We have to comply with Irish law. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: <isolatedn@gmail.com> on behalf of Sivasubramanian M <6.Internet@gmail.com> Date: Friday 22 July 2016 at 13:21 To: Michele Neylon <michele@blacknight.com> Cc: Sam Lanfranco <sam@lanfranco.net>, Chuck Gomes <cgomes@verisign.com>, Volker Greimann <vgreimann@key-systems.net>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) On Fri, Jul 22, 2016 at 5:40 PM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Sam

...

But I will suggest that in parallel ICANN as an organization, the ICANN multistakeholder community and stakeholders beyond ICANN, have to develop strategies for engagement with ongoing >>efforts outside ICANN around how to authenticate law enforcement data requests. Sorry, but what has this got to with the WG? Also, ICANN does not hold registration data, so I can’t understand why ICANN developing anything in this realm would be of any benefit.

As an Irish company we will deal with Irish law enforcement. Overseas LEA can liaise with their Irish counterparts and comply with Irish law if they want to submit any data requests. ​What happens when you the Irish company stores data of overseas Registrants, and when Irish Law permits release of all data stored to LEA, which contravenes the law of other countries whose Registrant data happens to be Ireland? Sivasubramanian M ​ Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072<tel:%2B353%20%280%29%2059%C2%A0%C2%A09183072> Direct Dial: +353 (0)59 9183090<tel:%2B353%20%280%2959%209183090> ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

On Fri, Jul 22, 2016 at 06:02:26PM +0530, Sivasubramanian M wrote:

​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA.

So don't do business with an Irish company? Surely we're not going to use RDS policies to try to make every company providing anything anywhere do exactly the same thing? A -- Andrew Sullivan ajs@anvilwalrusden.com

The latest count is that ICANN-accredited registrars exist in 67 national jurisdictions, and that gTLD registries exist in 47 different national jurisdictions. https://www.icann.org/en/system/files/files/gtld-marketplace-health-index-be... Among those there is additional choice. For example, different registrars offer different terms of service within in the laws of their jurisdictions, registrants have choices about privacy/proxy protection, etc. So, registrants have opportunities to make choices about what they register, where, under what laws, and under what terms of service. -----Original Message----- From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Holly Raiche Sent: Friday, July 22, 2016 8:52 AM To: Andrew Sullivan <ajs@anvilwalrusden.com> Cc: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) The quick answer - to expand a bit on Michele - is that each country has its own laws, that companies registered in that country must comply with those laws. And yes, that means different laws for different countries. Indeed, the recent US in decision on Microsoft was that the US Stored Communications Act could not compel Microsoft to provide the US with data that is held in Ireland. Wonderfully, the US Court recognised that its jurisdiction ends at its borders for that issue. The bleeding obvious, I would have thought. Holly On 22 Jul 2016, at 10:39 pm, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:

On Fri, Jul 22, 2016 at 06:02:26PM +0530, Sivasubramanian M wrote:

...

​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA.

So don't do business with an Irish company? Surely we're not going to use RDS policies to try to make every company providing anything anywhere do exactly the same thing?

A

-- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

Dear Andrew, On Fri, Jul 22, 2016 at 6:09 PM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:

On Fri, Jul 22, 2016 at 06:02:26PM +0530, Sivasubramanian M wrote:

...

​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA.

So don't do business with an Irish company?

​​As a Registrant, I don't make the choice to do business with the Irish Company, but the Registrar who registered my domain name or the Registry that operates that domain name at the Top Level makes that decision. I am not concerned about this business decision until I come to know (immediately or after 30 years, if as Michelle says he wouldn't be able to tell me if the orders were delivered in a sealed envelope) that the Irish Company released my data to the Irish LEA. I would pay due obedience to the Laws of Ireland or to any other country if I reside there, not when my data resides there, especially when I haven't made the choice to store my data in Ireland. My consent for release of my data to the LEA in Ireland is not implied any way in the decision of the Registrar/Registry.

Surely we're not going to ​ ​ use RDS policies to try to make every company providing anything ​ ​ anywhere do exactly the same thing?

​Policies to make every company providing anything anywhere​ do exactly the same thing? Why not? Sivasubramanian M

A

-- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

Inline comments -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Sivasubramanian M <6.Internet@gmail.com> Date: Friday 22 July 2016 at 15:19 To: Andrew Sullivan <ajs@anvilwalrusden.com> Cc: "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Dear Andrew, On Fri, Jul 22, 2016 at 6:09 PM, Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> wrote: On Fri, Jul 22, 2016 at 06:02:26PM +0530, Sivasubramanian M wrote:

​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA.

So don't do business with an Irish company? ​​As a Registrant, I don't make the choice to do business with the Irish Company, but the Registrar who registered my domain name or the Registry that operates that domain name at the Top Level makes that decision. That is so wrong in all aspects You as registrant choose registrar and compliant to accept conditions wherein there are referred to jurisdiction of the registrar. ​Policies to make every company providing anything anywhere​ do exactly the same thing? Why not? The obvious answer, ICANN does not make the rules in every country… Please spare us from wasting time on such nonsense as this… Sivasubramanian M A -- Andrew Sullivan ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com> _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

What rules does ICANN make about DNS? Chuck From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 10:13 AM To: benny@nordreg.se Cc: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) On Fri, Jul 22, 2016 at 9:39 PM, benny@nordreg.se<mailto:benny@nordreg.se> <benny@nordreg.se<mailto:benny@nordreg.se>> wrote: Inline comments -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080<tel:%2B46.42197080> Direct: +47.32260201<tel:%2B47.32260201> Mobile: +47.40410200<tel:%2B47.40410200> From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Sivasubramanian M <6.Internet@gmail.com<mailto:6.Internet@gmail.com>> Date: Friday 22 July 2016 at 15:19 To: Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> Cc: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Dear Andrew, On Fri, Jul 22, 2016 at 6:09 PM, Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> wrote: On Fri, Jul 22, 2016 at 06:02:26PM +0530, Sivasubramanian M wrote:

​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA.

So don't do business with an Irish company? ​​As a Registrant, I don't make the choice to do business with the Irish Company, but the Registrar who registered my domain name or the Registry that operates that domain name at the Top Level makes that decision. That is so wrong in all aspects You as registrant choose registrar and compliant to accept conditions wherein there are referred to jurisdiction of the registrar​ ​Policies to make every company providing anything anywhere​ do exactly the same thing? Why not? The obvious answer, ICANN does not make the rules in every country… Please spare us from wasting time on such nonsense as this… ​Are you saying that this discussion on use of Registrant data is "wasting time" and "such nonesense" as an individual participant, or saying this as Nordreg.se​ or as a stakeholder group member ? And, ICANN can not make rules in every country, but ICANN can make rules about DNS, it can encourage good practices concerning DNS data. On your earlier comment that "this is so wrong", the point is not about a Registrant choosing a Registrar, but that the choice of the Registrar does not alone guarantee the data rights of the Registrant. Sivasubramanian M ​​ Sivasubramanian M A -- Andrew Sullivan ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com> _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

As you noted, I was concerned about the use of the term ‘rules’. As you know ICANN does not establish rules for the DNS; the IETF approves the technical standards for the DNS. I just wanted to make sure that everyone understands that. Chuck From: isolatedn@gmail.com [mailto:isolatedn@gmail.com] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 10:34 AM To: Gomes, Chuck Cc: benny@nordreg.se; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Dear Chuck,​ ICANN Coordinates the allocation of Names and Numbers, by policies and programs​. "Rule" may be a strong word here, slipped in from the question that I was answering, it is coordination, and the coordination happens by agreements. If it coordinates the allocation, it ought to consider itself responsible for all aspects concerning how fairly these resources are allocated, and ICANN especially ought to pay attention to the aspects related to DNS data. By your question, "what rules does ICANN make about DNS", are you implying that DNS is free for all, in a commercial sense? Sivasubramanian M On Mon, Jul 25, 2016 at 7:52 PM, Gomes, Chuck <cgomes@verisign.com<mailto:cgomes@verisign.com>> wrote: What rules does ICANN make about DNS? Chuck From: gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org> [mailto:gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 10:13 AM To: benny@nordreg.se<mailto:benny@nordreg.se> Cc: gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) On Fri, Jul 22, 2016 at 9:39 PM, benny@nordreg.se<mailto:benny@nordreg.se> <benny@nordreg.se<mailto:benny@nordreg.se>> wrote: Inline comments -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080<tel:%2B46.42197080> Direct: +47.32260201<tel:%2B47.32260201> Mobile: +47.40410200<tel:%2B47.40410200> From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Sivasubramanian M <6.Internet@gmail.com<mailto:6.Internet@gmail.com>> Date: Friday 22 July 2016 at 15:19 To: Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> Cc: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Dear Andrew, On Fri, Jul 22, 2016 at 6:09 PM, Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> wrote: On Fri, Jul 22, 2016 at 06:02:26PM +0530, Sivasubramanian M wrote:

