[NCUC-DISCUSS] Support of the ECO model

Mon Jan 29 18:39:04 CET 2018

+1

Stephanie Perrin

On 2018-01-29 12:35, Kathy Kleiman wrote:
> All,
>
> I've been traveling (now at NamesCon) and would like to weigh on. I 
> like the ECO model.  Here is some information about it with a link to 
> the detailed, technical proposal developed by a number of registries 
> and registrars, in the EU and outside, in conjunction with Thomas 
> Rickert - 
> https://international.eco.de/2018/news/data-protection-and-the-domain-industry-eco-submits-data-model-to-icann.html
>
> 1. What I like about includes the following:
>
> 1. The ECO model engages in data minimization. It strips down the data 
> registrars will actually collect for domain name registration purposes 
> to just registrant data -- not technical contact, not administrative 
> contact. That's a good step since we've been collecting basically the 
> same data since NSFNET. Less data; less exposure.
>
> 2. It protects the data of individuals and organizations. This is a 
> fundamental concept that NCSG and NCUC have been pushing, teaching, 
> educating and advocating for the last 15 years of the WHOIS 
> discussion. We (NCUC/NPOC/NCSG) represent organizations and 
> individuals -- all engaged in noncommercial speech!  These include 
> political, religious, and gender groups all over the world. Battered 
> women's shelters, mosques/synagogues/churches located in areas where 
> they are unpopular, LGBTQ communities, political minorities. They are 
> legal persons (that's how you get insurance to protect the battered 
> women's facility), but they are also exposed for the speech positions 
> that they take. This is not a hypothetical; I have dealt with concerns 
> for the physical safety of human rights groups and dissident speakers 
> around the world for almost 20 years.  Fortunately, organizations such 
> as these are protected under the GPDR laws that protect not only 
> "personal data" but "sensitive data."  I can expand much more (and 
> will in future emails :-)), but for now let me share how pleased I was 
> to see that the ECO model protected both legal persons and individuals 
> -- including organizations exposed for the very speech they share and 
> services they provide (like women's health care and education) (note: 
> Model 2B protects legal persons too, but not Model 3).
>
> 3. It's implementable in the short time. Face it, there's not much 
> time. Systems have to be changed and that takes time. The registries 
> and registrars, including those on the front lines in Europe, worked 
> hard on this model. It's "doable" and means they can move rapidly into 
> compliance with the GDPR rules.
>
> 4. It is not unlimited access to the data. Other models proposed for 
> access had credentialing of the organization -- e.g., a whole law firm 
> could access unlimited Whois data including all paralegals and 
> attorneys. A unaccountable process. In the ECO model, individual 
> attorneys have to certify not only their legal credentials, but their 
> reasons for each individual access to the new WHOIS database. This 
> access can be checked and audited. Violations can be found, noted, 
> published and access blocked. It's not perfect, but it's far, far 
> better than what we have now.
>
> Best regards, Kathy
>
> p.s. apologies for the double posting, but I don't think the lists of 
> NCSG and NCUC fully overlap.
>
> _______________________________________________
> Ncuc-discuss mailing list
> Ncuc-discuss at lists.ncuc.org
> https://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20180129/728307aa/attachment.html>