[NCUC-DISCUSS] Expert Working Group on gTLD Directory Services - overview & questions
Marc Perkel
marc at churchofreality.org
Mon Jul 15 06:21:13 CEST 2013
I'll state my position as simply as possible. If you put WHOIS in a
single database the NSA will get it. Single point of failure. There is
no reason that you can give me to justify this.
Just say NO!
On 7/15/2013 5:55 AM, Kathy Kleiman wrote:
> Hi All,
> As promised, I am circulating an overview and questions prior to the
> Expert Working Group on gTLD Directory Services meeting today. This is
> the "next generation Whois" working group and Stephanie Perrin fought
> hard for privacy for Registrants and accountability for those Using
> the Data.
>
> But many of the proposals concern me and Wendy and others, especially
> this idea that all gTLD Registrant Data would be compiled into a
> single Centralized database (called the Aggregated RDS or "ARDS").
> It's a fortress, with privacy protections and guards at the gate, but
> seemingly broad and vague purposes for accessing the data. Also, the
> data appears to not be minimized for "technical purposes" but rather
> maximized and expanded for every imaginable purpose including not only
> name, address, phone and email, but also the IP Address from which the
> Domain Name was registered, the Purpose of the Domain Name and even
> the "Registrant Type" (reducing the gray spectrum of individuals,
> hobbyists, informal organizations, formal organizations,
> entrepreneurs, small businesses, home-based businesses, medium and
> large businesses to "Legal/Natural Person, Proxy/Third Party.")
>
> I really wanted to like this report, but on review, I see a lot to
> worry about and question. Please join me in asking questions (as one
> person can only ask so many). Together perhaps we can raise not only
> privacy aspects of the proposal, but show that the NCUC Privacy
> Community is watching closely and concerned.
>
> /*Expert Working Group main meeting is Monday, Hall 6 at 2:45pm Durban
> time (8:45 am Eastern; 5:45 am Pacific).*/
>
> Some questions below. Also, some documents attached:
> 1) My quick overview of EWG goals and my initial concerns (attached)
> 2) Expert Working Group Executive Summary (attached)
> 3) Expert Working Group Full Report --
> http://www.icann.org/en/groups/other/gtld-directory-services/initial-report-24jun13-en.pdf
>
> *Questions (please add more!)**:*
> 1)Is the Expert Working Group really recommending that every element
> of the existing Whois be included in this Centralized Database,
> including name, address and phone, and also never-before-collected
> data elements such as the Purpose of the Domain Name (and whether it
> is commercial or non-commercial -- a long abandoned concept because
> most domain names of individuals and organized have elements of both
> fundraising and noncommercial protected speech).
>
> 2)If the registrant data will now be held by the Registrar, Registry
> and Centralized Database, how is all access routed to only one
> source? Won't law enforcement and others seeking the data have three
> places from which to request it? If not, how can ICANN limit the
> cooperation of a Registry and its national government, for example?
>
> 3)How can the Centralized Database know what is a valid purpose or
> invalid purpose? Won't requesters say the right thing to get the
> data? But without any threshold or required showing of need or
> problems, doesn't it all amount to a bottom line of -- I want the data
> and have shown you that I exist?
>
> 4)How can/will abuse of EWG data be monitored and controlled?
> Including by law enforcement? If the limitation and policing are not
> done upfront, don't we impose a huge burden on the registrant for
> policing?
>
> h
>
> 5)How easy will it be for the Registrant will be able to find out who
> is searching his/her/its data?
>
> 6)Isn't the new model imposing major new risks -- including Big Data,
> new data elements (with no proposal to streamline or limit data) and
> searching across all gTLDs on a massive scale that is impossible today?
>
> 7)Do privacy protections for the Centralized Database depend on where
> it is located?Who would determine that - the EWG? ICANN? The GNSO?
>
> 8)A Risk Analysis seems critical -- and very, very soon.When will that
> take place and when will its results become known to the ICANN Community?
>
> 9)Authentication of those requesting the Registrant Data, as proposed
> by EWG, is a good idea. Credentialing (also as proposed by EWG) may
> not be --as it seems to imply that the same person or law firm or law
> enforcement agency gets access again and again to the Centralized
> Database of Registrant Data -- rather like a library card for books at
> a public library. Is this analysis right or wrong?
>
> 10)How can the bad actor category include that bad actors come from
> nearly every category of user -- and not just spammers?Bad actors in
> the Whois space include intellectual property attorneys, individuals
> and even law enforcement: who go "fishing" and explore for bad acts
> beyond any real proof or specific allegation, and those who seek to
> find registrants for the purpose of harassment and intimidation
> (including to give up domain names they are otherwise entitled to) and
> disclosure of physical location (to harass, stalk and intimidate,
> e.g.,for purposes of physical violence or to stop exercise of
> unpopular free speech positions).[There is considerable use of Whois
> data currently to allow big companies and entities to intimidate
> individuals, organizations and small/home-based businesses.]
>
> 11)Why have 3 places that individuals, attorneys and law enforcement
> can get data: Registrars, Registries and Centralized Database?If
> that's not the case, what stops law enforcement from going to a
> Registry in their country for the data directly? What stops this from
> being a 3-way shopping path?
>
>
>
>
> _______________________________________________
> Ncuc-discuss mailing list
> Ncuc-discuss at lists.ncuc.org
> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20130715/6122574f/attachment-0001.html>
-------------- next part --------------
_______________________________________________
Ncuc-discuss mailing list
Ncuc-discuss at lists.ncuc.org
http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
More information about the Ncuc-discuss
mailing list