[ALAC] ALAC Comment on IPC/BC Access Model

Holly Raiche h.raiche at internode.on.net
Sun Apr 8 07:15:45 UTC 2018


Thanks Tijani

Hopefully, we can work on a response to the IPC/BC model soon.   I worry that it is the only model for access under debate - we need to make this a broader conversation

Holly
On 8 Apr 2018, at 4:39 pm, Tijani BEN JEMAA <tijani.benjemaa at benjemaa.com> wrote:

> Good morning Holly,
> 
> I agree with you about the purpose: you should remember that in San Juan, I said that the purpose definition of the interim model is so broad and merit to be reconsidered. The IPC/BC one is worse.
> As for access for accredited parties, it was my understanding that it should be conditioned by a documented suspicion of unlawful or harmful action or behavior. I noted that this is not the intention.
>   
> -----------------------------------------------------------------------------
> Tijani BEN JEMAA
> Executive Director
> Mediterranean Federation of Internet Associations (FMAI)
> Phone: +216 98 330 114
>              +216 52 385 114
> -----------------------------------------------------------------------------
> 
> 
> 
> 
>> Le 8 avr. 2018 à 06:41, Holly Raiche <h.raiche at internode.on.net> a écrit :
>> 
>> Folks
>> 
>>  As we said in the ALAC Statement on the GDPR – now being voted upon – one of the outstanding critical issues will be accreditation of those who are given access to personal information from the Whois database. 
>> 
>>  The IPC/BC community within the GNSO has developed a ‘Draft Accreditation and Access Model for non-public Whois Data’  which they are putting forward for discussion.  Indeed, they recently held a webinar on the model – at the usually impossible time for Australia. They have also set up a mailing list on the issue and the documents they used for the webinar are supposed to be available for those on the mailing list. (I haven’t seen them as yet)
>> 
>>  The first thing to note about that model is that is that it is very much the creature of the IPC/BC constituency.  The NCSG were not consulted and are developing their response to the accreditation model.  My understanding is that the Registries/Registrars also did not provide input into that model. We should also comment - either through a Google Doc or on the wiki, but - in a very short space of time - we should be developing at least some response to the IPC/BC proposal. No response to their model could otherwise be taken as tacit community consent to its proposals. 
>> 
>>  My two major issues with the model are as below. Please feel free to comment as well.
>> 
>>  My basic issue with their Access Model is that it confuses data ‘use’ with the ‘purpose’ of collection.  Under basic data protection law, personal information can only be collected for specified and legitimate purposes of the data collector  (ICANN and registrars) and not further processed in ways inconsistent  with the legitimate purpose(s).  The ALAC has suggested that feedback from the European DPAs will assist in determining the purposes consistent with ICANN and the Registries purpose in collection of that data. The purpose suggested in the Interim Model is not as broad as suggested by this Access Model and, in my view, preferable. (See Annex A, Access Model).
>> 
>>  The Access Model proposed suggests that, once parties are accredited, they would gain access to all the Whois Information.  In my view, any access to personal information should be in limited circumstances only -  that blanket access not be given.  In a law enforcement context, search warrants generally need some kind of judicial sanction, based on apprehension of possible criminality, before premises can be searched and/or persons apprehended. While an access request test probably would not be quite that stringent, I could not support access seekers being given blanket permission to access personal information generally; there should be a requirement for reasonable grounds to suspect unlawful or harmful action in specific circumstances (carefully defined) before access given. 
>> 
>> 
>> Holly
>> _______________________________________________
>> ALAC mailing list
>> ALAC at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/alac
>> 
>> At-Large Online: http://www.atlarge.icann.org
>> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180408/1c4de9e2/attachment.html>


More information about the ALAC mailing list