Its 2016 Rob :-) Not getting into the Nitty & Gritty here - Just one thing what you have written in the last line : "The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS name server.” Here the DNS is verified by the WHOIS server and thus propagated automatically. But the Domain Information - Anyone can register a Domain name in My name and or Address - so the process should be robust enough - treating the infringement on privacy / identity / et all, verifiable and genuine ! For a case e.g. : In India, we are experimenting with the validation of our Social Security ID for Hotel Checkins – The Guest goes to the reception, fills in his name etc. and then fills in his ID no. (The ADHAAR CARD) and the software, pre-authenticated by the Govt. of India, latches on to the engine and pulls up verified data (via OCR) and displays to the hotel person taking the checking. BUT this is Secured through network protocols and layers and security protocols both for the system and for the people. Since the access is limited to the device and the data cannot be exported, the privacy is still secured and concealed, in a digital locker. All corners of the world are not Finland where locks on doors are seldom - U have ‘em, I have ‘em and Locks is a all time good growing business today ! Mit freundlichen Grüßen Mein gelehrter Freund, मेरे दोस्त -VA On 7/15/16, 1:01 AM, "Rob Golding" <gnso-rds-pdp-wg-bounces@icann.org on behalf of rob.golding@astutium.com> wrote:
On 2016-07-14 17:38, Terri Stumme wrote:
Law enforcement never requested "personal details, home address etc of senior STAFF of a Registrar listed on a website."
My recollections from what is around 7 years ago now are:
* the original "ask" dating back to pre 2009 was for the names and contact information for all executives and senior staff to be published
Other Registrars may recall the Brussels meeting (and earlier ones) where I believe this was discussed on our Tuesday and or have access to RrSG mailings which may hold more data (as I only joined that mailling list at the start of 2010
There was a meeting I believe in Washington in 2010 between registrars and leas which I couldn't attend, which may also provide more details on their wants and whys
* this was then reduced down to just the names and I thought optional for other contact data
I certainly recall meeting with representatives from LEAs (including SOCA, FBI and Interpol) and discussing which jurisdictions provided/published publicly the company officer and ownership data whilst at the San Francisco meeting
"Registrar will display on the Registrar’s main website, and update as necessary, the name of the company’s executive management personnel, including its CEO and President as well as any other responsible officer(s) or executive(s)" with notes from 2011/2012 is on https://community.icann.org/display/RAA/Disclosure+of+Additional+Registrar+I... ormation
And differences between one wishlist and another are summarised at http://www.statewatch.org/news/2013/dec/icann-raa-lea-recommendations-11-03-... .pdf
Which is after Registrars / GNSO rejected the request, but were mostly prepared to let ICANN have the data (and had already become part of the accreditation process for new registrars to inform icann of such)
* my understanding was that the RAA negotiations team / GNSO had reduced this officially reduced down to just "told to ICANN" and whilst I dont have a document showing that to hand, it is implied on https://community.icann.org/display/RAA/Point+of+Contact+on+Malicious+Conduc... Issues
* the final version of the RAA went back to having it on the website and there was some discussion post-publication of the final RAA as to why that had reappeared having been removed once.
I don't know if my browser is simply broken or the urls have simply moved, but http://gnso.icann.org/en/correspondence/rap/idt/to/gnso/council/15nov10/en.p... cant be found which I thought might have more details
Perhaps someone from the Registrar RAA Negotiating Team can provide more details.
This is getting away from the salient point(s) which I would suggest are
1. if documents are circulated (and there is likely to be a lot of them) - a summary in the email of what the doc is and why it's being circulated will help all of us
2. remembering that many items are just someones "wish-list" and not always actual/current/real/practical/legally-permissable requirements
3. we're all going to disagree with others on this subject as we all have our own separate opinions, history, agenda and expectations
I felt Volker got "jumped on" (and he has a significant amount of valuable history within ICANN & Regstrars to draw upon) who has attended more meetings with Compliance and LEAs than I (and I've been to a lot of them) which was unnecessary.
Particularly when his comments related to highlighting that part of the LEA wants detailled all sorts of data collection and retention requirements including "techy stuff" about the IP/User-Agnet/etc which doesn't tally with the actual way things are necessarily done, along with being specifically illegal/outlawed in certain areas
I highly recommend reading https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-at... lah-26sep12-en.pdf
QUOTE: 'The Working Party finds the proposed new requirement to annually re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful.'
Amongst other useful "gems"
Which leaves us as Registrars the dilema that Law Enforcement have worked to add Contractual Requirements which the Law makers say are Unlawful !
On 2016-07-14 08:58, Catalyst-Vaibhav Aggarwal wrote:
So now v agree to say that GAC / Law enforcement is over reaching
Yes, in some cases they are significantly over-reaching and/or trying to shift responsibility/work-load and/or trying to bypass "due-process" - everyone wants to make their life/job easier and cheaper :p
On 2016-07-14 08:58, Catalyst-Vaibhav Aggarwal wrote:
YET we come back to the table and talk of Privacy and other related factors. How can it be ?
http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-WHOIS_.html
The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver.
Rob _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg