Working paper from the Berlin group
The International WOrking Group on Data Protection in Telecommunications, a group of data commissioners and experts on DP and IT have released a new paper on ICANN and RDS. It should be added to our repository, please. https://www.datenschutz-berlin.de/pdf/publikationen/working-paper/2017/2017-... Stephanie Perrin
I think I asked this before about recommended additional materials: could you say something about what's new or useful in this paper that means we ought to read it too? I fear that we are at that point where everything that is to be said about the RDS has been said, but not everyone has said it. More input should only be considered as important if there's something new, I think. Best regards, A -- Please excuse my clumbsy thums ---------- On March 9, 2018 9:21:32 AM Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> wrote:
The International WOrking Group on Data Protection in Telecommunications, a group of data commissioners and experts on DP and IT have released a new paper on ICANN and RDS. It should be added to our repository, please. https://www.datenschutz-berlin.de/pdf/publikationen/working-paper/2017/2017-...
Stephanie Perrin
---------- _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Hi Andrew, These recommendations go beyond WHOIS, but yet tie in directly with issues we will face as a WG. Furthermore, this is not a few DPA's from Europe who made these recommendations; these are the recommendations from DPA's and experts all over the world, which makes it, in my opinion, a global recommendation. And to kindly to remind everyone again, there are more than 120 countries with data protection laws. So this is not some little tea club gathering, these recommendations took a lot of time to get vetted by this group due to the many members. They started working in November last year on this, so they took their time. We would be fools to ignore this. Theo On 9-3-2018 17:02, Andrew Sullivan wrote:
I think I asked this before about recommended additional materials: could you say something about what's new or useful in this paper that means we ought to read it too? I fear that we are at that point where everything that is to be said about the RDS has been said, but not everyone has said it. More input should only be considered as important if there's something new, I think.
Best regards,
A
-- Please excuse my clumbsy thums
------------------------------------------------------------------------
On March 9, 2018 9:21:32 AM Stephanie Perrin <stephanieperrin@mail.utoronto.ca> wrote:
The International WOrking Group on Data Protection in Telecommunications, a group of data commissioners and experts on DP and IT have released a new paper on ICANN and RDS. It should be added to our repository, please. https://www.datenschutz-berlin.de/pdf/publikationen/working-paper/2017/2017-...
Stephanie Perrin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg%40icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Well said, Theo. I take the point that Andrew makes that there is not new information here; that is true. Some, like Stephanie, have been advancing these arguments for years. But when the status quo at ICANN is challenged by either governments, business, or non-commercial users, the two former more powerful voices are given significant deference in the outcomes of policy development, so, lacking the 'muscle' of financial power and state power, until now not everyone has been listening to these well-developed recommendations put forward by those with awareness of the privacy and data protection laws in many jurisdictions. One day, I hope we all start to listen. Ayden ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 9 March 2018 7:48 PM, theo geurts <gtheo@xs4all.nl> wrote:
Hi Andrew,
These recommendations go beyond WHOIS, but yet tie in directly with issues we will face as a WG.
Furthermore, this is not a few DPA's from Europe who made these recommendations; these are the recommendations from DPA's and experts all over the world, which makes it, in my opinion, a global recommendation.
And to kindly to remind everyone again, there are more than 120 countries with data protection laws. So this is not some little tea club gathering, these recommendations took a lot of time to get vetted by this group due to the many members. They started working in November last year on this, so they took their time.
We would be fools to ignore this.
Theo
On 9-3-2018 17:02, Andrew Sullivan wrote:
I think I asked this before about recommended additional materials: could you say something about what's new or useful in this paper that means we ought to read it too? I fear that we are at that point where everything that is to be said about the RDS has been said, but not everyone has said it. More input should only be considered as important if there's something new, I think.
Best regards,
A
-- Please excuse my clumbsy thums
---------------------------------------------------------------
On March 9, 2018 9:21:32 AM Stephanie Perrin [<stephanieperrin@mail.utoronto.ca>](mailto:stephanieperrin@mail.utoronto.ca) wrote:
The International WOrking Group on Data Protection in Telecommunications, a group of data commissioners and experts on DP and IT have released a new paper on ICANN and RDS. It should be added to our repository, please. https://www.datenschutz-berlin.de/pdf/publikationen/working-paper/2017/2017-...
Stephanie Perrin
_______________________________________________ gnso-rds-pdp-wg mailing list [gnso-rds-pdp-wg@icann.org](mailto:gnso-rds-pdp-wg%40icann.org) https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org
Hi, On Fri, Mar 09, 2018 at 08:48:17PM +0100, theo geurts wrote:
These recommendations go beyond WHOIS, but yet tie in directly with issues we will face as a WG.
Furthermore, this is not a few DPA's from Europe who made these recommendations; these are the recommendations from DPA's and experts all over the world, which makes it, in my opinion, a global recommendation.
