Does all data need to be available to everyone though? Is it not sufficient that there be authorized anyones that can get the data and facilitate the use for those that need it? I have no contest on domain name and name servers being public, but do other parts of the thin data expiration/registration dates have to be to keep the internet functional?

I do not dispute that there are purposes for legitimately accessing the data if it is there, but does it all have to be there?

Volker

Stephanie

 

Ok that’s simple.

If you want a domain name to resolve on the internet you need certain data elements to be available to everyone.

That’s a technical reality.

 

Regards

Michele

 

--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

http://www.blacknight.host/

http://blacknight.blog /

http://ceo.hosting/

Intl. +353 (0) 59  9183072

Direct Dial: +353 (0)59 9183090

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty

Road,Graiguecullen,Carlow,Ireland  Company No.: 370845

 

From: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>
Date: Thursday 26 January 2017 at 04:26
To: John Bambenek <jcb@bambenekconsulting.com>, Michele Neylon <michele@blacknight.com>
Cc: Scott Hollenbeck <shollenbeck@verisign.com>, Sam Lanfranco <sam@lanfranco.net>, "dave@davecake.net" <dave@davecake.net>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org>
Subject: Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose

 

I am not sure how we get to this discussion.  What I am saying, is that the purpose of collecting data has to be linked to ICANN's core mission.  AS Peter said a while ago, is the core mission to enable law enforcement investigations? No.  It is a legitimate purpose to use or disclose limited sets of data as required in accordance with law, but it is not the reason we collect or generate thin data.  This distinction is important in data protection law.  Nobody is saying we should not disclose the thin data, including name servers.  What we are trying to say, and obviously with very little success, is that several of the purposes for collecting thin data which were in the last poll, were not related to ICANN's core mission.  They might be legitimate disclosures of data, but they are not legitimate purposes to collect.

Displaying data in WHOIS is a disclosure.  We are not supposed to be talking about that yet.  We keep conflating the legitimacy of collection, and why we gather or generate data elements about a domain name, and disclosure. 

Sorry to keep hammering on this, but it is a very simple concept that is fundamental to data protection.  No wonder we have been arguing about this for 18 years.....

cheers Stephanie

 

On 2017-01-25 21:06, John Bambenek wrote:

Regardless of the privacy implications, if someone who wants to look up a hostname and can't find can't figure out what the authoritative nameservers are for the domain, DNS quite simply will not work and with it the internet is down; go home. 

 

Unless someone is suggesting we completely re-architect DNS, having nameservers tied to domain records is absolutely essential.

 

You could deprecate displaying it in whois but any DNS client would easily be able to retrieve the data because the resolver still has to know what to ask for. 

 

J

Sent from my iPhone

On Jan 25, 2017, at 16:08, Michele Neylon - Blacknight <michele@blacknight.com> wrote:

Stephanie

 

Do you have any links to any legislation / regulations etc., that are this broad?

 

And honestly I don’t see how a set of nameserver is “personally identifiable” unless you’re using your own name in the hostname (which you could, but then I’d see that as your choice and not a technical requirement)

 

Regards

Michele

 

 

--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

http://www.blacknight.host/

http://blacknight.blog/

http://ceo.hosting/

Intl. +353 (0) 59  9183072

Direct Dial: +353 (0)59 9183090

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty

Road,Graiguecullen,Carlow,R93 X265,

Ireland  Company No.: 370845

 

From: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>
Date: Wednesday 25 January 2017 at 19:40
To: Michele Neylon <michele@blacknight.com>, Scott Hollenbeck <shollenbeck@verisign.com>, Sam Lanfranco <sam@lanfranco.net>, "dave@davecake.net" <dave@davecake.net>
Cc: "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org>
Subject: Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose

 

Unfortunately, in a world where the Internet of things is taking off, privacy advocates and authorities have to insist that data generated by or as a result of the actions of an individual or his devices(eg metadata, timestamping, etc) has to be considered as personal information.  If it is used to describe processes pertaining to that information, if it could be used to incriminate that individual, it is important that it be recognized as information for which individuals have rights.  Otherwise, we have a situation where the individual has no right to access information that may impact him, may incriminate him, but to which he may be utterly oblivious.  Sorry it is such a pain in the neck, but there we are.

Stephanie

 

On 2017-01-25 12:32, Michele Neylon - Blacknight wrote:

Scott

 

Sure, but if we go down that route we could make cases for a lot of things J

My main problem with this entire debacle is that the data we’re dealing with is pretty much useless and isn’t personally identifiable.

 

Regards

 

Michele

 

 

--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

https://www.blacknight.com/

http://blacknight.blog/

Intl. +353 (0) 59  9183072

Direct Dial: +353 (0)59 9183090

Social: http://mneylon.social

Some thoughts: http://ceo.hosting/

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty

Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

 

From: Scott Hollenbeck <shollenbeck@verisign.com>
Date: Wednesday 25 January 2017 at 17:15
To: Michele Neylon <michele@blacknight.com>, Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, Sam Lanfranco <sam@lanfranco.net>, "dave@davecake.net" <dave@davecake.net>
Cc: "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org>
Subject: RE: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose

 

From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Michele Neylon - Blacknight
Sent: Wednesday, January 25, 2017 12:09 PM
To: Stephanie Perrin; Sam Lanfranco; David Cake
Cc: gnso-rds-pdp-wg@icann.org
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose

 

Stephanie

 

Sorry, but policy + the technology go hand in hand. You cannot completely separate them and any policy that this (or any other) group produces needs to be technically possible to implement.

 

As to the specifics ..

 

I would argue that generated data is NOT collected, as it’s generated.

 

If you register stephanieperrin.com with us the only elements we are “collecting” that end up in in the “thin” data are:

the domain name string

the nameservers you’re using (and if you don’t specify any we’ll use our own)

All the other elements are NOT collected by the registrar or even the registry from the registrant, they are generated as part of the process of the domain being registered.

 

[SAH] Michele, some might argue that the registration period is also collected from the registrant and is then used to generate the expiration date at the registry. A case might also be made for status values like clientTransferProhibited etc. I agree completely that generated data is just that – generated.

 

Scott

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- 
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken 
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu 

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken 
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu 

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.