Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there. Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process. Stephanie Perrin Chair, NCSG
Hi Stephanie, I think all the arguments among this review team has been rooted in the different understanding and needs of WHOIS. However, it’s not appropriate to have the established set of attitudes towards WHOIS during the review in my opinion. The Review Team has explicitly outlined ToR and scope. Our work should adhere to the ToR, make assessment based on the facts, and generate recommendations accordingly. Whether the WHOIS should exist or not is beyond the scope of this review. The beautiful part of the multi-stakeholder model and consensus policy is to give you a chance to learn other’s concerns, but the negative part is the high price and long process to reach consensus, and the result makes no one happy in the end. I was frustrated as well after the involvement in this review team, but that’s the way it works. Just to share my mind with you. Regards, Lili From: RDS-WHOIS2-RT [mailto:rds-whois2-rt-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Monday, 4 March, 2019 1:53 PM To: RDS WHOIS2-RT List <rds-whois2-rt@icann.org> Subject: [RDS-WHOIS2-RT] Late markup Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there. Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process. Stephanie Perrin Chair, NCSG
I understand your point of view Lili. I hope you understand mine. Reviewing this historical artefact at the present time is indeed very frustrating and difficult, particularly if one is also on the EPDP. cheers Stephanie On 2019-03-04 04:53, SUN Lili wrote: Hi Stephanie, I think all the arguments among this review team has been rooted in the different understanding and needs of WHOIS. However, it’s not appropriate to have the established set of attitudes towards WHOIS during the review in my opinion. The Review Team has explicitly outlined ToR and scope. Our work should adhere to the ToR, make assessment based on the facts, and generate recommendations accordingly. Whether the WHOIS should exist or not is beyond the scope of this review. The beautiful part of the multi-stakeholder model and consensus policy is to give you a chance to learn other’s concerns, but the negative part is the high price and long process to reach consensus, and the result makes no one happy in the end. I was frustrated as well after the involvement in this review team, but that’s the way it works. Just to share my mind with you. Regards, Lili From: RDS-WHOIS2-RT [mailto:rds-whois2-rt-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Monday, 4 March, 2019 1:53 PM To: RDS WHOIS2-RT List <rds-whois2-rt@icann.org><mailto:rds-whois2-rt@icann.org> Subject: [RDS-WHOIS2-RT] Late markup Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there. Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process. Stephanie Perrin Chair, NCSG
Hi Stephanie, I am getting on a plane in 48 hours and my next two days were already pretty full! And I am unavailable for the two weeks following the ICANN meeting. I will integrate those parts of your comments that in my opinion (and those of Cathrin and Susan to the extent that I can dialogue with them) are not controversial. Those that would really need to have the review team re-convened to discuss will not be included. To do that would delay the issuance of the report well into April and I do not believe that we should do that. Changes to the actual recommendations (other than purely grammatical) are in a similar vein. Those have been out there for many weeks and to make changes to them will require going back to the entire review team. Once I finish the integration I will return the document to you with comments about what I did not integrate. I would appreciate knowing if that will remove your support for any recommendations and whether you will submit a statement very soon after that. Once I leave for Kobe, Jean-Baptiste will continue finalizing the report formatting and such and will integrate your statement is there is one. The intent is that swe ship this out before the end of the week. I appreciate your desire to not break consensus, but if my failure to integrate any specific comment on a Recommendation, I will understand that. I strongly support your submitting a statement if you wish (labelled as a minority statement or simply as a statement from you without attempting to classifying it. It will go into an Addendum appended at the end of the report-proper (before the Appendices which may be packaged into a separate PDF to keep the document size reasonable. And I will insert a reference to it in both the Exec Summary and the body of the report. Alan At 04/03/2019 12:52 AM, Stephanie Perrin wrote: Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there. Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process. Stephanie Perrin Chair, NCSG _______________________________________________ RDS-WHOIS2-RT mailing list RDS-WHOIS2-RT@icann.org https://mm.icann.org/mailman/listinfo/rds-whois2-rt