​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA.

So don't do business with an Irish company? ​​As a Registrant, I don't make the choice to do business with the Irish Company, but the Registrar who registered my domain name or the Registry that operates that domain name at the Top Level makes that decision. That is so wrong in all aspects You as registrant choose registrar and compliant to accept conditions wherein there are referred to jurisdiction of the registrar​ ​Policies to make every company providing anything anywhere​ do exactly the same thing? Why not? The obvious answer, ICANN does not make the rules in every country… Please spare us from wasting time on such nonsense as this… ​Are you saying that this discussion on use of Registrant data is "wasting time" and "such nonesense" as an individual participant, or saying this as Nordreg.se​ or as a stakeholder group member ? And, ICANN can not make rules in every country, but ICANN can make rules about DNS, it can encourage good practices concerning DNS data. On your earlier comment that "this is so wrong", the point is not about a Registrant choosing a Registrar, but that the choice of the Registrar does not alone guarantee the data rights of the Registrant. Sivasubramanian M ​​ Sivasubramanian M A -- Andrew Sullivan ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com> _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

It is not clear to me that the IETF needs to focus on the “complexities of matters concerning Registrant Data” but I will let our IETF experts comment on that. Chuck From: isolatedn@gmail.com [mailto:isolatedn@gmail.com] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 10:50 AM To: Gomes, Chuck Cc: benny@nordreg.se; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Great. Then the IETF could pay attention to the complexities of matters concerning Registrant Data. On Mon, Jul 25, 2016 at 8:18 PM, Gomes, Chuck <cgomes@verisign.com<mailto:cgomes@verisign.com>> wrote: As you noted, I was concerned about the use of the term ‘rules’. As you know ICANN does not establish rules for the DNS; the IETF approves the technical standards for the DNS. I just wanted to make sure that everyone understands that. Chuck From: isolatedn@gmail.com<mailto:isolatedn@gmail.com> [mailto:isolatedn@gmail.com<mailto:isolatedn@gmail.com>] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 10:34 AM To: Gomes, Chuck Cc: benny@nordreg.se<mailto:benny@nordreg.se>; gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Dear Chuck,​ ICANN Coordinates the allocation of Names and Numbers, by policies and programs​. "Rule" may be a strong word here, slipped in from the question that I was answering, it is coordination, and the coordination happens by agreements. If it coordinates the allocation, it ought to consider itself responsible for all aspects concerning how fairly these resources are allocated, and ICANN especially ought to pay attention to the aspects related to DNS data. By your question, "what rules does ICANN make about DNS", are you implying that DNS is free for all, in a commercial sense? Sivasubramanian M On Mon, Jul 25, 2016 at 7:52 PM, Gomes, Chuck <cgomes@verisign.com<mailto:cgomes@verisign.com>> wrote: What rules does ICANN make about DNS? Chuck From: gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org> [mailto:gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 10:13 AM To: benny@nordreg.se<mailto:benny@nordreg.se> Cc: gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) On Fri, Jul 22, 2016 at 9:39 PM, benny@nordreg.se<mailto:benny@nordreg.se> <benny@nordreg.se<mailto:benny@nordreg.se>> wrote: Inline comments -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080<tel:%2B46.42197080> Direct: +47.32260201<tel:%2B47.32260201> Mobile: +47.40410200<tel:%2B47.40410200> From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Sivasubramanian M <6.Internet@gmail.com<mailto:6.Internet@gmail.com>> Date: Friday 22 July 2016 at 15:19 To: Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> Cc: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Dear Andrew, On Fri, Jul 22, 2016 at 6:09 PM, Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> wrote: On Fri, Jul 22, 2016 at 06:02:26PM +0530, Sivasubramanian M wrote:

​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA.