And to kindly to remind everyone again, there are more than 120 countries with data protection laws. So this is not some little tea club gathering, these recommendations took a lot of time to get vetted by this group due to the many members. They started working in November last year on this, so they took their time.
We would be fools to ignore this.
That's nice. But you said nothing relevant to the question I was asking: is there even one single thing in this paper that is new and that I need to read before thinking about the RDS issues any further? I don't think there is left anyone here in any doubt that there are serious privacy concerns about the RDS held by several people, including several DPAs from all over the world (with the full force of legislation behind them). I don't think this WG (nor for that matter the many various groups who have worked on this topic before) is missing the perspective. I am aware that there are people "dug in" about how the data protection view is mistaken or incorrect in some way. Indeed, there are most definitely examples of things that I think _must_ be available on the network in order to make the network continue to operate. (At the DNS-OARC meeting yesterday, here in San Juan, we had an example of that from a large ISP that does DNSSEC validation.) But I don't think any of those people are "dug in" because they didn't understand that there is relevant or applicable legislation, or that there are serious and legitimate privacy concerns or anything of that sort. They're not uninformed. So, I ask again: what is _new_ in this report that would bring some a ray of light, however feeble, into the discussion such that we should all read it. Because in a quick scan of the numbered recommendations just now, I saw literally nothing that has not been brought up already more than once, and I see at least one recommendation that is so breathtakingly ignorant of the architecutre of the Internet as to make me roll my eyes. We need to complete this work some day, or else just give up in frustration. For me, I will say, my patience for endless insistence that we consider a new report recommending exactly the same thing that 30 other reports have already recommended is about gone. Rather than considering new restatements of all the evidence we already have, I would like us to move to the part where we do the hard work of forging a compromise people can live with for the identifier systems where ICANN has a clear mandate to act, based on the clear needs to support the identifier systems where ICANN has a remit. If you think I have missed something important in support of that goal, I would welcome being so informed. But until someone says something actually new, I think we should work on the basis of the copious evidence we already have before us. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
Hi, On Fri, Mar 09, 2018 at 06:48:16PM -0500, Andrew Sullivan wrote:
brought up already more than once, and I see at least one recommendation that is so breathtakingly ignorant of the architecutre of the Internet as to make me roll my eyes.
I've been asked by a couple of people (slightly pointedly in one case) what inspired that remark. It was recommendation 6. It talks about "transborder dataflow". As I said in my email, I'd basically just skimmed the paper, because I doubted there was anything new in it. Worrying about transborder dataflow was the only thing that struck me as at all novel. But it turns out, now that I have actually read the explanatory text, that this recommendation isn't about "flows" at all. It's about data that is transferred from one place to another, and therefore about trans-border _shipment_ of data and where that data comes to rest. This isn't a new issue, so I again wonder what was supposed to be so new in this paper that the WG ought to add it to the mountain of material we already have. The difference between flow and shipment is actually an important distinction, however, because the architecture of Internet routing means that the actual data _flow_ is quite unpredictable. For instance, depending on whom on the Internet I am talking to while in Toronto, my data might go from my house to 151 Front Street to the other person's house, or might go from my house to Chicago or Newark and back to Toronto. I am aware of a pair of businesses in Singapore that were one floor apart in the same building, whose network path met in California (we fixed that one). What made me roll my eyes was the suggestion that ICANN ought to have some sort of policy about what routes data took on the Internet. Since that is not actually what was being suggestion, I have stopped rolling my eyes (but I still don't think there is anything new in the report). Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
I’m concerned about the overly narrow view of the purpose of a domain name registrant database in this paper. I note that one of ICANN’s commitments in its bylaws include: “Preserve and enhance the administration of the DNS and the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS and the Internet;” The concept behind that ICANN commitment doesn’t seem to be captured in the purpose assumed by the analysis in the Berlin Group working paper. In addition, I note that the ICANN bylaws contemplate that “Subject to applicable laws, ICANN shall use commercially reasonable efforts to enforce its policies relating to registration directory services and shall work with Supporting Organizations and Advisory Committees to explore structural changes to improve accuracy and access to generic top-level domain registration data, as well as consider safeguards for protecting such data.” I believe the above requirement contemplates more than mere technical resolution. From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of theo geurts Sent: Friday, March 9, 2018 3:48 PM To: Andrew Sullivan <ajs@anvilwalrusden.com>; Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Working paper from the Berlin group Hi Andrew, These recommendations go beyond WHOIS, but yet tie in directly with