[NCUC-DISCUSS] Support of the ECO model

farzaneh badii farzaneh.badii at gmail.com
Mon Jan 29 19:13:08 CET 2018


Thank you Kathy, now I can see arguments for the ECO model that are
substantive. Unfortunately  I have not studied it. But I made inquiries
into law enforcement access under eco model. Here is the answer

The section of the eco model on WHOIS data only refers to WHOIS data within
the outlined scope of the GDPR. In most cases where personal data of EU
citizens is being processed, EU data protection law applies. As a result,
disclosure of* Whois data of EU citizens* to LEAs (both EU as well as
non-EU) is only allowed if it can be justified under EU law (also including
laws on international legal assistance).
So access of law enforcement to information will be very limited under this
model and has to be based on EU and international legal assistance law. But
remember that this only applies to EU citizens. We still have to see what
will happen to the rest of the world.



On Mon, Jan 29, 2018 at 12:39 PM Stephanie Perrin <
stephanie.perrin at mail.utoronto.ca> wrote:

> +1
>
> Stephanie Perrin
> On 2018-01-29 12:35, Kathy Kleiman wrote:
>
> All,
>
> I've been traveling (now at NamesCon) and would like to weigh on. I like
> the ECO model.  Here is some information about it with a link to the
> detailed, technical proposal developed by a number of registries and
> registrars, in the EU and outside, in conjunction with Thomas Rickert -
> https://international.eco.de/2018/news/data-protection-and-the-domain-industry-eco-submits-data-model-to-icann.html
>
> 1. What I like about includes the following:
>
> 1. The ECO model engages in data minimization. It strips down the data
> registrars will actually collect for domain name registration purposes to
> just registrant data -- not technical contact, not administrative contact.
> That's a good step since we've been collecting basically the same data
> since NSFNET. Less data; less exposure.
>
> 2. It protects the data of individuals and organizations. This is a
> fundamental concept that NCSG and NCUC have been pushing, teaching,
> educating and advocating for the last 15 years of the WHOIS discussion. We
> (NCUC/NPOC/NCSG) represent organizations and individuals -- all engaged in
> noncommercial speech!  These include political, religious, and gender
> groups all over the world. Battered women's shelters,
> mosques/synagogues/churches located in areas where they are unpopular,
> LGBTQ communities, political minorities. They are legal persons (that's how
> you get insurance to protect the battered women's facility), but they are
> also exposed for the speech positions that they take. This is not a
> hypothetical; I have dealt with concerns for the physical safety of human
> rights groups and dissident speakers around the world for almost 20 years.
> Fortunately, organizations such as these are protected under the GPDR laws
> that protect not only "personal data" but "sensitive data."  I can expand
> much more (and will in future emails :-)), but for now let me share how
> pleased I was to see that the ECO model protected both legal persons and
> individuals -- including organizations exposed for the very speech they
> share and services they provide (like women's health care and education)
> (note: Model 2B protects legal persons too, but not Model 3).
>
> 3. It's implementable in the short time. Face it, there's not much time.
> Systems have to be changed and that takes time. The registries and
> registrars, including those on the front lines in Europe, worked hard on
> this model. It's "doable" and means they can move rapidly into compliance
> with the GDPR rules.
>
> 4. It is not unlimited access to the data. Other models proposed for
> access had credentialing of the organization -- e.g., a whole law firm
> could access unlimited Whois data including all paralegals and attorneys. A
> unaccountable process. In the ECO model, individual attorneys have to
> certify not only their legal credentials, but their reasons for each
> individual access to the new WHOIS database. This access can be checked and
> audited. Violations can be found, noted, published and access blocked. It's
> not perfect, but it's far, far better than what we have now.
>
> Best regards, Kathy
>
> p.s. apologies for the double posting, but I don't think the lists of NCSG
> and NCUC fully overlap.
>
> _______________________________________________
> Ncuc-discuss mailing list
> Ncuc-discuss at lists.ncuc.org
> https://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>
> _______________________________________________
> Ncuc-discuss mailing list
> Ncuc-discuss at lists.ncuc.org
> https://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>
-- 
Farzaneh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20180129/3cded002/attachment.html>


More information about the Ncuc-discuss mailing list