[At-Large] R: R: Implementing WHOIS Requirements per RAA 2013
Carlton Samuels
carlton.samuels at gmail.com
Thu Aug 8 15:21:31 UTC 2013
Hi Christian:
Other than for a fringe element, it is generally accepted that registration
data is collected and necessarily so. The contentions surround what is
collected, purpose of collection, access to what is collected and use of
that data. The EWG focused on these areas by exploring what we call use
cases since the contentious elements converged here. Facilitating the
access issues in particular meant we focused on the dataset collected and
fitness to purpose and who should have access and for what purpose, all in
context of maintaining a healthy DNS.
In this same context, some purposes of use were deemed to be 'good', others
'bad'. At least in our judgment. And all this is before 'on the fly
re-purposing' is contemplated.
The overall objective of a new arrangement then is a system that is
maximized to service the 'good' purposes and drastically reduce, if not
eliminate, the 'bad' ones. At least in our judgment.
The account of 'good' purposes is the judgment of a small group. So if our
premise is to go forward and guide solution, we would seek to have a wider
judgment on these purposes delivered; hence the 'adjudication', meaning
acknowledged and agreed. The extension principle is assumed here so other
judgments are welcome.
Best,
-Carlton
==============================
Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*
=============================
On Thu, Aug 8, 2013 at 2:58 AM, Christian de Larrinaga
<cdel at firsthand.net>wrote:
> Carlton,
>
> Forgive me as someone who is jumping in "blind" to this thread. Clearly
> a lot of work and deep thought has gone into these ideas.
>
> However I don't understand what is meant by the phrase 'adjudicated
> *purpose* across all domains'.
>
> As a general nod I would have thought that defining 'purpose' or
> 'purposes' is critical as otherwise mission creep is built in and any
> principles if not set in legal stone globally that is in each and every
> significant jurisdiction with a responsible entity over a gtld registry
> won't be dependable.
>
> Are such purposes clearly defined or acknowledged or likely to be agreed?
>
> best
>
>
> Christian
>
>
>
> Carlton Samuels wrote:
> > Dear All:
> > I made a significant error in Principle #4. The word 'need' should be
> > replaced with 'purpose'. The Principle then becomes:
> >
> > 4. That access to all other data elements beyond the core set available
> for
> > universal access be
> > restricted and only allowed based on adjudicated *purpose* across all
> > domains
> >
> > Carlton
> >
> >
> > ==============================
> > Carlton A Samuels
> > Mobile: 876-818-1799
> > *Strategy, Planning, Governance, Assessment & Turnaround*
> > =============================
> >
> >
> > On Mon, Aug 5, 2013 at 4:57 PM, Carlton Samuels
> > <carlton.samuels at gmail.com>wrote:
> >
> >> All the points raised have been in discussion in the EWG. Some of the
> >> ideas here about treating the access issues have also been introduced.
> The
> >> core idea is that use cases are consistent with safeguarding the
> stability
> >> and security and retention of user confidence in the DNS. Thus any
> nextgen
> >> RDS must, at minumum, meet these obligations even as it addresses the
> >> existing vexed disabilities.
> >>
> >> That said and for clarification, the EWG is generally wary of adopting a
> >> coloration that could be construed as promoting implementation schemes
> or
> >> usurping those responsibilities. Rather, its objective is to clearly
> >> expound the principles that must undergird the nextgen registration data
> >> services and deliver those to the PDP process via the ICANN Board. We
> are
> >> also very keen to ensure clarity of our thinking is communicated,
> >> especially for the more controversial issues. So after much argument, a
> >> very strong consensus was adopted. We collectively accepted that in
> >> instances where details that could reasonably be inferred as design
> >> criteria are necessary to full understanding of a proposal, the clarity
> >> objective supercede all others.