So don't do business with an Irish company? ​​As a Registrant, I don't make the choice to do business with the Irish Company, but the Registrar who registered my domain name or the Registry that operates that domain name at the Top Level makes that decision. That is so wrong in all aspects You as registrant choose registrar and compliant to accept conditions wherein there are referred to jurisdiction of the registrar​ ​Policies to make every company providing anything anywhere​ do exactly the same thing? Why not? The obvious answer, ICANN does not make the rules in every country… Please spare us from wasting time on such nonsense as this… ​Are you saying that this discussion on use of Registrant data is "wasting time" and "such nonesense" as an individual participant, or saying this as Nordreg.se​ or as a stakeholder group member ? And, ICANN can not make rules in every country, but ICANN can make rules about DNS, it can encourage good practices concerning DNS data. On your earlier comment that "this is so wrong", the point is not about a Registrant choosing a Registrar, but that the choice of the Registrar does not alone guarantee the data rights of the Registrant. Sivasubramanian M ​​ Sivasubramanian M A -- Andrew Sullivan ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com> _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

Who are the policy makers in the multi-stakeholder framework? Why not ICANN pay attention, at least to facilitate discussion on this topic? Sivasubramanian M On Mon, Jul 25, 2016 at 8:48 PM, Hollenbeck, Scott <shollenbeck@verisign.com

wrote:

*From:* gnso-rds-pdp-wg-bounces@icann.org [mailto: gnso-rds-pdp-wg-bounces@icann.org] *On Behalf Of *Gomes, Chuck *Sent:* Monday, July 25, 2016 10:58 AM *To:* Sivasubramanian M *Cc:* gnso-rds-pdp-wg@icann.org *Subject:* Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list )

It is not clear to me that the IETF needs to focus on the “complexities of matters concerning Registrant Data” but I will let our IETF experts comment on that.

[SAH] It’s important to note that the IETF process we followed to develop RDAP did indeed include (for example) considerations for the protection of registrant data, but we tried to stay away from enshrining policies associated with that data. That’s work to be done by policy makers.

Scott

Correct. Note that this is the GNSO RDS PDP WG. Chuck From: Hollenbeck, Scott Sent: Monday, July 25, 2016 11:23 AM To: Sivasubramanian M Cc: Gomes, Chuck; gnso-rds-pdp-wg@icann.org Subject: RE: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) From: isolatedn@gmail.com<mailto:isolatedn@gmail.com> [mailto:isolatedn@gmail.com] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 11:22 AM To: Hollenbeck, Scott Cc: Gomes, Chuck; gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Who are the policy makers in the multi-stakeholder framework? Why not ICANN pay attention, at least to facilitate discussion on this topic? I think that’s what we’re doing here… Scott

We are trying to follow our work plan. There is no intent to avoid policy topics but rather to wait until we get to them in our work plan so that we don’t have to repeat discussions and hence waste time. Chuck From: isolatedn@gmail.com [mailto:isolatedn@gmail.com] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 11:27 AM To: Gomes, Chuck Cc: Hollenbeck, Scott; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Then why is there an inclination to move away from this policy topic? And why is there a total absence of protest on this being characterized as a "waste of time"? On Mon, Jul 25, 2016 at 8:55 PM, Gomes, Chuck <cgomes@verisign.com<mailto:cgomes@verisign.com>> wrote: Correct. Note that this is the GNSO RDS PDP WG. Chuck From: Hollenbeck, Scott Sent: Monday, July 25, 2016 11:23 AM To: Sivasubramanian M Cc: Gomes, Chuck; gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> Subject: RE: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) From: isolatedn@gmail.com<mailto:isolatedn@gmail.com> [mailto:isolatedn@gmail.com] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 11:22 AM To: Hollenbeck, Scott Cc: Gomes, Chuck; gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) Who are the policy makers in the multi-stakeholder framework? Why not ICANN pay attention, at least to facilitate discussion on this topic? I think that’s what we’re doing here… Scott

Thank you Volker. Could you point me to the section where the Policy101 document gives guidelines on how to introduce a new thought? Not sure of the exact process to follow, I will leave this thread for the present work plan, and have opened a new thread with the subject line: A possible global process for collection, storage and access of Registrant Data. Thank you. Sivasubramanian M On Mon, Jul 25, 2016 at 9:02 PM, Volker Greimann <vgreimann@key-systems.net> wrote:

Let's not make this a ICANN policy 101, there is ressources for that:

https://www.icann.org/policy

Best,

Volker

Am 25.07.2016 um 17:26 schrieb Sivasubramanian M:

Then why is there an inclination to move away from this policy topic? And why is there a total absence of protest on this being characterized as a "waste of time"?

On Mon, Jul 25, 2016 at 8:55 PM, Gomes, Chuck <cgomes@verisign.com> wrote:

...

Correct. Note that this is the GNSO RDS PDP WG.

Chuck

*From:* Hollenbeck, Scott *Sent:* Monday, July 25, 2016 11:23 AM *To:* Sivasubramanian M *Cc:* Gomes, Chuck; gnso-rds-pdp-wg@icann.org *Subject:* RE: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list )

*From:* isolatedn@gmail.com [mailto:isolatedn@gmail.com <isolatedn@gmail.com>] *On Behalf Of *Sivasubramanian M *Sent:* Monday, July 25, 2016 11:22 AM *To:* Hollenbeck, Scott *Cc:* Gomes, Chuck; gnso-rds-pdp-wg@icann.org *Subject:* Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list )

Who are the policy makers in the multi-stakeholder framework? Why not ICANN pay attention, at least to facilitate discussion on this topic?

I think that’s what we’re doing here…

Scott

_______________________________________________ gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUPwww.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUPwww.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

On Mon, Jul 25, 2016 at 08:19:50PM +0530, Sivasubramanian M wrote:

Great. Then the IETF could pay attention to the complexities of matters concerning Registrant Data.

The IETF cheerfully did that, and delivered to you and everyone else RDAP, which is designed precisely to provide the sort of ability to distribute data selectively. The IETF also cheerfully did that, and delivered to you and everyone else EPP, which is designed precisely to allow co-ordination across various operators of infrastructure. But given the degree to which distinctions in this area are being hand-waved together as all the same problem, I'm not even sure what we're talking about under the rubric "complexities of matters concerning Registrant Data". Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com

On Mon, Jul 25, 2016 at 08:04:17PM +0530, Sivasubramanian M wrote:

ICANN Coordinates the allocation of Names and Numbers, by policies and programs​. "Rule" may be a strong word here, slipped in from the question that I was answering, it is coordination, and the coordination happens by agreements. If it coordinates the allocation, it ought to consider itself responsible for all aspects concerning how fairly these resources are allocated, and ICANN especially ought to pay attention to the aspects related to DNS data.

I think you will discover that quite a few of us spent a lot of time during the CCWG-Accountability work ensuring that the Mission was quite clear that ICANN does not "coordinate" the DNS beyond the root zone and certain subordinate policies in zones delegated according to contracts with ICANN. ICANN most definitely does not coordinate the allocation of names worldwide. The _whole point_ of the DNS is to prevent such centralization in the interests of ensuring administration is local (loosely speaking, network topologically) to the affected parties.

By your question, "what rules does ICANN make about DNS", are you implying that DNS is free for all, in a commercial sense?

Yes, actually, it is, and that's a feature and not a bug. A -- Andrew Sullivan ajs@anvilwalrusden.com

You are getting way ahead of where we are at. Chuck From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Sivasubramanian M Sent: Monday, July 25, 2016 5:30 PM To: Andrew Sullivan Cc: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) On Mon, Jul 25, 2016 at 11:40 PM, Andrew Sullivan <ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com>> wrote: On Mon, Jul 25, 2016 at 08:04:17PM +0530, Sivasubramanian M wrote:

ICANN Coordinates the allocation of Names and Numbers, by policies and programs​. "Rule" may be a strong word here, slipped in from the question that I was answering, it is coordination, and the coordination happens by agreements. If it coordinates the allocation, it ought to consider itself responsible for all aspects concerning how fairly these resources are allocated, and ICANN especially ought to pay attention to the aspects related to DNS data.

