[ALAC] ALAC Comment on IPC/BC Access Model

Sun Apr 8 21:47:27 UTC 2018

That link worked for me - March 23rd, Version 1.2.

I haven't looked at it yet either, but I have 
asked Staff to set up a Wiki policy page.

Alan

At 08/04/2018 04:30 PM, Holly Raiche wrote:

>Thanks Bastiaan
>
>The link you sent doesn’t resolve but I think 
>it’s the same document.  My strong suggestion - 
>leadership team - is to put this issue on the 
>policy wiki - given that we have said this is an 
>important issue, we should comment on it
>
>Over to staff and the leadership team!
>
>Holly
>On 9 Apr 2018, at 1:19 am, Bastiaan Goslings 
><<mailto:bastiaan.goslings at ams-ix.net>bastiaan.goslings at ams-ix.net> wrote:
>
>>Hi Holly
>>
>>Thanks a lot - very good to raise this issue.
>>
>>I assume the draft you refer to is 
>><https://www.icann.org/en/system/files/files/gdpr-comments-ipbc-whois-access-accreditation-process-1-2-23mar18-en.pdf>https://www.icann.org/en/system/files/files/gdpr-comments-ipbc-whois-access-accreditation-process-1-2-23mar18-en.pdf 
>>?
>>
>>I haven’t read it yet...
>>
>>Bastiaan
>>
>>--
>>Envoyé de mon iPhone
>>
>>On 8 Apr 2018, at 07:41, Holly Raiche 
>><<mailto:h.raiche at internode.on.net>h.raiche at internode.on.net> wrote:
>>
>>>Folks
>>>
>>>  As we said in the ALAC Statement on the GDPR 
>>> – now being voted upon – one of the 
>>> outstanding critical issues will be 
>>> accreditation of those who are given access 
>>> to personal information from the Whois database.
>>>
>>>  The IPC/BC community within the GNSO has 
>>> developed a ‘Draft Accreditation and Access 
>>> Model for non-public Whois Data’  which they 
>>> are putting forward for discussion.  Indeed, 
>>> they recently held a webinar on the model – 
>>> at the usually impossible time for Australia. 
>>> They have also set up a mailing list on the 
>>> issue and the documents they used for the 
>>> webinar are supposed to be available for 
>>> those on the mailing list. (I haven’t seen them as yet)
>>>
>>>  The first thing to note about that model is 
>>> that is that it is very much the creature of 
>>> the IPC/BC constituency.  The NCSG were not 
>>> consulted and are developing their response 
>>> to the accreditation model.  My understanding 
>>> is that the Registries/Registrars also did 
>>> not provide input into that model. We should 
>>> also comment - either through a Google Doc or 
>>> on the wiki, but - in a very short space of 
>>> time - we should be developing at least some 
>>> response to the IPC/BC proposal. No response 
>>> to their model could otherwise be taken as 
>>> tacit community consent to its proposals.
>>>
>>>  My two major issues with the model are as 
>>> below. Please feel free to comment as well.
>>>
>>>  My basic issue with their Access Model is 
>>> that it confuses data ‘use’ with the 
>>> ‘purpose’ of collection.  Under basic data 
>>> protection law, personal information can only 
>>> be collected for specified and legitimate 
>>> purposes of the data collector  (ICANN and 
>>> registrars) and not further processed in ways 
>>> inconsistent  with the legitimate 
>>> purpose(s).  The ALAC has suggested that 
>>> feedback from the European DPAs will assist 
>>> in determining the purposes consistent with 
>>> ICANN and the Registries purpose in 
>>> collection of that data. The purpose 
>>> suggested in the Interim Model is not as 
>>> broad as suggested by this Access Model and, 
>>> in my view, preferable. (See Annex A, Access Model).
>>>
>>>  The Access Model proposed suggests that, 
>>> once parties are accredited, they would gain 
>>> access to all the Whois Information.  In my 
>>> view, any access to personal information 
>>> should be in limited circumstances only 
>>> -  that blanket access not be given.  In a 
>>> law enforcement context, search warrants 
>>> generally need some kind of judicial 
>>> sanction, based on apprehension of possible 
>>> criminality, before premises can be searched 
>>> and/or persons apprehended. While an access 
>>> request test probably would not be quite that 
>>> stringent, I could not support access seekers 
>>> being given blanket permission to access 
>>> personal information generally; there should 
>>> be a requirement for reasonable grounds to 
>>> suspect unlawful or harmful action in 
>>> specific circumstances (carefully defined) before access given.
>>>
>>>Holly
>>>_______________________________________________
>>>ALAC mailing list
>>><mailto:ALAC at atlarge-lists.icann.org>ALAC at atlarge-lists.icann.org
>>>https://atlarge-lists.icann.org/mailman/listinfo/alac
>>>
>>>At-Large Online: <http://www.atlarge.icann.org/>http://www.atlarge.icann.org
>>>ALAC Working Wiki: 
>>><https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline
>X-Microsoft-Exchange-Diagnostics:
> 
>1;YTOPR01MB0396;27:YEkXwqIBV+GhRZmgfsC8ZtL0XlvoTp1BKuDW3N2gjqxAivMyhcJE6NqWMxrt5tA/HlE+wOO+0Rs15wJQ2E2GIyrktzg/ak+RBadp3ssVvyGFUbnoISD6os9OmEz/0he1
>X-Microsoft-Antispam-Message-Info:
> 
>pA3vtw6Vr/0THDpT7aO0JwJOmkUNlU37bm8guJL99UfxxR2JyIJWqcMNHRcYHfuDFCAX0HtDfqCIlsePDCJeWs5ZJmIzuMsfzCePohyXUygjY4madHC9jRVP8b9uPWvdOk/fVFbnTVvgEYxye1guuyoJtVMYwQiGLp+xi/8kQyzw5VrXzgV/mvpy6YszBSlI/k3BCNNdOQbRaIsYJjbBUdEeQ8Vfvd3eltaGzjvzAKqtjp3OLrPE9Nr5TckpT40eIPuyryf2QOWWxtZRo6nXAvk7gUuOLXwzuwprfMFYnlGA4I0AuSdrqmVFtXnGkPwVLppbfWOc9sXUWBrTE8dDgaOJBqOV1uVZIJkxT1CqKkmw1rMJFw/JZ1GX6irgPmP4nMlqFGPV791NBlb0KRn+EQMd0xwUYW6fPoi0hivHMIU=
>
>_______________________________________________
>ALAC mailing list
>ALAC at atlarge-lists.icann.org
>https://atlarge-lists.icann.org/mailman/listinfo/alac
>
>At-Large Online: http://www.atlarge.icann.org
>ALAC Working Wiki: 
>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180408/bf1fb98c/attachment.html>