> >>
> >> The rationale for an aggregated gTLD registration database rests on five
> >> (5) compelling principles:
> >> 1. That registration data elements meet defined accuracy standards
> across
> >> all domains
> >> 2. That there must be universal access to a small defined core set of
> data
> >> elements for each
> >> and every registration
> >> 3. That a data privacy regime of sufficient malleability be adopted for
> >> implementation in
> >> keeping with existing legal privacy frameworks across all domains
> >> 4. That access to all other data elements beyond the core set available
> >> for universal access be
> >> restricted and only allowed based on adjudicated need across all
> >> domains
> >> 5. An authoritative third party compliance mechanism is enabled to
> ensure
> >> 1 - 4
> >>
> >> Now, are there other principles that should be embraced? Maybe. Let us
> >> be clear, these are open for revision and extension.
> >>
> >> Obviously, agency is critical to implementation. I am pleased to see
> >> recognized here the distinction between the logical and physical
> database
> >> and, even the likely implementation scenarios surrounding, placement
> being
> >> just one. Yes, cross-border jurisdictional issues and asymmetric
> privacy
> >> regimes in respect of multi-modal access will be impactful and are also
> >> critical considerations. Working groups have been raised to 'deep dive'
> >> these matters and I'm co-opted to both.
> >>
> >> We meet in DC Aug 27-30 to advance the work. I am also co-opted
> >>
> >> -Carlton
> >>
> >>
> >> ==============================
> >> Carlton A Samuels
> >> Mobile: 876-818-1799
> >> *Strategy, Planning, Governance, Assessment & Turnaround*
> >> =============================
> >>
> >>
> >> On Sun, Aug 4, 2013 at 8:25 PM, Roberto Gaetano <
> >> roberto_gaetano at hotmail.com> wrote:
> >>
> >>> Holly,
> >>> This is where the ALAC advice can be different from the WG members'
> >>> advice.
> >>> While the WG might be struggling with implementation issues, ALAC,
> being
> >>> an
> >>> advisory body on *policy* and not on *implementation*, shall
> concentrate
> >>> on
> >>> the requirements for the database.
> >>> In short, we can require that the data shall be retrieved only via the
> >>> interface. Or set benchmark criteria.
> >>> I don't believe we can get into geopolitics, and name countries that
> >>> should
> >>> not "own" the database.
> >>> As for the technical solution, whether the database is located in a
> >>> country
> >>> that has specific privacy rights prevailing over judge orders, or
> whether
> >>> the database is split in parts that are distributed in different
> countries
> >>> so that no one country can have the full information on any registrant,
> >>> that
> >>> is beyond our mandate.
> >>> Long story short, I agree with your approach.
> >>> Cheers,
> >>> R.
> >>>
> >>> PS: At some point in time we need to deal also with the fact that EU
> laws
> >>> prohibit the transfer of personal data outside Europe without the
> consent
> >>> of
> >>> the registrant
> >>>
> >>>
> >>>> -----Messaggio originale-----
> >>>> Da: at-large-bounces at atlarge-lists.icann.org [mailto:at-large-
> >>>> bounces at atlarge-lists.icann.org] Per conto di Holly Raiche
> >>>> Inviato: lunedì 5 agosto 2013 02:37
> >>>> A: At-Large Worldwide
> >>>> Oggetto: Re: [At-Large] R: Implementing WHOIS Requirements per RAA
> 2013
> >>>>
> >>>> Thank you Karl and Roberto for your comments
> >>>>
> >>>> Roberto, the location of the ARDS is absolutely front and centre as an
> >>> issue.
> >>>> Some of the immediate comments I heard was to insist the database NOT
> >>> be
> >>>> located in the US (followed by a long list of other undesirable
> >>> locations). I
> >>>> would imagine places like Geneva or Brussels (or Finland) would be
> more
> >>>> easily accepted. But I think the better solution is to describe the
> >>> venue
> >>> in
> >>>> terms of strict and enforceable (and enforced) privacy laws. - set
> >>> benchmark
> >>>> criteria at the least.
> >>>>
> >>>> Other issues that were discussed on the day included enforcement - by
> >>>> whom (ICANN's compliance department has not covered itself with glory
> on
> >>>> this one), and defining who can have access to what data.
> >>>>
> >>>> Holly
> >>>>
> >>>>
> >>>>
> >>>> On 05/08/2013, at 10:13 AM, Roberto Gaetano wrote:
> >>>>
> >>>>> I can provide one point for thoughts, that ALAC might think to
> include
> >>>>> in the feedback.
> >>>>> During the presentation, and in the text of the report, there is a
> >>>>> description of how to design access to data in a way that it will be
> >>>>> dependent on the rights the accessing entity has.
> >>>>> However, there is one entity that might gain full access to all data,
> >>>>> and this is the government of the country where the database will be
> >>>>> physically located.
> >>>>> I had a chat with Michele on this, and he assured me that this is one
> >>>>> point that came already out, and will be discussed to find an
> >>> acceptable
> >>>> solution.
> >>>>> I have no clue about the dynamics of the WG, I am sure, knowing
> >>>>> Carlton, that our points have been expressed loudly, but maybe a
> >>>>> little help from an official ALAC statement can help.
> >>>>> Let's put it this way: other constituencies and stakeholder groups
> >>>>> will not be shy in making statements that will push further their
> >>>>> opinion and needs, beyond what was the acceptable consensus of the
> WG:
> >>>>> why should ALAC avoid providing feedback? Michele is absolutely right
> >>>>> when he calls for further input, he knows some will speak up anyway,
> >>> it
> >>> is
> >>>> fair if all do.
> >>>>> Elaborating on the localization of the database, that we know is an
> >>>>> issue, is there something we can suggest? We do not need to provide
> >>>>> the technical solution, but can we spell out the requirements for
> >>>>> making sure that no specific entity will be more equal than others?
> >>>>> Cheers,
> >>>>> Roberto
> >>>>>
> >>>>>
> >>>>>> -----Messaggio originale-----
> >>>>>> Da: at-large-bounces at atlarge-lists.icann.org [mailto:at-large-
> >>>>>> bounces at atlarge-lists.icann.org] Per conto di Holly Raiche
> >>>>>> Inviato: domenica 4 agosto 2013 23:08
> >>>>>> A: At-Large Worldwide
> >>>>>> Oggetto: Re: [At-Large] Implementing WHOIS Requirements per RAA 2013
> >>>>>>
> >>>>>> Hi Carlton
> >>>>>>
> >>>>>> Thanks for this.
> >>>>>>
> >>>>>> My one concern about ALAC not developing its own input is that, at
> >>>>>> the GNSO meeting Evan and I attended (and where Michele presented),
> >>>>>> he specifically asked, indeed pleaded for feedback from everyone.
> >>>>>>
> >>>>>> I am sure that you will be taking the views that we have discussed
> to
> >>>>>> the EWG. But I think my question is whether it would not make sense
> >>>>>> to have official ALAC input on this particular proposal. It is
> >>>>>> different enough
> >>>>> so that
> >>>>>> ALAC statements in the past are not applicable to this proposal.
> >>> And,
> >>> as
> >>>>> the
> >>>>>> discussion between Garth, you, Evan, Rinalia and I showed in Durban,
> >>>>>> there are different views on the proposal within ALAC.
> >>>>>>
> >>>>>> For example, should we give the many reforms to the RAA a chance to
> >>>>>> work first? Should compliance be left to the compliance area within
> >>>>>> ICANN or to this new proposed ARDS? And what happens to the RAA
> >>>>>> requirements on verification if the ARDS takes over that function,
> as
> >>>>>> well as being the gatekeeper for access to data. It is a new road
> >>>>>> with much to commend it
> >>>>> but,
> >>>>>> as our discussions showed, some real reservations, and some real
> >>>>>> differences even within ALAC.
> >>>>>>
> >>>>>> I trust you to reflect those differences, but worry that you don't
> >>>>>> have
> >>>>> official
> >>>>>> ALAC statements to support what you are saying.
> >>>>>>
> >>>>>> Just please keep us informed of ongoing discussions.
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>> Holly
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 05/08/2013, at 6:23 AM, Carlton Samuels wrote:
> >>>>>>
> >>>>>>> Hi Holly:
> >>>>>>> I should think not; this was an advisory and in any event, we have
> >>>>>>> spoken often and endorsed the collection of the entire dataset as
> >>>>>>> defined in the specs.
> >>>>>>>
> >>>>>>> Regarding the EWG work, there was talk of placing an official ALAC
> >>>>>>> response to invitation for comments. Since I'm a member of the
> EWG,
> >>>>>>> speaking aloud to myself might very well be considered just
> desserts
> >>>>>>> in some quarters and as such not to be encouraged. So I will exempt
> >>>>> myself
> >>>>>> from that process.
> >>>>>>> Best,
> >>>>>>> -Carlton
> >>>>>>>
> >>>>>>>
> >>>>>>> ==============================
> >>>>>>> Carlton A Samuels
> >>>>>>> Mobile: 876-818-1799
> >>>>>>> *Strategy, Planning, Governance, Assessment & Turnaround*
> >>>>>>> =============================
> >>>>>>>
> >>>>>>>
> >>>>>>> On Thu, Aug 1, 2013 at 10:46 PM, Holly Raiche
> >>>>>> <h.raiche at internode.on.net>wrote:
> >>>>>>>> Hi Carlton
> >>>>>>>>
> >>>>>>>> It doesn't look like they are looking for any input from anyone -
> >>>>>>>> except registrars. Am I right?
> >>>>>>>>
> >>>>>>>> And a related question - is ALAC making a statement of the EWG
> >>>>>>>> Initial Report. I don't see anything on the policy page, but my
> >>>>>>>> understanding was that they were looking for feedback?
> >>>>>>>>
> >>>>>>>> Holly
> >>>>>>>> On 02/08/2013, at 2:50 AM, Carlton Samuels wrote:
> >>>>>>>>
> >>>>>>>>> See the details here:
> >>>>>>>>> http://www.icann.org/en/news/announcements/announcement-
> >>>>>> 31jul13-en.h
> >>>>>>>>> tm
> >>>>>>>>>
> >>>>>>>>> -Carlton
> >>>>>>>>>
> >>>>>>>>> ==============================
> >>>>>>>>> Carlton A Samuels
> >>>>>>>>> Mobile: 876-818-1799
> >>>>>>>>> *Strategy, Planning, Governance, Assessment & Turnaround*
> >>>>>>>>> =============================
> >>>>>>>>> _______________________________________________
> >>>>>>>>> At-Large mailing list
> >>>>>>>>> At-Large at atlarge-lists.icann.org
> >>>>>>>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >>>>>>>>>
> >>>>>>>>> At-Large Official Site: http://atlarge.icann.org
> >>>>>>>> _______________________________________________
> >>>>>>>> At-Large mailing list
> >>>>>>>> At-Large at atlarge-lists.icann.org
> >>>>>>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >>>>>>>>
> >>>>>>>> At-Large Official Site: http://atlarge.icann.org
> >>>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> At-Large mailing list
> >>>>>>> At-Large at atlarge-lists.icann.org
> >>>>>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >>>>>>>
> >>>>>>> At-Large Official Site: http://atlarge.icann.org
> >>>>>> _______________________________________________
> >>>>>> At-Large mailing list
> >>>>>> At-Large at atlarge-lists.icann.org
> >>>>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >>>>>>
> >>>>>> At-Large Official Site: http://atlarge.icann.org
> >>>>> _______________________________________________
> >>>>> At-Large mailing list
> >>>>> At-Large at atlarge-lists.icann.org
> >>>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >>>>>
> >>>>> At-Large Official Site: http://atlarge.icann.org
> >>>> _______________________________________________
> >>>> At-Large mailing list
> >>>> At-Large at atlarge-lists.icann.org
> >>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >>>>
> >>>> At-Large Official Site: http://atlarge.icann.org
> >>> _______________________________________________
> >>> At-Large mailing list
> >>> At-Large at atlarge-lists.icann.org
> >>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >>>
> >>> At-Large Official Site: http://atlarge.icann.org
> >>>
> >>
> > _______________________________________________
> > At-Large mailing list
> > At-Large at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >
> > At-Large Official Site: http://atlarge.icann.org
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>
> At-Large Official Site: http://atlarge.icann.org
>
More information about the At-Large
mailing list