Let's please follow Rod's suggestion on this topic. Chuck -----Original Message----- From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Rob Golding Sent: Thursday, July 14, 2016 3:32 PM To: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] possible requirements from GAC / law enforcement recommended documents On 2016-07-14 17:38, Terri Stumme wrote:
Law enforcement never requested "personal details, home address etc of senior STAFF of a Registrar listed on a website."
My recollections from what is around 7 years ago now are: * the original "ask" dating back to pre 2009 was for the names and contact information for all executives and senior staff to be published Other Registrars may recall the Brussels meeting (and earlier ones) where I believe this was discussed on our Tuesday and or have access to RrSG mailings which may hold more data (as I only joined that mailling list at the start of 2010 There was a meeting I believe in Washington in 2010 between registrars and leas which I couldn't attend, which may also provide more details on their wants and whys * this was then reduced down to just the names and I thought optional for other contact data I certainly recall meeting with representatives from LEAs (including SOCA, FBI and Interpol) and discussing which jurisdictions provided/published publicly the company officer and ownership data whilst at the San Francisco meeting "Registrar will display on the Registrar’s main website, and update as necessary, the name of the company’s executive management personnel, including its CEO and President as well as any other responsible officer(s) or executive(s)" with notes from 2011/2012 is on https://community.icann.org/display/RAA/Disclosure+of+Additional+Registrar+I... And differences between one wishlist and another are summarised at http://www.statewatch.org/news/2013/dec/icann-raa-lea-recommendations-11-03-... Which is after Registrars / GNSO rejected the request, but were mostly prepared to let ICANN have the data (and had already become part of the accreditation process for new registrars to inform icann of such) * my understanding was that the RAA negotiations team / GNSO had reduced this officially reduced down to just "told to ICANN" and whilst I dont have a document showing that to hand, it is implied on https://community.icann.org/display/RAA/Point+of+Contact+on+Malicious+Conduc... * the final version of the RAA went back to having it on the website and there was some discussion post-publication of the final RAA as to why that had reappeared having been removed once. I don't know if my browser is simply broken or the urls have simply moved, but http://gnso.icann.org/en/correspondence/rap/idt/to/gnso/council/15nov10/en.p... cant be found which I thought might have more details Perhaps someone from the Registrar RAA Negotiating Team can provide more details. This is getting away from the salient point(s) which I would suggest are 1. if documents are circulated (and there is likely to be a lot of them) - a summary in the email of what the doc is and why it's being circulated will help all of us 2. remembering that many items are just someones "wish-list" and not always actual/current/real/practical/legally-permissable requirements 3. we're all going to disagree with others on this subject as we all have our own separate opinions, history, agenda and expectations I felt Volker got "jumped on" (and he has a significant amount of valuable history within ICANN & Regstrars to draw upon) who has attended more meetings with Compliance and LEAs than I (and I've been to a lot of them) which was unnecessary. Particularly when his comments related to highlighting that part of the LEA wants detailled all sorts of data collection and retention requirements including "techy stuff" about the IP/User-Agnet/etc which doesn't tally with the actual way things are necessarily done, along with being specifically illegal/outlawed in certain areas I highly recommend reading https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-at... QUOTE: 'The Working Party finds the proposed new requirement to annually re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful.' Amongst other useful "gems" Which leaves us as Registrars the dilema that Law Enforcement have worked to add Contractual Requirements which the Law makers say are Unlawful !
On 2016-07-14 08:58, Catalyst-Vaibhav Aggarwal wrote:
So now v agree to say that GAC / Law enforcement is over reaching
Yes, in some cases they are significantly over-reaching and/or trying to shift responsibility/work-load and/or trying to bypass "due-process" - everyone wants to make their life/job easier and cheaper :p
On 2016-07-14 08:58, Catalyst-Vaibhav Aggarwal wrote:
YET we come back to the table and talk of Privacy and other related factors. How can it be ?
http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-WHOIS_.html The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver. Rob _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg