[ALAC] ALAC Comment on IPC/BC Access Model
Alan Greenberg
alan.greenberg at mcgill.ca
Sun Apr 8 21:47:27 UTC 2018
That link worked for me - March 23rd, Version 1.2.
I haven't looked at it yet either, but I have
asked Staff to set up a Wiki policy page.
Alan
At 08/04/2018 04:30 PM, Holly Raiche wrote:
>Thanks Bastiaan
>
>The link you sent doesnt resolve but I think
>its the same document. My strong suggestion -
>leadership team - is to put this issue on the
>policy wiki - given that we have said this is an
>important issue, we should comment on it
>
>Over to staff and the leadership team!
>
>Holly
>On 9 Apr 2018, at 1:19 am, Bastiaan Goslings
><<mailto:bastiaan.goslings at ams-ix.net>bastiaan.goslings at ams-ix.net> wrote:
>
>>Hi Holly
>>
>>Thanks a lot - very good to raise this issue.
>>
>>I assume the draft you refer to is
>><https://www.icann.org/en/system/files/files/gdpr-comments-ipbc-whois-access-accreditation-process-1-2-23mar18-en.pdf>https://www.icann.org/en/system/files/files/gdpr-comments-ipbc-whois-access-accreditation-process-1-2-23mar18-en.pdf
>>?
>>
>>I havent read it yet...
>>
>>Bastiaan
>>
>>--
>>Envoyé de mon iPhone
>>
>>On 8 Apr 2018, at 07:41, Holly Raiche
>><<mailto:h.raiche at internode.on.net>h.raiche at internode.on.net> wrote:
>>
>>>Folks
>>>
>>> As we said in the ALAC Statement on the GDPR
>>> now being voted upon one of the
>>> outstanding critical issues will be
>>> accreditation of those who are given access
>>> to personal information from the Whois database.
>>>
>>> The IPC/BC community within the GNSO has
>>> developed a Draft Accreditation and Access
>>> Model for non-public Whois Data which they
>>> are putting forward for discussion. Indeed,
>>> they recently held a webinar on the model
>>> at the usually impossible time for Australia.
>>> They have also set up a mailing list on the
>>> issue and the documents they used for the
>>> webinar are supposed to be available for
>>> those on the mailing list. (I havent seen them as yet)
>>>
>>> The first thing to note about that model is
>>> that is that it is very much the creature of
>>> the IPC/BC constituency. The NCSG were not
>>> consulted and are developing their response
>>> to the accreditation model. My understanding
>>> is that the Registries/Registrars also did
>>> not provide input into that model. We should
>>> also comment - either through a Google Doc or
>>> on the wiki, but - in a very short space of
>>> time - we should be developing at least some
>>> response to the IPC/BC proposal. No response
>>> to their model could otherwise be taken as
>>> tacit community consent to its proposals.
>>>
>>> My two major issues with the model are as
>>> below. Please feel free to comment as well.
>>>
>>> My basic issue with their Access Model is
>>> that it confuses data use with the
>>> purpose of collection. Under basic data
>>> protection law, personal information can only
>>> be collected for specified and legitimate
>>> purposes of the data collector (ICANN and
>>> registrars) and not further processed in ways
>>> inconsistent with the legitimate
>>> purpose(s). The ALAC has suggested that
>>> feedback from the European DPAs will assist
>>> in determining the purposes consistent with
>>> ICANN and the Registries purpose in
>>> collection of that data. The purpose
>>> suggested in the Interim Model is not as
>>> broad as suggested by this Access Model and,
>>> in my view, preferable. (See Annex A, Access Model).
>>>
>>> The Access Model proposed suggests that,
>>> once parties are accredited, they would gain
>>> access to all the Whois Information. In my
>>> view, any access to personal information
>>> should be in limited circumstances only
>>> - that blanket access not be given. In a
>>> law enforcement context, search warrants
>>> generally need some kind of judicial
>>> sanction, based on apprehension of possible
>>> criminality, before premises can be searched
>>> and/or persons apprehended. While an access
>>> request test probably would not be quite that
>>> stringent, I could not support access seekers
>>> being given blanket permission to access
>>> personal information generally; there should
>>> be a requirement for reasonable grounds to
>>> suspect unlawful or harmful action in
>>> specific circumstances (carefully defined) before access given.
>>>
>>>Holly
>>>_______________________________________________
>>>ALAC mailing list
>>><mailto:ALAC at atlarge-lists.icann.org>ALAC at atlarge-lists.icann.org
>>>https://atlarge-lists.icann.org/mailman/listinfo/alac
>>>
>>>At-Large Online: <http://www.atlarge.icann.org/>http://www.atlarge.icann.org
>>>ALAC Working Wiki:
>>><https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline
>X-Microsoft-Exchange-Diagnostics:
>
>1;YTOPR01MB0396;27:YEkXwqIBV+GhRZmgfsC8ZtL0XlvoTp1BKuDW3N2gjqxAivMyhcJE6NqWMxrt5tA/HlE+wOO+0Rs15wJQ2E2GIyrktzg/ak+RBadp3ssVvyGFUbnoISD6os9OmEz/0he1
>X-Microsoft-Antispam-Message-Info:
>
>pA3vtw6Vr/0THDpT7aO0JwJOmkUNlU37bm8guJL99UfxxR2JyIJWqcMNHRcYHfuDFCAX0HtDfqCIlsePDCJeWs5ZJmIzuMsfzCePohyXUygjY4madHC9jRVP8b9uPWvdOk/fVFbnTVvgEYxye1guuyoJtVMYwQiGLp+xi/8kQyzw5VrXzgV/mvpy6YszBSlI/k3BCNNdOQbRaIsYJjbBUdEeQ8Vfvd3eltaGzjvzAKqtjp3OLrPE9Nr5TckpT40eIPuyryf2QOWWxtZRo6nXAvk7gUuOLXwzuwprfMFYnlGA4I0AuSdrqmVFtXnGkPwVLppbfWOc9sXUWBrTE8dDgaOJBqOV1uVZIJkxT1CqKkmw1rMJFw/JZ1GX6irgPmP4nMlqFGPV791NBlb0KRn+EQMd0xwUYW6fPoi0hivHMIU=
>
>_______________________________________________
>ALAC mailing list
>ALAC at atlarge-lists.icann.org
>https://atlarge-lists.icann.org/mailman/listinfo/alac
>
>At-Large Online: http://www.atlarge.icann.org
>ALAC Working Wiki:
>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180408/bf1fb98c/attachment.html>
More information about the ALAC
mailing list