[At-Large] R: R: Implementing WHOIS Requirements per RAA 2013

Carlton Samuels carlton.samuels at gmail.com
Mon Aug 5 22:36:24 UTC 2013


Dear All:
I made a significant error in Principle #4.    The word 'need' should be
replaced with 'purpose'.  The Principle then becomes:

4. That access to all other data elements beyond the core set available for
universal access be
    restricted and only allowed based on adjudicated *purpose* across all
domains

Carlton


==============================
Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*
=============================


On Mon, Aug 5, 2013 at 4:57 PM, Carlton Samuels
<carlton.samuels at gmail.com>wrote:

> All the points raised have been in discussion in the EWG.  Some of the
> ideas here about treating the access issues have also been introduced.  The
> core idea is that use cases are consistent with safeguarding the stability
> and security and retention of user confidence in the DNS.  Thus any nextgen
> RDS must, at minumum, meet these obligations even as it addresses the
> existing vexed disabilities.
>
> That said and for clarification, the EWG is generally wary of adopting a
> coloration that could be construed as promoting implementation schemes or
> usurping those responsibilities. Rather, its objective is to clearly
> expound the principles that must undergird the nextgen registration data
> services and deliver those to the PDP process via the ICANN Board.  We are
> also very keen to ensure clarity of our thinking is communicated,
> especially for the more controversial issues.  So after much argument, a
> very strong consensus was adopted. We collectively accepted that in
> instances where details that could reasonably be inferred as design
> criteria are necessary to full understanding of a proposal, the clarity
> objective supercede all others.
>
> The rationale for an aggregated gTLD registration database rests on five
> (5) compelling principles:
> 1.  That registration data elements meet defined accuracy standards across
> all domains
> 2. That there must be universal access to a small defined core set of data
> elements for each
>      and every registration
> 3. That a data privacy regime of sufficient malleability be adopted for
> implementation in
>     keeping with existing legal privacy frameworks across all domains
> 4. That access to all other data elements beyond the core set available
> for universal access be
>     restricted and only allowed based on adjudicated need across all
> domains
> 5.  An authoritative third party compliance mechanism is enabled to ensure
> 1 - 4
>
> Now, are there other principles that should be embraced?  Maybe.  Let us
> be clear, these are open for revision and extension.
>
> Obviously, agency is critical to implementation. I am pleased to see
> recognized here the distinction between the logical and physical database
> and, even the likely implementation scenarios surrounding, placement being
> just one.  Yes,  cross-border jurisdictional issues and asymmetric privacy
> regimes in respect of multi-modal access will be impactful and are also
> critical considerations.  Working groups have been raised to 'deep dive'
> these matters and I'm co-opted to both.
>
> We meet in DC Aug 27-30 to advance the work. I am also co-opted
>
> -Carlton
>
>
> ==============================
> Carlton A Samuels
> Mobile: 876-818-1799
> *Strategy, Planning, Governance, Assessment & Turnaround*
> =============================
>
>
> On Sun, Aug 4, 2013 at 8:25 PM, Roberto Gaetano <
> roberto_gaetano at hotmail.com> wrote:
>
>> Holly,
>> This is where the ALAC advice can be different from the WG members'
>> advice.
>> While the WG might be struggling with implementation issues, ALAC, being
>> an
>> advisory body on *policy* and not on *implementation*, shall concentrate
>> on
>> the requirements for the database.
>> In short, we can require that the data shall be retrieved only via the
>> interface. Or set benchmark criteria.
>> I don't believe we can get into geopolitics, and name countries that
>> should
>> not "own" the database.
>> As for the technical solution, whether the database is located in a
>> country
>> that has specific privacy rights prevailing over judge orders, or whether
>> the database is split in parts that are distributed in different countries
>> so that no one country can have the full information on any registrant,
>> that
>> is beyond our mandate.
>> Long story short, I agree with your approach.
>> Cheers,
>> R.
>>
>> PS: At some point in time we need to deal also with the fact that EU laws
>> prohibit the transfer of personal data outside Europe without the consent
>> of
>> the registrant
>>
>>
>> > -----Messaggio originale-----
>> > Da: at-large-bounces at atlarge-lists.icann.org [mailto:at-large-
>> > bounces at atlarge-lists.icann.org] Per conto di Holly Raiche
>> > Inviato: lunedì 5 agosto 2013 02:37
>> > A: At-Large Worldwide
>> > Oggetto: Re: [At-Large] R: Implementing WHOIS Requirements per RAA 2013
>> >
>> > Thank you Karl and Roberto for your comments
>> >
>> > Roberto, the location of the ARDS is absolutely front and centre as an
>> issue.
>> > Some of the immediate comments  I heard was to insist the database NOT
>> be
>> > located in the US (followed by a long list of other undesirable
>> locations).  I
>> > would imagine places like Geneva or Brussels (or Finland) would be more
>> > easily accepted.  But I think the better solution is to describe the
>> venue
>> in
>> > terms of strict and enforceable (and enforced) privacy laws. - set
>> benchmark
>> > criteria at the least.
>> >
>> > Other issues that were discussed on the day included enforcement - by
>> > whom (ICANN's compliance department has not covered itself with glory on
>> > this one), and defining who can have access to what data.
>> >
>> > Holly
>> >
>> >
>> >
>> > On 05/08/2013, at 10:13 AM, Roberto Gaetano wrote:
>> >
>> > > I can provide one point for thoughts, that ALAC might think to include
>> > > in the feedback.
>> > > During the presentation, and in the text of the report, there is a
>> > > description of how to design access to data in a way that it will be
>> > > dependent on the rights the accessing entity has.
>> > > However, there is one entity that might gain full access to all data,
>> > > and this is the government of the country where the database will be
>> > > physically located.
>> > > I had a chat with Michele on this, and he assured me that this is one
>> > > point that came already out, and will be discussed to find an
>> acceptable
>> > solution.
>> > > I have no clue about the dynamics of the WG, I am sure, knowing
>> > > Carlton, that our points have been expressed loudly, but maybe a
>> > > little help from an official ALAC statement can help.
>> > > Let's put it this way: other constituencies and stakeholder groups
>> > > will not be shy in making statements that will push further their
>> > > opinion and needs, beyond what was the acceptable consensus of the WG:
>> > > why should ALAC avoid providing feedback? Michele is absolutely right
>> > > when he calls for further input, he knows some will speak up anyway,
>> it
>> is
>> > fair if all do.
>> > > Elaborating on the localization of the database, that we know is an
>> > > issue, is there something we can suggest? We do not need to provide
>> > > the technical solution, but can we spell out the requirements for
>> > > making sure that no specific entity will be more equal than others?
>> > > Cheers,
>> > > Roberto
>> > >
>> > >
>> > >> -----Messaggio originale-----
>> > >> Da: at-large-bounces at atlarge-lists.icann.org [mailto:at-large-
>> > >> bounces at atlarge-lists.icann.org] Per conto di Holly Raiche
>> > >> Inviato: domenica 4 agosto 2013 23:08
>> > >> A: At-Large Worldwide
>> > >> Oggetto: Re: [At-Large] Implementing WHOIS Requirements per RAA 2013
>> > >>
>> > >> Hi Carlton
>> > >>
>> > >> Thanks for this.
>> > >>
>> > >> My one concern about ALAC not developing its own input is that, at
>> > >> the GNSO meeting Evan and I attended (and where Michele presented),
>> > >> he specifically asked, indeed pleaded for feedback from everyone.
>> > >>
>> > >> I am sure that you will be taking the views that we have discussed to
>> > >> the EWG. But I think my question is whether it would not make sense
>> > >> to have official ALAC input on this particular proposal.  It is
>> > >> different enough
>> > > so that
>> > >> ALAC statements in the past are not applicable to this proposal.
>> And,
>> as
>> > > the
>> > >> discussion between Garth, you, Evan, Rinalia and I showed in Durban,
>> > >> there are different views on the proposal within  ALAC.
>> > >>
>> > >> For example, should we give the many reforms to the RAA a chance to
>> > >> work first? Should compliance be left to the compliance area within
>> > >> ICANN or to this new proposed ARDS?  And what happens to the RAA
>> > >> requirements on verification if the ARDS takes over that function, as
>> > >> well as being the gatekeeper for access to data.  It is a new road
>> > >> with much to commend it
>> > > but,
>> > >> as our discussions showed, some real reservations, and some real
>> > >> differences even within ALAC.
>> > >>
>> > >> I trust you to reflect those differences, but worry that you don't
>> > >> have
>> > > official
>> > >> ALAC statements to support what you are saying.
>> > >>
>> > >> Just please keep us informed of ongoing discussions.
>> > >>
>> > >> Thanks
>> > >>
>> > >> Holly
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> On 05/08/2013, at 6:23 AM, Carlton Samuels wrote:
>> > >>
>> > >>> Hi Holly:
>> > >>> I should think not; this was an advisory and in any event, we have
>> > >>> spoken often and endorsed the collection of the entire dataset as
>> > >>> defined in the specs.
>> > >>>
>> > >>> Regarding the EWG work, there was talk of placing an official ALAC
>> > >>> response to invitation for comments.  Since I'm a member of the EWG,
>> > >>> speaking aloud to myself might very well be considered just desserts
>> > >>> in some quarters and as such not to be encouraged. So I will exempt
>> > > myself
>> > >> from that process.
>> > >>>
>> > >>> Best,
>> > >>> -Carlton
>> > >>>
>> > >>>
>> > >>> ==============================
>> > >>> Carlton A Samuels
>> > >>> Mobile: 876-818-1799
>> > >>> *Strategy, Planning, Governance, Assessment & Turnaround*
>> > >>> =============================
>> > >>>
>> > >>>
>> > >>> On Thu, Aug 1, 2013 at 10:46 PM, Holly Raiche
>> > >> <h.raiche at internode.on.net>wrote:
>> > >>>
>> > >>>> Hi Carlton
>> > >>>>
>> > >>>> It doesn't look like they are looking for any input from anyone -
>> > >>>> except registrars. Am I right?
>> > >>>>
>> > >>>> And a related question - is ALAC making a statement of the EWG
>> > >>>> Initial Report.  I don't see anything on the policy page, but my
>> > >>>> understanding was that they were looking for feedback?
>> > >>>>
>> > >>>> Holly
>> > >>>> On 02/08/2013, at 2:50 AM, Carlton Samuels wrote:
>> > >>>>
>> > >>>>> See the details here:
>> > >>>>> http://www.icann.org/en/news/announcements/announcement-
>> > >> 31jul13-en.h
>> > >>>>> tm
>> > >>>>>
>> > >>>>> -Carlton
>> > >>>>>
>> > >>>>> ==============================
>> > >>>>> Carlton A Samuels
>> > >>>>> Mobile: 876-818-1799
>> > >>>>> *Strategy, Planning, Governance, Assessment & Turnaround*
>> > >>>>> =============================
>> > >>>>> _______________________________________________
>> > >>>>> At-Large mailing list
>> > >>>>> At-Large at atlarge-lists.icann.org
>> > >>>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> > >>>>>
>> > >>>>> At-Large Official Site: http://atlarge.icann.org
>> > >>>>
>> > >>>> _______________________________________________
>> > >>>> At-Large mailing list
>> > >>>> At-Large at atlarge-lists.icann.org
>> > >>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> > >>>>
>> > >>>> At-Large Official Site: http://atlarge.icann.org
>> > >>>>
>> > >>> _______________________________________________
>> > >>> At-Large mailing list
>> > >>> At-Large at atlarge-lists.icann.org
>> > >>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> > >>>
>> > >>> At-Large Official Site: http://atlarge.icann.org
>> > >>
>> > >> _______________________________________________
>> > >> At-Large mailing list
>> > >> At-Large at atlarge-lists.icann.org
>> > >> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> > >>
>> > >> At-Large Official Site: http://atlarge.icann.org
>> > >
>> > > _______________________________________________
>> > > At-Large mailing list
>> > > At-Large at atlarge-lists.icann.org
>> > > https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> > >
>> > > At-Large Official Site: http://atlarge.icann.org
>> >
>> > _______________________________________________
>> > At-Large mailing list
>> > At-Large at atlarge-lists.icann.org
>> > https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> >
>> > At-Large Official Site: http://atlarge.icann.org
>>
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>>
>> At-Large Official Site: http://atlarge.icann.org
>>
>
>



More information about the At-Large mailing list