issues we will face as a WG. Furthermore, this is not a few DPA's from Europe who made these recommendations; these are the recommendations from DPA's and experts all over the world, which makes it, in my opinion, a global recommendation. And to kindly to remind everyone again, there are more than 120 countries with data protection laws. So this is not some little tea club gathering, these recommendations took a lot of time to get vetted by this group due to the many members. They started working in November last year on this, so they took their time. We would be fools to ignore this. Theo On 9-3-2018 17:02, Andrew Sullivan wrote: I think I asked this before about recommended additional materials: could you say something about what's new or useful in this paper that means we ought to read it too? I fear that we are at that point where everything that is to be said about the RDS has been said, but not everyone has said it. More input should only be considered as important if there's something new, I think. Best regards, A -- Please excuse my clumbsy thums ________________________________ On March 9, 2018 9:21:32 AM Stephanie Perrin <stephanieperrin@mail.utoronto.ca><mailto:stephanieperrin@mail.utoronto.ca> wrote: The International WOrking Group on Data Protection in Telecommunications, a group of data commissioners and experts on DP and IT have released a new paper on ICANN and RDS. It should be added to our repository, please. https://www.datenschutz-berlin.de/pdf/publikationen/working-paper/2017/2017-... Stephanie Perrin _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg%40icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
So, not only does it provide nothing new, it makes some fundamental assumptions about ICANN's mission that are narrow, self-serving and frankly, incorrect. And not only does it provide nothing new, it doesn't even appear to be new. It was approved on November 27/28, almost 3 1/2 months ago. Yet it is dumped on our doorstep oh-so-coincidentally on the very eve of ICANN 61, for maximum effect and minimum ability to react and respond. I've tried to find out more about this group and I have been stymied. Their so-called website is a couple of pages (at best) on the German DPA's website. There is no list of members, no record of the meeting in Paris where this was approved, no indication who participated in the preparation of this paper and what their roles were. I suppose I shouldn't be surprised to see that from a group of privacy advocates. I do long for the day when "transparency" and "accountability" were considered good things. Given the above, I would give this high marks as propaganda, but I'll withhold my judgment otherwise, until I can actually give this thing a close read. What I won't do is treat it as if it were tablets brought down from the mount, before which I should prostrate myself, trembling in fear and awe. Greg On Sat, Mar 10, 2018 at 9:48 AM, Victoria Sheckler <vsheckler@riaa.com> wrote:
I’m concerned about the overly narrow view of the purpose of a domain name registrant database in this paper. I note that one of ICANN’s commitments in its bylaws include:
“Preserve and enhance the administration of the DNS and the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS and the Internet;”
The concept behind that ICANN commitment doesn’t seem to be captured in the purpose assumed by the analysis in the Berlin Group working paper.
In addition, I note that the ICANN bylaws contemplate that
“Subject to applicable laws, ICANN shall use commercially reasonable efforts to enforce its policies relating to registration directory services and shall work with Supporting Organizations and Advisory Committees to explore structural changes to improve accuracy and access to generic top-level domain registration data, as well as consider safeguards for protecting such data.”
I believe the above requirement contemplates more than mere technical resolution.
*From:* gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] *On Behalf Of *theo geurts *Sent:* Friday, March 9, 2018 3:48 PM *To:* Andrew Sullivan <ajs@anvilwalrusden.com>; Stephanie Perrin < stephanie.perrin@mail.utoronto.ca>; gnso-rds-pdp-wg@icann.org *Subject:* Re: [gnso-rds-pdp-wg] Working paper from the Berlin group
Hi Andrew,
These recommendations go beyond WHOIS, but yet tie in directly with issues we will face as a WG.
Furthermore, this is not a few DPA's from Europe who made these recommendations; these are the recommendations from DPA's and experts all over the world, which makes it, in my opinion, a global recommendation.
And to kindly to remind everyone again, there are more than 120 countries with data protection laws. So this is not some little tea club gathering, these recommendations took a lot of time to get vetted by this group due to the many members. They started working in November last year on this, so they took their time.
We would be fools to ignore this.
Theo
On 9-3-2018 17:02, Andrew Sullivan wrote:
I think I asked this before about recommended additional materials: could you say something about what's new or useful in this paper that means we ought to read it too? I fear that we are at that point where everything that is to be said about the RDS has been said, but not everyone has said it. More input should only be considered as important if there's something new, I think.
Best regards,
A
-- Please excuse my clumbsy thums ------------------------------
On March 9, 2018 9:21:32 AM Stephanie Perrin <stephanieperrin@mail. utoronto.ca> <stephanieperrin@mail.utoronto.ca> wrote:
The International WOrking Group on Data Protection in Telecommunications, a group of data commissioners and experts on DP and IT have released a new paper on ICANN and RDS. It should be added to our repository, please. https://www.datenschutz-berlin.de/pdf/publikationen/ working-paper/2017/2017-IWGDPT_Working_Paper_WHOIS_ICANN-en.pdf
Stephanie Perrin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
participants (6)
-
Andrew Sullivan -
Ayden Férdeline -
Greg Shatan -
Stephanie Perrin -
theo geurts -
Victoria Sheckler