Thanks a lot Alan, that seems reasonable. I will be happy to work with Jean Baptiste on this if he has questions. Really, there are no surprises in there. My statement is really going to be more about the framing of the review, about which we had little choice under the circumstances, and perhaps the tone which could be materially improved by a couple of additions. The fact is, ICANN has not wanted to hear about data protection for 19 years and now we are racing to retrofit. cheers SP On 2019-03-04 10:42, Alan Greenberg wrote: Hi Stephanie, I am getting on a plane in 48 hours and my next two days were already pretty full! And I am unavailable for the two weeks following the ICANN meeting. I will integrate those parts of your comments that in my opinion (and those of Cathrin and Susan to the extent that I can dialogue with them) are not controversial. Those that would really need to have the review team re-convened to discuss will not be included. To do that would delay the issuance of the report well into April and I do not believe that we should do that. Changes to the actual recommendations (other than purely grammatical) are in a similar vein. Those have been out there for many weeks and to make changes to them will require going back to the entire review team. Once I finish the integration I will return the document to you with comments about what I did not integrate. I would appreciate knowing if that will remove your support for any recommendations and whether you will submit a statement very soon after that. Once I leave for Kobe, Jean-Baptiste will continue finalizing the report formatting and such and will integrate your statement is there is one. The intent is that swe ship this out before the end of the week. I appreciate your desire to not break consensus, but if my failure to integrate any specific comment on a Recommendation, I will understand that. I strongly support your submitting a statement if you wish (labelled as a minority statement or simply as a statement from you without attempting to classifying it. It will go into an Addendum appended at the end of the report-proper (before the Appendices which may be packaged into a separate PDF to keep the document size reasonable. And I will insert a reference to it in both the Exec Summary and the body of the report. Alan At 04/03/2019 12:52 AM, Stephanie Perrin wrote: Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there. Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process. Stephanie Perrin Chair, NCSG _______________________________________________ RDS-WHOIS2-RT mailing list RDS-WHOIS2-RT@icann.org<mailto:RDS-WHOIS2-RT@icann.org> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
Here is the doc with my comments. I believe I addressed everything except Word tells me you inserted an "I" somewhere at the bottom of page 115 or top of 116 and I cannot see it. If you can, let me know where it is! Please get back ASAP with any decision not to support a Rec (and in particular 5.1). Alan At 04/03/2019 11:51 AM, Stephanie Perrin wrote: Thanks a lot Alan, that seems reasonable. I will be happy to work with Jean Baptiste on this if he has questions. Really, there are no surprises in there. My statement is really going to be more about the framing of the review, about which we had little choice under the circumstances, and perhaps the tone which could be materially improved by a couple of additions. The fact is, ICANN has not wanted to hear about data protection for 19 years and now we are racing to retrofit. cheers SP On 2019-03-04 10:42, Alan Greenberg wrote: Hi Stephanie, I am getting on a plane in 48 hours and my next two days were already pretty full! And I am unavailable for the two weeks following the ICANN meeting. I will integrate those parts of your comments that in my opinion (and those of Cathrin and Susan to the extent that I can dialogue with them) are not controversial. Those that would really need to have the review team re-convened to discuss will not be included. To do that would delay the issuance of the report well into April and I do not believe that we should do that. Changes to the actual recommendations (other than purely grammatical) are in a similar vein. Those have been out there for many weeks and to make changes to them will require going back to the entire review team. Once I finish the integration I will return the document to you with comments about what I did not integrate. I would appreciate knowing if that will remove your support for any recommendations and whether you will submit a statement very soon after that. Once I leave for Kobe, Jean-Baptiste will continue finalizing the report formatting and such and will integrate your statement is there is one. The intent is that swe ship this out before the end of the week. I appreciate your desire to not break consensus, but if my failure to integrate any specific comment on a Recommendation, I will understand that. I strongly support your submitting a statement if you wish (labelled as a minority statement or simply as a statement from you without attempting to classifying it. It will go into an Addendum appended at the end of the report-proper (before the Appendices which may be packaged into a separate PDF to keep the document size reasonable. And I will insert a reference to it in both the Exec Summary and the body of the report. Alan At 04/03/2019 12:52 AM, Stephanie Perrin wrote: Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there. Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process. Stephanie Perrin Chair, NCSG _______________________________________________ RDS-WHOIS2-RT mailing list RDS-WHOIS2-RT@icann.org<mailto:RDS-WHOIS2-RT@icann.org> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
Hi Stephanie: You mentioned the concerns not with outcome but moreso with process. If you recall the arguments in responding to the ToR, the decision to exclude GDPR deliberations I do believe was optimal in context. It isn't that some of us have not recognized that the new dispensation pertaining data privacy and protection demands new approaches. It is, however the process dictated by the ToR built us a straight jacket that nullified an approach that embraced those matters. I can understand that you feel hamstrung by what was laid out and I think you should say so. A statement from you as an addendum to the Report and rwgretting the ToR given the RT even as you keep consensus with the group on the main Report itself is indeed supportable. Carlton On Mon, 4 Mar 2019, 12:53 am Stephanie Perrin, < stephanie.perrin@mail.utoronto.ca> wrote:
Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there.
Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process.
Stephanie Perrin
Chair, NCSG
_______________________________________________ RDS-WHOIS2-RT mailing list RDS-WHOIS2-RT@icann.org https://mm.icann.org/mailman/listinfo/rds-whois2-rt
Thanks Carlton, that is what I am striving for in my statement. cheers SP On 2019-03-04 12:41, Carlton Samuels wrote: Hi Stephanie: You mentioned the concerns not with outcome but moreso with process. If you recall the arguments in responding to the ToR, the decision to exclude GDPR deliberations I do believe was optimal in context. It isn't that some of us have not recognized that the new dispensation pertaining data privacy and protection demands new approaches. It is, however the process dictated by the ToR built us a straight jacket that nullified an approach that embraced those matters. I can understand that you feel hamstrung by what was laid out and I think you should say so. A statement from you as an addendum to the Report and rwgretting the ToR given the RT even as you keep consensus with the group on the main Report itself is indeed supportable. Carlton On Mon, 4 Mar 2019, 12:53 am Stephanie Perrin, <stephanie.perrin@mail.utoronto.ca<mailto:stephanie.perrin@mail.utoronto.ca>> wrote: Attached is my markup of the document. Overall, this document is impressive in its scope and research. Basically, I think many of our recommendations are sensible. However, the bias towards disclosure of information, the negative attitude towards the GDPR (which my SG applauds as exemplary effort to protect privacy and human rights), and the absence of any explicit recognition of the fact that our WHOIS practices already violated data protection law during the time of the past review are discouraging. Not to mention the fact that the birth of ICANN coincided with the coming into force of the EU directive, and we have had plenty of advice from the DPAs over the past 19 years telling us how to fix it. The push to continue doing what we have done since ICANN was born, regardless of changing risks, improvements in data protection, and the existence of many other ways to achieve the security and stability of the Internet, is discouraging. I realize we had to review the recommendations of the previous Review team. We live in different times, however, and the evidence of that impacting our review is not there. Given how many issues I have reservations about, I would like to make a statement, but I am not quite sure where it belongs. I do not want to resist consensus, but I do want to register some frustration with this process and final result. I do appreciate that I am a minority view and that you have tolerated my raising my comments and objections throughout the process. Stephanie Perrin Chair, NCSG _______________________________________________ RDS-WHOIS2-RT mailing list RDS-WHOIS2-RT@icann.org<mailto:RDS-WHOIS2-RT@icann.org> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
participants (4)
-
Alan Greenberg -
Carlton Samuels -
Stephanie Perrin -
SUN Lili