Re: ICANN GDPR lawsuit

[Badiei, Farzaneh]

And here is the court decision, 
https://www.icann.org/en/system/files/files/litigation-icann-v-epag-request-court-order-prelim-injunction-redacted-30may18-en.pdf


gotta love the German wisdom:


The Application for preliminary injunction of May 25, 2018 is rejected at the 
expense of the Applicant.


"Insofar as the Applicant bases its claim to relief on a parallel of the 
so-called "WHOIS" system to international agreements on trade mark registers, 
the Chamber is unable to follow this. The legal basis for the trademark 
registers on the basis of international agreements is missing in relation to 
the "WHOIS" service claimed by the Applicant. The fundamental comparability of 
the respective general need for protection does not change this."


From: NANOG  on behalf of John Levine 
Sent: Wednesday, May 30, 2018 11:16:08 PM
To: nanog@nanog.org
Subject: Re: ICANN GDPR lawsuit

In article  you write:
>http://www.circleid.com/posts/20180527_icann_files_legal_action_against_domain_registrar_whois_data/

Elliot said that if he had to choose between fighting ICANN and
fighting governments, he'd fight ICANN.  I can't blame him.

http://www.tucows.com/tucows-statement-on-icann-legal-action/

R's,
John

Re: Whois vs GDPR, latest news

[Badiei, Farzaneh]

The privacy implications that WHOIS had for domain name registrants was not 
only acknowledged by Europe. For a long time we were in a battle to get minimum 
privacy for domain registrants and the privacy proxy services provided some 
sort of relief. But the intellectual property interest with the backing of 
governments always dominated the discussions. otherwise IETF had recognized the 
privacy issues of WHOIS as early as 2002 and protocols were recommended that 
could respect registrants privacy rights.

This was not solely a European issue. It was a global issue and with GDPR 
coming into effect it only made the process faster and diluted the power of ip 
people and those who were piggy backing on their power. It's time to move on. 
GDPR is not a great law but a community that for so many years violated the 
privacy rights of domain name registrants had to be somehow stopped. It's 
unfortunate that we didn't deal with this through innovative ways... But  
saying Europe and GDPR brought this upon us is false.

Get Outlook for iOS

From: NANOG  on behalf of Brian Kantor 
Sent: Thursday, May 17, 2018 10:23:22 AM
To: North American Network Operators' Group
Subject: Re: Whois vs GDPR, latest news

An article in The Register on the current status of Whois and the GDPR.

https://www.theregister.co.uk/2018/05/16/whois_privacy_shambles/

Re: Is WHOIS going to go away?

[Badiei, Farzaneh]

Dear John,


The days when some in the technical community could just discard others 
arguments by saying that  "[you] have no idea how the Internet works" have long 
passed. I will not get intimidated nor will I step back. Old tricks, won't 
work, it's as old as the dysfunctional WHOIS and will disappear.


Also your last paragraph obliges me to clarify: it's not always a "he" that 
might be arguing! it's sometimes, though might it be rarely, a "she".


No one asked to protect people from their governments (I have heard this before 
as well). But also people should not be endangered or even minimally disturbed 
by making their personal information public. There are many many scenarios when 
personal information can be abused, and governments might not be involved.


I might not know as much as you do about how the Internet works. But I know one 
thing: There will be a change. The convenience of security researchers and 
trademark owners is not going to be set above domain name registrants right to 
data protection. But I am sure the cybersecurity community can come up with a 
more creative way of preserving cybersecurity without relying on using personal 
information of domain name registrants and violating their rights!


Farzaneh




In article <23257.12824.250276.763...@gargle.gargle.howl> you write:
>So you think restricting WHOIS access will protect dissidents from
>abusive governments?
>
>Of all the rationalizations that one seems particularly weak.

Oh, you're missing the point.  This is a meme that's been floating
around in academia for a decade: the brave dissident who somehow has
managed to find web hosting, e-mail, broadband, and mobile phone
service but for whom nothing stands between her and certain death but
the proxy whois on her vanity domain.

If someone makes this argument you can be 100% sure he's parroting
something he heard somewhere and has no idea how the Internet actually
works.



From: NANOG  on behalf of John Levine 
Sent: Thursday, April 19, 2018 10:43 PM
To: nanog@nanog.org
Cc: b...@theworld.com
Subject: Re: Is WHOIS going to go away?

In article <23257.12824.250276.763...@gargle.gargle.howl> you write:
>So you think restricting WHOIS access will protect dissidents from
>abusive governments?
>
>Of all the rationalizations that one seems particularly weak.

Oh, you're missing the point.  This is a meme that's been floating
around in academia for a decade: the brave dissident who somehow has
managed to find web hosting, e-mail, broadband, and mobile phone
service but for whom nothing stands between her and certain death but
the proxy whois on her vanity domain.

If someone makes this argument you can be 100% sure he's parroting
something he heard somewhere and has no idea how the Internet actually
works.

R's,
John

RE: Is WHOIS going to go away?

[Badiei, Farzaneh]

“Granted there's
that gray area of dissident political movements etc. but their full
time job is protecting their identity.”

You think? The median number of domain name registration that used privacy 
proxy service in the Middle East is 24%. See the DNS Market study: 
https://www.icann.org/en/system/files/files/meac-dns-study-26feb16-en.pdf

Now lets look at the distribution of that number: “Rates of privacy proxy 
registrations varied across countries in the region, with the lowest rates seen 
in Iran (7%) and Turkey (12%), and the highest rates in Syria (32%), Algeria 
and Egypt (31% each).” I guess some people who share your band name in those 
countries with the lowest percentage of privacy proxy service might not really 
know how they can use privacy proxy services ! Lets just keep their personal 
information public until they find out how and why their house has been raided.


Also I don’t really understand why people keep saying “whois is going away” and 
“whois is going dark”

It is not. Personal information in the database should be made private. WHOIS 
contains more than personal information. You are the technical people,  you 
know better than me.

Thanks for bringing up the grey area anyway. Not many consider that in the 
discussions. But it’s not only dissidents. It’s also journalists and especially 
female journalists that work on issues that some might not like. Also sometimes 
you don’t even know you have to hide your identity because you don’t think you 
are doing anything against the  law, the problem is that we don’t have the rule 
of law everywhere in the world.


Best

Dr. Farzaneh Badiei
Research Associate, School of Public Policy
Executive Director, Internet Governance Project

From: b...@theworld.com
Sent: Thursday, April 19, 2018 5:58 PM
To: Aaron C. de Bruyn
Cc: nanog@nanog.org; Rich Kulawiec
Subject: Re: Is WHOIS going to go away?


One of the memes driving this WHOIS change is the old idea of
"starving the beast".

People involved in policy discussions complain that "spammers" -- many
only marginally fit that term other than by the strictest
interpretation -- use the public WHOIS data to contact domain owners.

I've countered that 20+ years experience trying to "starve the beast"
by trying to deny them access to email and other casual contact info
has proven the approach to be useless.

Choosing the privacy options on your domain registration is probably
just as, if not more, effective.

Another argument against this whole idea is that in most countries one
is required by law to provide valid contact information if they are
doing business with the general public. That would include soliciting
donations etc.

And that's essentially why domains exist, organizational contact.

This trend towards "vanity" domains is relatively recent and really
the only reason one can even claim there is a problem.
I doubt Microsoft or General Motors are excited to see that their
domain registration contact information will soon be protected by law.

--
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*