I think you will discover that quite a few of us spent a lot of time during the CCWG-Accountability work ensuring that the Mission was quite clear that ICANN does not "coordinate" the DNS beyond the root zone and certain subordinate policies in zones delegated according to contracts with ICANN. ICANN most definitely does not coordinate the allocation of names worldwide. ​It does. Indirectly. By allocation of Top Level Domains for worldwide registration of names.​ The _whole point_ of the DNS is to prevent such centralization in the interests of ensuring administration is local (loosely speaking, network topologically) to the affected parties. ​I have suggested nothing here to imply that ICANN's coordination of Names, on the commercial side, should get any more detailed than decisions on TLDs and their delegation. But ICANN being the allocating body for Names on a Top Level, becomes responsible for the decision of allocation of the TLD, and (notionally) becomes responsible for ensuring that the Registry in turn ensures fairness worldwide. The Registrant Data, as the point discussed here, becomes ICANN's responsibility. If anything goes wrong, as a Registrant, I would be right in asking ICANN "my .com registration data has been abused. Why didn't you ensure that the .com Registry would keep my data safe with itself and with its Registrars?" ICANN can not possibly say, "we didn't do it, a reseller under a Registrar under the Registry did it, don't ask us"​. One that occurred to me is to harmonize the method of collecting Registrant data and harmonize policies for release of data to Law and Order agencies, and in a way empower the DNS community to say "No" where they consider the request or directive excessive. This I have posted in a different thread. The initial thought was to centralize Registrant Data, which could be modified to be that of a system of keeping the sensitive elements of the Registrant data decentralized with the Registries, but with uniform policies across the world. Agreed, we need to make sure that any changes to the process of handling and storing Registrant data does not alter the decentralized model. There are apparent conflicts, but reconcilable. Sivasubramanian M

By your question, "what rules does ICANN make about DNS", are you implying that DNS is free for all, in a commercial sense?

Yes, actually, it is, and that's a feature and not a bug. A -- Andrew Sullivan ajs@anvilwalrusden.com<mailto:ajs@anvilwalrusden.com> _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

If we were subject to a sealed order we wouldn’t be able to tell you (hint: that doesn’t happen much anywhere in Europe .. ) -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: <isolatedn@gmail.com> on behalf of Sivasubramanian M <6.Internet@gmail.com> Date: Friday 22 July 2016 at 13:32 To: Michele Neylon <michele@blacknight.com> Cc: Sam Lanfranco <sam@lanfranco.net>, Chuck Gomes <cgomes@verisign.com>, Volker Greimann <vgreimann@key-systems.net>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) On Fri, Jul 22, 2016 at 5:52 PM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: We have to comply with Irish law. ​That would be a problem for me as a Registrant from another country, if my country were to provide stronger safeguards against the release of my data to LEA. Also, I would want to know why you released my data, possibly to the Irish LEA, under Irish Law. Sivasubramanian M ​ -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072<tel:%2B353%20%280%29%2059%C2%A0%C2%A09183072> Direct Dial: +353 (0)59 9183090<tel:%2B353%20%280%2959%209183090> ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: <isolatedn@gmail.com<mailto:isolatedn@gmail.com>> on behalf of Sivasubramanian M <6.Internet@gmail.com<mailto:6.Internet@gmail.com>> Date: Friday 22 July 2016 at 13:21 To: Michele Neylon <michele@blacknight.com<mailto:michele@blacknight.com>> Cc: Sam Lanfranco <sam@lanfranco.net<mailto:sam@lanfranco.net>>, Chuck Gomes <cgomes@verisign.com<mailto:cgomes@verisign.com>>, Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>>, "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list ) On Fri, Jul 22, 2016 at 5:40 PM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Sam

...

But I will suggest that in parallel ICANN as an organization, the ICANN multistakeholder community and stakeholders beyond ICANN, have to develop strategies for engagement with ongoing >>efforts outside ICANN around how to authenticate law enforcement data requests. Sorry, but what has this got to with the WG? Also, ICANN does not hold registration data, so I can’t understand why ICANN developing anything in this realm would be of any benefit.

