ICANN Rules vs Privacy

1,034 views
952 views

Published on

Presentation given to UCD Law School students, February 12, 2014. Gives an overview of ICANN and its function / role within the internet governance context. Moves into the conflicts between ICANN's contracts + policies with local laws, specifically privacy

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,034
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ICANN Rules vs Privacy

  1. 1. ICANN  Rules  vs.  Privacy   With  Michele  Neylon  
  2. 2. ICANN  Rules  (Contract)  vs.   Privacy   Michele  Neylon  
  3. 3. Who  am  I?   Michele  Neylon   -­‐  Founder  /  CEO  Blacknight   -­‐  h>p://mneylon.tel   -­‐      @mneylon   -­‐  h>p://michele.me/blog   -­‐  IIA  Net  Visionary  2013   -­‐  Chair  RrsG,  Chair  Registrar   Advisory  Board  Eurid,  member   EWG  
  4. 4. What  Will  I  Cover?   •  What  is  ICANN?   •  Registrars   •  EU  law   •  Registries   •  ICANN  “law”  
  5. 5. I  am  NOT  a  lawyer!  
  6. 6. Who  Runs  The  Internet?  
  7. 7. Who  Runs  the  Internet?   •  Graphic:  h>p://michele.cat/f4   •  Lots  of  acronyms!:   –  ICANN,  IETF,  IGF,  ISOC,  W3C,  RIRs,  LIRs,  IAB,  ISO   Mixture  of  technical  /  operaZonal  +  policy     LOTS  OF  LAWYERS  
  8. 8. Head  Hurts?  
  9. 9. Why  do  I  Care?     •  •  •  •  ICANN  –  gTLDs  (com,  net,  org  etc)   ICANN  -­‐>  new  TLDs  -­‐>  1000+  new  extensions   IANA  -­‐>  ccTLDs     RIRs  -­‐>  RIPE  –  LIR  –  ISP  -­‐>  YOU  
  10. 10. ICANN?   •  US  (California)  CorporaZon   •  Formed  1998   •  Internet  CorporaZon  for  Assigned  Names  &   Numbers   •  Co-­‐ordinaZon  –  stability  /  security  /   compeZZon  
  11. 11. ICANN   •  All  registrars  selling  gTLDs  have  contract  with   ICANN   •  Any  registry  operator  has  to  have  one  too   •  If  you  want  to  register  /  buy  a  gTLD  domain   you  have  to  deal  with  a  “contracted  party”   directly  or  indirectly.    
  12. 12. The  EU  Landscape  is  complex  (Sort  of)   •  •  •  •  •  ccTLds   gTLDs   Regional  TLD  -­‐  .eu   Geo  TLDs  -­‐  .london,  .paris   LinguisZc  /  Cultural  -­‐  .cat,  .eus  etc  
  13. 13. Privacy?   •  EU  has  privacy  laws  –  US?  Not  so  much   (though  they  don’t  like  being  reminded)   •  European  Data  ProtecZon  DirecZve  95/46/EC   •  DirecZve  -­‐>  transposed  naZonal  law  -­‐>  Data   ProtecZon  (Amendment)  Act  2003   •  Art.  29  Data  ProtecZon  Working  Party  -­‐>  DPAs   of  all  28  members  of  EU  
  14. 14. Privacy  +  ICANN?   •  Whois  policy?   •  Data  policies  in  general   •  2013  contract  -­‐>  specific  data  retenZon   requirements  (LEA  wanted  more)  
  15. 15. EU  Registries  vs  ICANN  (Historical)   •  .tel  –  delayed  due  to  whois  policy     •  .cat  –  3  years+  to  get  a  whois  policy  change  +   comply  with  Spanish  law  
  16. 16. Post  Snowden  World  
  17. 17. Gelng  away  with  murder?   •  EU  ciZzens  more  conscious  of  data  privacy  +   digital  issues  than  before   •  Logically  the  risk  of  liZgaZon  has  increased   •  Irish  DPC  being  sued  for  not  being  tough   enough  on  Facebook!   •  Registrars  and  registries  at  risk?   •  Is  ICANN?  Doubnul  –  they’re  sZll  safe  in  the   US!  
  18. 18. EU  Law  vs  ICANN?  
  19. 19. 2013  RAA   •  Illegal  contract  for  EU  based  registrars   •  ONLY  1  EU  based  registrar  “granted”  waiver   •  PotenZally  problemaZc  for  non-­‐EU  registrar   with  EU  registrants   –  Data  retenZon   –  Data  elements  to  be  collected   –  Periods  of  retenZon  
  20. 20. ArZcle  29  Working  Party   •  6th  June  le>er  to  ICANN  ( h>p://michele.cat/ch  )   •  “..to  avoid  unnecessary  duplicaZon  of  work  by   27  naZonal  data  protecZon  authoriZes  in   Europe..  the  WP  wishes  to  provide  a  single   statement  for  all  relevant  registrars  targeZng   individual  domain  name  holders  in  Europe”  
  21. 21. ArZcle  29  Working  Party   •  2013  RAA  obligaZons  NOT  based  on  legal   requirement  in  EU   •  Risk  of  data  breach  -­‐>  exposure  of  personal   data   •  Opposes  Private  corporaZon  (ICANN)   introducing  data  retenZon  -­‐>  naZonal  govt   should  do  it  (if  needed)  
  22. 22. ArZcle  29  vs  ICANN   •  •  •  •  ICANN’s  responses  haven’t  been  helpful     Art  29  wrote  again  see:     h>p://michele.cat/eh   Google  France  have  learnt  the  hard  way  –   slapped  with  150k  fine  
  23. 23. What  about  Whois?   •  Art  29  WP  doesn’t  like  “open”  whois   •  Most  ccTLDs  in  EU  “gate”  data  BUT  ICANN   forces  registrars  AND  registries  to  publish   EVERYTHING  by  default   •  What  will  “Geo”  gTLDs  do?    
  24. 24. ICANN’s  response?   •  Waiver  process  for  retenZon  /  collecZon   elements  of  2013  RAA  (see   h>p://michele.cat/cg  )   •  No  change  on  Whois  “waiver”  process  (yet)   •  ArZcle  29  le>er  rejected  
  25. 25. Impact  on  Registrars  /  Registries   •  Delays  (they  cost  too)   •  Cost  (lawyers  don’t  work  for  free!)   •  ONLY  registrars  on  2013  RAA  can  offer  new   TLDs  –  so  we  (Blacknight)  can’t   •  If  a  registrar  doesn’t  have  a  waiver  then  how   will  their  DPC  react?   •  Is  it  worth  the  risk?  
  26. 26. Waiver  =  how  long?   •  Advantage  for  registrars  in  countries  with   other  registrars   •  45  days?  90  days?  Based  on  current   experience  -­‐>  never?   •  Timeline  published  by  ICANN  has  a  30  day   publicaZon  period  
  27. 27. Our  Experience  (so  far)   •  •  •  •  •  Delay   Submi>ed  request  on  September  17th     Received  basic  acknowledgement  same  day   Received  a  reply  on  October  25th  with  queries   SZll  going  back  and  forth  
  28. 28. The  Future?   •  •  •  •    GAC  involvement?   ArZcle  29  WP  again?   EU  Commission?   ICANN?  
  29. 29. QuesZons?  
  30. 30. Thank  You  …    
  31. 31. Credits   •  Logos  image  via   h>p://www.flickr.com/photos/ 27845211@N02/2616906744/sizes/l/  
  32. 32. Who  am  I?   Michele  Neylon   -­‐  Founder  /  CEO  Blacknight   -­‐  h>p://mneylon.tel   -­‐      @mneylon   -­‐  h>p://michele.me/blog   -­‐  IIA  Net  Visionary  2013   -­‐  Chair  RrsG,  Chair  Registrar   Advisory  Board  Eurid,  member   EWG  

×