<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Proxy/proxy services will have to comply with privacy regulations on 5/18 as a matter of law. That is different from getting ICANN accreditation, which never has existed for p/p providers in the gTLD world. The new accreditation program has the end of 2018 deadline for the proxy/privacy implementation team file its report. </p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:paf@frobbit.se">Patrik Fältström</a><br><b>Sent: </b>Friday, June 9, 2017 10:56 AM<br><b>To: </b><a href="mailto:dmblumenthal@gmail.com">dmblumenthal@gmail.com</a>, <br><b>Cc: </b><a href="mailto:johnl@taugh.com">John Levine</a>; <a href="mailto:dns-operations@dns-oarc.net">dns-operations@dns-oarc.net</a><br><b>Subject: </b>Re: [dns-operations] Denying Whois DB by GeoIP</p></div><p class=MsoNormal>[<o:p></o:p></p><p class=MsoNormal>On 9 Jun 2017, at 16:29, dmblumenthal@gmail.com wrote:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>> Registration through proxy and privacy has been available for a long time.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Yes, but note that I am talking about what is implemented in Sweden due to legislation. This is not a choice for private persons whether they want privacy or not, and it is not a choice whether others can access the data. And this ends up being more "interesting" when coming to the implementation of GDPR in Europe.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>> The recent ICANN activities concerned establishing an accreditation system for p/p service providers. The projected timeline for implementation is the end of 2018. FWIW, here is the policy working group’s final report: https://gnso.icann.org/en/issues/raa/ppsai-final-07dec15-en.pdf.</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> Most ICANN Internet policy work happens through volunteers (I have been one of them for awhile and the concept still baffles me), so we all are self appointed. The working group has zealots on both extremes related to public access to registration data. It also has folks on a continuum from the extremes to the center. That type usually results in WGs producing reasonable consensus recommendations.</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> Maybe all or parts of this was TMI. I have been in the registration data wars since 1998. Sometimes I can’t stop myself.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>On May 25 2018 ICANN Community must know what they should request registries and registrars to do where one or more of registry, registrar, registrant is under EU Jurisdiction. Or more precisely, registries and registrars must at that point in time have implemented whatever they have to implement.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Not "end of 2018".</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> Patrik</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>> From: Patrik Fältström</p><p class=MsoNormal>> Sent: Friday, June 9, 2017 7:18 AM</p><p class=MsoNormal>> To: John Levine</p><p class=MsoNormal>> Cc: dns-operations@dns-oarc.net</p><p class=MsoNormal>> Subject: Re: [dns-operations] Denying Whois DB by GeoIP</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> On 9 Jun 2017, at 2:55, John Levine wrote:</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>>> For some reason there is a bunch of self-appointed</p><p class=MsoNormal>>> privacy advocates who deny that WHOIS is useful for security research</p><p class=MsoNormal>>> at all.</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> Correct.</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> And lots of push in ICANN to recognize something that is called "proxy registrations".</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> But there is also legislation that say that things like whois data that describe private persons (as compared to organisations) is not to be publicly available. And we in the EU get new legislation called GDPR from May 2018 that makes things even more complicated.</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> The only path forward is to get tiered access to whois data, and then discuss who ends up under what circumstances in what tier.</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> Unfortunately, which John explain between the lines, the discussions are not very constructive. :-(</p><p class=MsoNormal>><o:p> </o:p></p><p class=MsoNormal>> Patrik</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>