<div dir="auto">Very right Farzaneh,<div dir="auto">Especially considering the reported embedding of security chips at African Union (AU) headquarters in Addis which facilitates interface with a server on Shanghai.</div><div dir="auto">Regards</div><div dir="auto">Remmy</div><div dir="auto"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 29 Jan 2018 7:13 pm, "farzaneh badii" <<a href="mailto:farzaneh.badii@gmail.com">farzaneh.badii@gmail.com</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">Thank you Kathy, now I can see arguments for the ECO model that are substantive. Unfortunately I have not studied it. But I made inquiries into law enforcement access under eco model. Here is the answer</div><div dir="auto"><br></div><div dir="auto"><p class="MsoNormal" style="color:rgb(49,49,49);word-spacing:1px"><span style="font-size:0.9166666865348816rem;font-family:Calibri,sans-serif;color:rgb(31,73,125)">The section of the eco model on WHOIS data only refers to WHOIS data within the outlined scope of the GDPR. In most cases where personal data of EU citizens is being processed, EU data protection law applies. As a result, disclosure of<b><i style="font-size:0.9166666865348816rem"> Whois data of EU citizens</i></b> to LEAs (both EU as well as non-EU) is only allowed if it can be justified under EU law (also including laws on international legal assistance).<u></u><u></u></span></p><div dir="auto"><font color="#1f497d" face="Calibri, sans-serif"><span style="font-size:14.666666984558105px">So access of law enforcement to information will be very limited under this model and has to be based on EU and international legal assistance law. But remember that this only applies to EU citizens. We still have to see what will happen to the rest of the world. </span></font></div><div dir="auto"><font color="#1f497d" face="Calibri, sans-serif"><span style="font-size:14.666666984558105px"><br></span></font></div><div dir="auto"><br></div></div></div><div class="elided-text"><div><div><br><div class="gmail_quote"><div>On Mon, Jan 29, 2018 at 12:39 PM Stephanie Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.<wbr>utoronto.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">+1 <br>
</font></font></p></div><div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Stephanie Perrin</font></font><br>
</p></div><div text="#000000" bgcolor="#FFFFFF">
<div class="m_-5328991347285391299m_-5859345316369050439m_2062314011725437626moz-cite-prefix">On 2018-01-29 12:35, Kathy Kleiman
wrote:<br>
</div>
<blockquote type="cite">All,
<br>
<br>
I've been traveling (now at NamesCon) and would like to weigh on.
I like the ECO model. Here is some information about it with a
link to the detailed, technical proposal developed by a number of
registries and registrars, in the EU and outside, in conjunction
with Thomas Rickert -
<a class="m_-5328991347285391299m_-5859345316369050439m_2062314011725437626moz-txt-link-freetext" href="https://international.eco.de/2018/news/data-protection-and-the-domain-industry-eco-submits-data-model-to-icann.html" target="_blank">https://international.eco.de/<wbr>2018/news/data-protection-and-<wbr>the-domain-industry-eco-<wbr>submits-data-model-to-icann.<wbr>html</a><br>
<br>
1. What I like about includes the following:
<br>
<br>
1. The ECO model engages in data minimization. It strips down the
data registrars will actually collect for domain name registration
purposes to just registrant data -- not technical contact, not
administrative contact. That's a good step since we've been
collecting basically the same data since NSFNET. Less data; less
exposure.
<br>
<br>
2. It protects the data of individuals and organizations. This is
a fundamental concept that NCSG and NCUC have been pushing,
teaching, educating and advocating for the last 15 years of the
WHOIS discussion. We (NCUC/NPOC/NCSG) represent organizations and
individuals -- all engaged in noncommercial speech! These include
political, religious, and gender groups all over the world.
Battered women's shelters, mosques/synagogues/churches located in
areas where they are unpopular, LGBTQ communities, political
minorities. They are legal persons (that's how you get insurance
to protect the battered women's facility), but they are also
exposed for the speech positions that they take. This is not a
hypothetical; I have dealt with concerns for the physical safety
of human rights groups and dissident speakers around the world for
almost 20 years. Fortunately, organizations such as these are
protected under the GPDR laws that protect not only "personal
data" but "sensitive data." I can expand much more (and will in
future emails :-)), but for now let me share how pleased I was to
see that the ECO model protected both legal persons and
individuals -- including organizations exposed for the very speech
they share and services they provide (like women's health care and
education) (note: Model 2B protects legal persons too, but not
Model 3).
<br>
<br>
3. It's implementable in the short time. Face it, there's not much
time. Systems have to be changed and that takes time. The
registries and registrars, including those on the front lines in
Europe, worked hard on this model. It's "doable" and means they
can move rapidly into compliance with the GDPR rules.
<br>
<br>
4. It is not unlimited access to the data. Other models proposed
for access had credentialing of the organization -- e.g., a whole
law firm could access unlimited Whois data including all
paralegals and attorneys. A unaccountable process. In the ECO
model, individual attorneys have to certify not only their legal
credentials, but their reasons for each individual access to the
new WHOIS database. This access can be checked and audited.
Violations can be found, noted, published and access blocked. It's
not perfect, but it's far, far better than what we have now.
<br>
<br>
Best regards, Kathy
<br>
<br>
p.s. apologies for the double posting, but I don't think the lists
of NCSG and NCUC fully overlap.
<br>
<br>
______________________________<wbr>_________________
<br>
Ncuc-discuss mailing list
<br>
<a class="m_-5328991347285391299m_-5859345316369050439m_2062314011725437626moz-txt-link-abbreviated" href="mailto:Ncuc-discuss@lists.ncuc.org" target="_blank">Ncuc-discuss@lists.ncuc.org</a>
<br>
<a class="m_-5328991347285391299m_-5859345316369050439m_2062314011725437626moz-txt-link-freetext" href="https://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss" target="_blank">https://lists.ncuc.org/cgi-<wbr>bin/mailman/listinfo/ncuc-<wbr>discuss</a>
<br>
</blockquote>
</div>
______________________________<wbr>_________________<br>
Ncuc-discuss mailing list<br>
<a href="mailto:Ncuc-discuss@lists.ncuc.org" target="_blank">Ncuc-discuss@lists.ncuc.org</a><br>
<a href="https://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss" rel="noreferrer" target="_blank">https://lists.ncuc.org/cgi-<wbr>bin/mailman/listinfo/ncuc-<wbr>discuss</a><br>
</blockquote></div></div></div></div><font color="#888888"><div dir="ltr">-- <br></div><div class="m_-5328991347285391299gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><font face="verdana, sans-serif">Farzaneh </font></div></div></div>
</font><br>______________________________<wbr>_________________<br>
Ncuc-discuss mailing list<br>
<a href="mailto:Ncuc-discuss@lists.ncuc.org">Ncuc-discuss@lists.ncuc.org</a><br>
<a href="https://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss" rel="noreferrer" target="_blank">https://lists.ncuc.org/cgi-<wbr>bin/mailman/listinfo/ncuc-<wbr>discuss</a><br>
<br></blockquote></div><br></div>