As an Irish company we will deal with Irish law enforcement. Overseas LEA can liaise with their Irish counterparts and comply with Irish law if they want to submit any data requests. ​What happens when you the Irish company stores data of overseas Registrants, and when Irish Law permits release of all data stored to LEA, which contravenes the law of other countries whose Registrant data happens to be Ireland? Sivasubramanian M ​ Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072<tel:%2B353%20%280%29%2059%C2%A0%C2%A09183072> Direct Dial: +353 (0)59 9183090<tel:%2B353%20%280%2959%209183090> ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

To extend this idea, I think we face situation where A - the party which inserted data into the system (Registrar?) B - the party who’s data is in the system (Registrant, Reseller?) C - the party, which requests data of A or B (3rd party from the street, Registrar, Registry, LEA?, ICANN?, URS or UDRP operator, Data Escrow Operator … ) And the situation might be highly dependent on from which jurisdictions parties are (not all combinations are easy … when A and B and C(LEA) are from the same jurisdiction -> simple … other cases might not be so simple … A,B,C from different jurisdictions - might be the worst cases ) Privacy issues do not rise in cases where B is a legal body (and not protected by the Privacy Laws, due to info being accessible from the public sources). And large chunk of data might not be affected by Privacy laws restrictions (it could be up to 80-90%) Does it mean we have to suggest different processing of the information of Organizations? All of these might lead to creation of the 3 dimensional matrix of yes/no/other_process_for_this_combination. (but it is implementation and we need to take care about it later … but for around 200 countries it gives 8m items even for 3 grids … which is not human manageable) The other question - should we create negative scenario list (most often used in bad faith)? P.s: to make things worse - URS/UDRP providers are legal bodies from a particular countries too … Sincerely Yours, Maxim Alzoba Special projects manager, International Relations Department, FAITID m. +7 916 6761580 skype oldfrogger Current UTC offset: +3.00 (Moscow)

On Jul 25, 2016, at 11:35, Volker Greimann <vgreimann@key-systems.net> wrote:

Correct, but remember there may be cross border implications:

For example, EU data protection laws expect foreign companies to abide by the protections granted to European data subjects.

For example, German consumer protection agencies are threatening to sue Niantic over the data accumulation and location tracking performed by Pokemon Go. Even though Niantic is not a european company, it deals in data of European data subjects, so under EU law, EU law applies to how Niantic can treat EU citizens' data.

Similarly, US registrars and registries could be subject of enforcement if they violated data privacy rights of their EU customers. So essentially, compliance may not be limited to your home country law even though it is your main concern.

Best,

Volker

Am 22.07.2016 um 14:22 schrieb Michele Neylon - Blacknight:

...

We have to comply with Irish law.

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

From: <isolatedn@gmail.com> on behalf of Sivasubramanian M <6.Internet@gmail.com> Date: Friday 22 July 2016 at 13:21 To: Michele Neylon <michele@blacknight.com> Cc: Sam Lanfranco <sam@lanfranco.net>, Chuck Gomes <cgomes@verisign.com>, Volker Greimann <vgreimann@key-systems.net>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] OT Re: An important technical consideration about nature of the service (was Re: The overflowing list )

On Fri, Jul 22, 2016 at 5:40 PM, Michele Neylon - Blacknight <michele@blacknight.com> wrote: Sam

...

...

But I will suggest that in parallel ICANN as an organization, the ICANN multistakeholder community and stakeholders beyond ICANN, have to develop strategies for engagement with ongoing >>efforts outside ICANN around how to authenticate law enforcement data requests. Sorry, but what has this got to with the WG? Also, ICANN does not hold registration data, so I can’t understand why ICANN developing anything in this realm would be of any benefit.

As an Irish company we will deal with Irish law enforcement. Overseas LEA can liaise with their Irish counterparts and comply with Irish law if they want to submit any data requests.

​What happens when you the Irish company stores data of overseas Registrants, and when Irish Law permits release of all data stored to LEA, which contravenes the law of other countries whose Registrant data happens to be Ireland?

Sivasubramanian M ​

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:

www.facebook.com/KeySystems www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP

www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:

www.facebook.com/KeySystems www.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP

www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg