and the conditions under which it can be viewed, but we are also clear that the necessity, legitimacy, proportionality, and fairness of a situation must be determined before it can be justified offering an individual a lower level of protection. Conflicts between freedom of expression, privacy, and security need to be addressed fairly and pragmatically with an understanding that legal interoperability across national borders does not yet exist. While I need not tell you that this is not yet a problem statement, I hope these ideas can inform our thinking over the next few days as we work together to craft something suitable. Thanks! Best wishes, Ayden On Fri, Jul 8, 2016 2:45 PM, James Gannon james@cyberinvasion.net wrote: Thank everyone for continuing to work on this, lets try and get something more solid drafted into the Etherpad and be ready to give a 1st update on our amazing progress to the WG for next Tuesdays call. I would like us to at least agree on the principles of what the statement should look like to be in a position that we are showing progress. A reminder of the ether pad link https://etherpad.wikimedia.org/p/gnso-rds-pbstatement-0 Regards, James From: < gnso-rds-pbstatement-dt-bounces@icann.org > on behalf of Ayden Férdeline < icann@ferdeline.com > Date: Wednesday 6 July 2016 at 15:32 To: Stephanie Perrin < stephanie.perrin@mail.utoronto.ca > Cc: " gnso-rds-pbstatement-dt@icann.org " < gnso-rds-pbstatement-dt@icann.org > Subject: Re: [Gnso-rds-pbstatement-dt] Etherpad for work Hi Stephanie, Thanks for continuing the dialogue here. To respond to your second question, my preference and suggestion would be to narrow the gulf between the two as best we can, but to aim to take ambitious but decisive action on the RDS when it comes to protecting registrant privacy. After all, I would not wish to strike a Faustian bargain just to reach consensus. As to your first question, I would like to preface my remarks with a caveat that I am no expert here, so it is possible (if not probable!) that I need to do further reading to understand the issues at hand. If I am on the wrong track, I am happy to be pointed in a different direction. Which protocols that have been developed to process and manage data are useful and why? Which are not, and why? My understanding is that we have only four options to consider: the Extensible Provisioning Protocol, the Internet Registry Information Service Protocol, the Registration Data Access Protocol (RDAP), and WHOIS. Of those, I believe only RDAP and WHOIS have been deployed. Unless we can persuade the technical community that none of these are fit for purpose and thus they must create something bespoke for us (and I do not know that we can make that argument), I do not think we have much choice but to use RDAP if we find that gated access to certain data is necessary. What registration data needs to be collected, used, retained and disclosed in order to operate the DNS in a manner which ensures the security and stability of the Internet, and fair competition among provdiers, stakeholders, and contracted parties. I am going to turn here to Rob Golding’s email yesterday to the main mailing list. He indicated that the only pieces of data which are critical to the operation of the DNS are: the domain name itself, the registrar (for a gTLD with a registry/registrar model), the domain name’s expiry date, and its status (registered / not registered). For it to be of functional use, there are two optional fields: nameservers, and the auth-code (Rob suggested the auth-code was imperative, but I believe it to be a value-added feature). As we can see, the RDS does not need to collect much information at all to function. My suggestion would be that the RDS only collect that registration data which is essential to the technical operation of the DNS. This is a best practice approach to the cross-border transfer of data that the OECD Working Party on Information Security and Privacy has endorsed: in its primary framework, the working party says that organisations should take care to ensure that only an absolute minimum amount of information is collected, is done so with the knowledge and consent of the data subject, is used only for the stated purpose, is retained only for as long as is necessary, and is safeguarded against unauthorised access. I realise I am jumping ahead of the work plan here, but I hope you do not mind me expressing my personal view on this topic in just one sentence: that there are already some parties who rely on the WHOIS system’s public records does not mean we must continue to collect, let alone publish in an open-access directory, this information. I consider any additional data to be registrar-registrant contract information. As such, it is up to the registrar to determine how they wish to store this data, and to whom they wish to release it, in accordance with local laws and the informed consent of their customers. Who needs to have data, and under what circumstances should it be released to third party requestors? The answer to this question depends on what data elements we are talking about, the physical location of the registrar, and the physical location of the registrant. Ultimately, I would like to see due process respected. The alternative could lead us down a dangerous path which threatens to destroy the many benefits that the Internet has brought about. Who should bear the costs of data storage, and data sharing? I do not have an opinion on this question at this time. Best wishes, Ayden On Thu, Jun 30, 2016 3:39 PM, Stephanie Perrin stephanie.perrin@mail.utoronto.ca wrote: Not sure whether what i wrote arrived...here is my draft additions pasted below. Perhaps it would be useful if we asked ourselves a few questions first: 1. What do we mean by problem statement? In my view, the problem statement should ask the very basic questions. * What registration data needs to be collected, used, retained and disclosed in order to operate the DNS in a manner which ensures the security and stability of the Internet, and fair competition among provdiers, stakeholders, and contracted parties. * Who needs to have data, and under what circumstances should it be released to third party requestors?. * Who should bear the costs of data storage, and data sharing? * Which protocols that have been developed to process and manage data are useful and why? Which are not, and why? 2. How do we set the rules for the RDS, in a global multi-disciplinary setting? Do we strive for a high standard, or the lowest common denominator? On 2016-06-30 9:43, Lisa Phifer wrote: Dear Problem Statement Drafting Team – A workspace page within the RDS PDP WG member wiki has now been created here: https://community.icann.org/x/rACbAw I have populated that page with a few initial links to your mailing list and etherpad, but you are free to revise and use that page in any manner you wish to collaborate with each other on this assignment. If you should have any trouble logging into the wiki or accessing the above link, just contact the GNSO secretariat ( gnso-secs@icann.org ) for wiki/mailing list support. Safe travels to you all – Lisa From: DANIEL NANGHAKA [ mailto:dndannang@gmail.com ] Sent: Thursday, June 30, 2016 11:18 AM To: Lisa Phifer Cc: Shane Kerr; gnso-rds-pbstatement-dt@icann.org Subject: Re: [Gnso-rds-pbstatement-dt] Etherpad for work (was: Problem Statement) Dear Lisa, Thanks for you communication. Then actually we could transfer to the Problem Statement to the wiki. we were looking for a collaborative platform where we can all edit and brainstorm and when google docs which China is not happy with came up. It was thought that etherpad can work. Otherwise I would not mind having a page created for the drafting team such that they can post. I also think that the members on this mailing list should have edit rights. Shane and all - what do you think about this? On Thu, Jun 30, 2016 at 11:09 AM, Lisa Phifer < lisa@corecom.com > wrote: https://community.icann.org/x/xxeOAw Regards Nanghaka Daniel K. Executive Director - ILICIT Africa / Council Member - FOSSFA / Community Lead - ISOC Uganda Chapter Mobile +256 772 898298 (Uganda) Skype: daniel.nanghaka ----------------------------------------- "Working for Africa" ----------------------------------------- ᐧ _______________________________________________ Gnso-rds-pbstatement-dt mailing list Gnso-rds-pbstatement-dt@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pbstatement-dt Ayden Férdeline Statement of Interest Ayden Férdeline Statement of Interest