Dear Emily, I do agree that all other relevant laws should not be excluded. However, even in the current definitions such legal norms are NOT excluded (if they are applicable to the regulation/control of the personal data). As far as I remember, there was presented no proof, that any act of the domestic legislation has a direct reference to the WHOIS formats/technology/etc. In most cases such legislation (be it, e.g., criminal investigation procedures and/or consumer protection) are interrelated with the local personal data laws and thus can be treated as such (= no further clarification is needed for our definition). For example, in Russia there are (implicit) obligations of any internet provider to share information on their customers in case of criminal investigation. The Federal Law on Personal Data (more or less based on E.U.Convention) is much more specific on what personal data are and how they should be protected; it also contains specific exclusions from the protection regime for the cases like criminal investigation - and thus can be treated as a "primary applicable" law for the WHOIS-related matters. Making Criminal Process Code a "secondary applicable" law. This makes the overall definition as simple and as understandable as possible. Anyhow, any additions - as you propose them for better understanding - are also possible. Regards, Michael From: Emily Taylor [mailto:emily@emilytaylor.eu] Sent: Monday, August 15, 2011 1:26 PM To: Mikhail Yakushev Cc: LEMON, Sharon; rt4-whois@icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev <m.yakushev@corp.mail.ru<mailto:m.yakushev@corp.mail.ru>> wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill's views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the "Applicable Laws" definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment - based on Bill's methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data - indeed, it's legal force is much weaker, that the Human Rights Declaration. However, Lexinta's reference to the 'applicable' laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries@soca.x.gsi.gov.uk<mailto:PICUEnquiries@soca.x.gsi.gov.uk> or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> https://mm.icann.org/mailman/listinfo/rt4-whois -- [Description: Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily@emilytaylor.eu<mailto:emily@emilytaylor.eu> www.etlaw.co.uk<http://www.etlaw.co.uk> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713.

Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday's call. I am concerned that by adding "or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: "In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN's ability to enforce the requirements of providing open Whois access, it seems inconceivable that "any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information" are all applicable to ICANN in its enforcement of this policy." Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James' point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: rt4-whois-bounces@icann.org [mailto:rt4-whois-bounces@icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: rt4-whois@icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev <m.yakushev@corp.mail.ru<mailto:m.yakushev@corp.mail.ru>> wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill's views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the "Applicable Laws" definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment - based on Bill's methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data - indeed, it's legal force is much weaker, that the Human Rights Declaration. However, Lexinta's reference to the 'applicable' laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries@soca.x.gsi.gov.uk<mailto:PICUEnquiries@soca.x.gsi.gov.uk> or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily@emilytaylor.eu<mailto:emily@emilytaylor.eu> www.etlaw.co.uk<http://www.etlaw.co.uk> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713.

I think the answer is that the conflict provision has never been exercised (I don't recall where I heard that). On Aug 15, 2011, at 3:48 PM, Nettlefold, Peter wrote: Hello all, I just wanted to hijack this very useful discussion to ask a question relating to applicable laws – have ICANN staff advised if the consensus policy for dealing with conflicts with privacy laws has ever been used, and if so how often and with what effect? Sorry if I should know this, but I’ve spent quite a bit of time trawling emails etc and not found anything, and to my mind this is an important piece of the evidence puzzle as we look at privacy in the WHOIS content. Thanks, Peter From: rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Susan Kawaguchi Sent: Tuesday, 16 August 2011 8:42 AM To: Emily Taylor Cc: rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday’s call. I am concerned that by adding “or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: “In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN’s ability to enforce the requirements of providing open Whois access, it seems inconceivable that “any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information” are all applicable to ICANN in its enforcement of this policy.” Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James’ point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev <m.yakushev@corp.mail.ru<mailto:m.yakushev@corp.mail.ru>> wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill’s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the “Applicable Laws” definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment – based on Bill’s methodology :), (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data – indeed, it’s legal force is much weaker, that the Human Rights Declaration. However, Lexinta’s reference to the ‘applicable’ laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries@soca.x.gsi.gov.uk<mailto:PICUEnquiries@soca.x.gsi.gov.uk> or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> https://mm.icann.org/mailman/listinfo/rt4-whois -- <~WRD122.jpg> 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322 emily@emilytaylor.eu<mailto:emily@emilytaylor.eu> www.etlaw.co.uk<http://www.etlaw.co.uk> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> https://mm.icann.org/mailman/listinfo/rt4-whois

I'm for 2. It keeps us in "ICANN" language making both definitions and discussion simpler. I consider producer, processor, consumer, and maintainer to be legal terms subject to interpretation by the court. It's impossible for us to determine a priori which of the legal definitions would apply to any of the ICANN terms in all situations. That determination is dependent on the specific facts of each individual case, and will be made by the court not us. I could support the inclusion of the legal terms but think we might be best served by referencing one or more definitions and suggesting a few equivalencies given a set of facts. If we don't limit ourselves to one set of facts (or perhaps a few), I doubt we'll reach agreement and that won't serve us well - in my opinion. On Aug 15, 2011, at 3:42 PM, "Susan Kawaguchi" <<mailto:susank@fb.com><mailto:susank@fb.com>susank@fb.com<mailto:susank@fb.com>> wrote: Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday’s call. I am concerned that by adding “or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: “In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN’s ability to enforce the requirements of providing open Whois access, it seems inconceivable that “any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information” are all applicable to ICANN in its enforcement of this policy.” Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James’ point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: <mailto:rt4-whois-bounces@icann.org> <mailto:rt4-whois-bounces@icann.org> rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev <<mailto:m.yakushev@corp.mail.ru><mailto:m.yakushev@corp.mail.ru><mailto:m.yakushev@corp.mail.ru>m.yakushev@corp.mail.ru<mailto:m.yakushev@corp.mail.ru>> wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill’s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the “Applicable Laws” definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment – based on Bill’s methodology ☺, (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data – indeed, it’s legal force is much weaker, that the Human Rights Declaration. However, Lexinta’s reference to the ‘applicable’ laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: <mailto:rt4-whois-bounces@icann.org> <mailto:rt4-whois-bounces@icann.org> <mailto:rt4-whois-bounces@icann.org> rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:<mailto:rt4-whois-bounces@icann.org><mailto:rt4-whois-bounces@icann.org><mailto:rt4-whois-bounces@icann.org>rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries@soca.x.gsi.gov.uk<mailto:PICUEnquiries@soca.x.gsi.gov.uk> or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list <mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org>Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> <https://mm.icann.org/mailman/listinfo/rt4-whois><https://mm.icann.org/mailman/listinfo/rt4-whois><https://mm.icann.org/mailman/listinfo/rt4-whois>https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322 <mailto:emily@emilytaylor.eu><mailto:emily@emilytaylor.eu><mailto:emily@emilytaylor.eu>emily@emilytaylor.eu<mailto:emily@emilytaylor.eu> <http://www.etlaw.co.uk><http://www.etlaw.co.uk><http://www.etlaw.co.uk>www.etlaw.co.uk<http://www.etlaw.co.uk> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list <mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org>Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> <https://mm.icann.org/mailman/listinfo/rt4-whois><https://mm.icann.org/mailman/listinfo/rt4-whois>https://mm.icann.org/mailman/listinfo/rt4-whois

Dear Susan and Bill, colleagues, I do support Bill's proposal on Option 2 (not to create new definitions). Unless the definitions of producers/maintainers etc. are absolutely/critically necessary for our Final report, we are able to be more specific with the existing essences and without challenging Occam's razor principle. Kind regards, Michael -----Original Message----- From: rt4-whois-bounces@icann.org [mailto:rt4-whois-bounces@icann.org] On Behalf Of Smith, Bill Sent: Tuesday, August 16, 2011 7:19 PM To: Susan Kawaguchi Cc: rt4-whois@icann.org Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! I'm for 2. It keeps us in "ICANN" language making both definitions and discussion simpler. I consider producer, processor, consumer, and maintainer to be legal terms subject to interpretation by the court. It's impossible for us to determine a priori which of the legal definitions would apply to any of the ICANN terms in all situations. That determination is dependent on the specific facts of each individual case, and will be made by the court not us. I could support the inclusion of the legal terms but think we might be best served by referencing one or more definitions and suggesting a few equivalencies given a set of facts. If we don't limit ourselves to one set of facts (or perhaps a few), I doubt we'll reach agreement and that won't serve us well - in my opinion. On Aug 15, 2011, at 3:42 PM, "Susan Kawaguchi" <<mailto:susank@fb.com><mailto:susank@fb.com>susank@fb.com<mailto:susank@fb.com>> wrote: Hello, Applicable Laws Sorry for the late input but hopefully we can all discuss on Wednesday’s call. I am concerned that by adding “or any other relevant laws which are binding on one or more of the parties" this will confuse the issues with the definition. Several comments pointed out that although individuals may be protected by many different laws around the world that at least in the EU and US businesses are explicitly not protected in the same manner and that they have specific obligations to provide information if they are engaging in commercial activity on the internet. The IPC made a very good point in their comments not all laws that involve the protection of data are actually applicable to ICANN and the WHOIS policy. The following is an excerpt from their comments: “In order to assess whether ICANN is fulfilling this commitment, the Review Team must focus on which laws are applicable to ICANN in carrying out this policy. This can be a difficult question to answer. While some national laws may apply to ICANN’s ability to enforce the requirements of providing open Whois access, it seems inconceivable that “any and all local and national laws that regulate and/or control the collection, use, access and disclosure of personally identifiable information” are all applicable to ICANN in its enforcement of this policy.” Producers and Maintainers These definitions have been problematic and confusing to me from day one. I understand James’ point in defining the terms in this way (and I agreed to it as part of the team) but it is obvious from the comments that we have caused some confusion. Two possible solutions: 1. Provide additional information with the definition that James originally provided Existing Organizations: Where do they fit? The subteam is unanimous on the following: ---------------------------------------- Registrants = Producers ICANN = Maintainer (Data Controller) gTLD REGISTRY = Maintainer (Data Controller and Data Processor) gTLD REGISTRAR = Maintainer (Data Processor) WHOIS DATA ESCROW PROVIDER = Maintainer (Data Processor) The subteam disagrees on the following: ---------------------------------------- WHOIS DATA AGGREGATOR = Data Processor (Susan), No Category (James) PRIVACY/PROXY SERVICE = Data Processor (Susan), Producer or No Category (James) We may have to add to this list as there may be other services that fit into these categories 2. Revert to the usual terms such as Registrant, Registrar, Registry etc. that are well known and understood. Looking forward to the discussion on Wednesday. Susan From: <mailto:rt4-whois-bounces@icann.org> <mailto:rt4-whois-bounces@icann.org> rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:rt4-whois-bounces@icann.org] On Behalf Of Emily Taylor Sent: Monday, August 15, 2011 2:26 AM To: Mikhail Yakushev Cc: <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: Re: [Rt4-whois] Help required - NOW EVEN EASIER!! Hi all Thanks for your feedback. I agree with Michael and Bill, except that I think we need to tweak the definition further. As I recall, there were some comments (the GAC? others?) to the effect that, while data protection/privacy laws are the obvious example of relevant applicable laws, our definition should not exclude other relevant applicable laws - and therefore we should add some words like "or any other relevant laws which are binding on one or more of the parties". The commentators may have suggested better wording, but I think we do need to consider this sort of sweep up. Kind regards Emily On 15 August 2011 10:18, Mikhail Yakushev <<mailto:m.yakushev@corp.mail.ru><mailto:m.yakushev@corp.mail.ru><mailto:m.yakushev@corp.mail.ru>m.yakushev@corp.mail.ru<mailto:m.yakushev@corp.mail.ru>> wrote: Dear Sharon, Thank you very much for your valuable work. I mostly share Bill’s views (see his separate e-mail) on most comments and I think there is no proven necessity to make any substantial changes in any of the definitions. As for the “Applicable Laws” definition: (a) The feedback was mostly positive, (b) I am ready to prepare a short response for each comment – based on Bill’s methodology ☺, (c) I think it is possible to agree with Lexinta proposal and to remove the reference to the UN Guidelines on Personal Data – indeed, it’s legal force is much weaker, that the Human Rights Declaration. However, Lexinta’s reference to the ‘applicable’ laws (making an unfortunate cross-reference definition) should also be omitted. Regards, Michael From: <mailto:rt4-whois-bounces@icann.org> <mailto:rt4-whois-bounces@icann.org> <mailto:rt4-whois-bounces@icann.org> rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org> [mailto:<mailto:rt4-whois-bounces@icann.org><mailto:rt4-whois-bounces@icann.org><mailto:rt4-whois-bounces@icann.org>rt4-whois-bounces@icann.org<mailto:rt4-whois-bounces@icann.org>] On Behalf Of LEMON, Sharon Sent: Friday, August 05, 2011 1:04 PM To: <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> <mailto:rt4-whois@icann.org> rt4-whois@icann.org<mailto:rt4-whois@icann.org> Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! NOT PROTECTIVELY MARKED Hello Everyone, Last week I sent out my part of the report - definitions for comment and assistance. Response was limited ;-), but I still need your help. So - to make it even easier I have subdivided the work into three and you only need to look at the one which relates to the subgroup you were in. I would like you to look at the definition, the feedback received and let me know if you think we should change it in light of that feedback. The first document is the key for those who fedback, the second the defination and comments and the third the longer version, should you be interested. I have now incorporated the LE feedback from both Peter and I and summarised the comments, rather than just listed them. This will only take minutes PROMISE - and I would really like to feedback at our next conference call and I am off next week - so you have until Monday 15th!. So - Producers and Maintainers - James, Susan and Wilfried Applicable Laws -Kim, Omar, Michael, Lynn Law Enforcement - Kim, Lutz, Peter. Here's hoping, Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries@soca.x.gsi.gov.uk<mailto:PICUEnquiries@soca.x.gsi.gov.uk> or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list <mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org>Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> <https://mm.icann.org/mailman/listinfo/rt4-whois><https://mm.icann.org/mailman/listinfo/rt4-whois><https://mm.icann.org/mailman/listinfo/rt4-whois>https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322 <mailto:emily@emilytaylor.eu><mailto:emily@emilytaylor.eu><mailto:emily@emilytaylor.eu>emily@emilytaylor.eu<mailto:emily@emilytaylor.eu> <http://www.etlaw.co.uk><http://www.etlaw.co.uk><http://www.etlaw.co.uk>www.etlaw.co.uk<http://www.etlaw.co.uk> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list <mailto:Rt4-whois@icann.org><mailto:Rt4-whois@icann.org>Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> <https://mm.icann.org/mailman/listinfo/rt4-whois><https://mm.icann.org/mailman/listinfo/rt4-whois>https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois