John,
We have been very consistent in explaining that actions to combat abuse of our Port43 system are unrelated to GDPR.
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers’
personal information. Given the onslaught of spam and robo-calls our customers have been receiving – often within minutes of registering a domain name—we felt that action was required, if not overdue.
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool, and legitimate users have been granted expanded access to Port43. However,
bulk access by anonymous users is no longer supported.
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems as well as our efforts to mitigate them. Our actions are justified
and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
I am happy to take this offline if further clarification is needed.
Sara
sara bockey
sr. policy manager | GoDaddy™
sbockey@godaddy.com 480-366-3616
skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of John Horton
via gnso-rds-pdp-wg <gnso-rds-pdp-wg@icann.org>
Reply-To: John Horton <john.horton@legitscript.com>
Date: Friday, February 16, 2018 at 11:54 AM
To: "benny@nordreg.se" <benny@nordreg.se>
Cc: RDS PDP WG <gnso-rds-pdp-wg@icann.org>
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
I predict you'd see (I'm not speaking for anyone here, just me) a real willingness on the security and compliance community's part to
compromise and support a system where, IF a registrant is an EU natural person (yes, I know we need to define it accurately -- citizen, resident, we can get granular later) then...hey, let's set up a system in involving redaction of some fields, access to
those fields in legitimate cases, etc. I want to support registrars' compliance with the GDPR. But we're seeing the registrar community say: We want to apply this globally. To all domain name registrations. Doesn't matter if the registrant is the intended
beneficiary of the new law, or in scope, or not. We're going to just change global policy.
I think that viewpoint has been pretty repeatedly represented in this working group, but I'd love to hear from registrars that would support a more targeted solution where only the intended beneficiaries of the GDPR (that is, in-scope registrants) are covered under the policy.
John Horton
President and CEO, LegitScript
On Fri, Feb 16, 2018 at 10:44 AM, benny@nordreg.se <benny@nordreg.se> wrote:
Please refer to where registrars have been unwilling to explore this option?
--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
Benny Samuelsen
Registry Manager - Domainexpert
Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197000
Direct: +47.32260201
Mobile: +47.40410200
> On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg <gnso-rds-pdp-wg@icann.org> wrote:
>
> Just imagine how much of all of this could be avoided if registrars were willing to agree to a commercial/individual distinction.
>
> John Horton
> President and CEO, LegitScript
>
>
> Follow LegitScript: LinkedIn | Facebook | Twitter | Blog | Newsletter
>
>
>> On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg@icann.org> wrote:
> GDPR taken to its logical extreme very well could require us to abandon IP reputation and to emptying our firewalls. I mean, no consumer authorized me to process their IP just by attacking me, right?
>
> Privacy absolutism is not the answer unless you basically want to mandate the internet backbone be converted to tor.
>
> --
> John Bambenek
>
> On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
>
>> It’s an interesting read, but it has several flaws.
>>
>> It refers to registrars solely and ignores registries.
>>
>> It also makes it sound like issues around whois are “new”, which we all know isn’t true.
>>
>> The comments about IP addresses make it sound like it’s a theoretical concern, yet there is case law eg:
>>
>> https://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Mr Michele Neylon
>>
>> Blacknight Solutions
>>
>> Hosting, Colocation & Domains
>>
>> https://www.blacknight.com/
>>
>> http://blacknight.blog/
>>
>> Intl. +353 (0) 59 9183072
>>
>> Direct Dial: +353 (0)59 9183090
>>
>> Personal blog: https://michele.blog/
>>
>> Some thoughts: https://ceo.hosting/
>>
>> -------------------------------
>>
>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>
>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>
>> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Dotzero <dotzero@gmail.com>
>> Date: Friday 16 February 2018 at 00:07
>> To: RDS PDP WG <gnso-rds-pdp-wg@icann.org>
>> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>
>>
>>
>>
>> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/
>>
>> Michael Hammer
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg@icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg@icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg@icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg