Am 23.08.2016 um 06:39 schrieb Andrew Sullivan:
On Mon, Aug 22, 2016 at 06:57:48PM +0200, Volker Greimann wrote:
a) NO data is collected;
b) NO ONE has access to any of the collected data;
c) collected data may not be requested/used for any purpose. A while ago I attempted to offer some drawings about how the RDS works, in an effort to allow us to talk meaningfully about options before us. The above simply ignores a basic point in all of those diagrams: the RDS is a query-only interface to registration data. As we are still designing what the RDS is supposed to do, going a ahead and designing how it is going to work may be premature. If you only have a hammer, everything will start looking like a nail.
I would very much hope that the design of the RDS will follow from the discussions here, not the other way round. If the RDS you describe does not fit our needs, we will need a different solution. If for example we find that RDAP is not the part of the solution that many claim it is (I do not know enough about it yet to have a position) we should be prepared to throw it in the bin and look at better solutions.
Therefore, none of the options a-c above are even logically possibly true. _Some_ data will be collected, however minimal, to support the function of registering names in the DNS.
As I said, that is why we need the use case to determine what data should be collected and why. We start with the basic premise and start adding to it.
Someone will have access to that data. And national authorities can always demand such data of people under their own legal jurisdictions. Which is why I assume (way ahead of the time) that there cannot be one central depository, and no storage of foreign data subject data in countries that allow such access, like the United States. If the data stored in country is not secure from what would be illegal access for foreign data subjects (even if legal in the jurisdiction where the access occurs) that country is eliminated from the running for the location of the depository. If we are actually going to debate this point, then I think this WG is a waste of time. It is just not possible to start from the above premises even in theory, and if people want to debate the states of affairs in the logically possible universe in which the RDS is a mud puddle I will go find something useful to do. I am not suggesting we go that far. I do realize we need to keep this realistic. Yet for any set of data and any level of access we contemplate granting, we should make a reasonable effort of thinking about how this could be abused, and if there is anything we can do to prevent such abuse. If we do not even consider these questions, we have failed in our task. We would be producing a shiny new system that is unworkable in the real world. If, however, we want to start from the plain facts that (1) the existing system exposes everything because it is a broken protocol and (2) at least most of the data currently collected has utility directly relevant to registration of domain names as part of the global DNS, then we can instead talk meaningfully about what that data is, whether it ought to be collected at all, and whether that utility means it needs to be disclosed to anyone. I agree on 1, not fully on 2 as most of the data collected does not necessarily have revelvance to the registration process of the domain name. As a registrar, all we really need to preform a domain name registration is the email address to send the ICANN mandated reminders and notifications to. We technically do not need the address, name or telephone number of the registrant to perform the task. It is helpful data to identify the registrant in certain circumstances, but not strictly necessary. I am btw not advocation that this be the only data collected, I am merely illustrating the technical need.
From that basic level (which admittely is so extreme it cannot be our final result) That's not the reason I object, please note.
To your examples: To drive and/or fly, you need a license and it is regulated how to get one and who may apply for one. The analogy breaks down immediately, of course, because such regulations are at least bound to nation-states if not subdivisions within them, and sometimes by treaties. Since the Internet does not provide the facilities for such governmental regulation without breaking the basic assumptions of internetworking, there may be a difference that makes a difference here. Any government is free to (and many regularly do) regulate various aspects of the use and even the registration process of domain names within their own borders. It is for example easier for a German citizen to register a gTLD domain name than it is for a Chinese national. So saying there is no or could be no governmental regulation would be a fallacy.
Best, Volker -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.