RE: [whois-sc] TR: Whois @ ICANN Carthage.

["Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>]

Title: Message

Hello Richard,

 

I can provide a briefing to the cctld managers on the current status of work of the WHOIS/Privacy steering group.

We can invite other members of the steering group that may be in Cathage to attend as well.

 

It would also be useful for the WHOIS steering group members to hear a presentation on European Commission study.

 

Note however that there will be a WHOIS workshop, and it may be a better use of time to coordinate with the workshop organisers to ensure that the above topics are covered there.  I intend to provide an update during the workshop on the work of the GNSO WHOIS/Privacy group.

 

Regards,

Bruce

 

 

 

-----Original Message-----
From: GNSO SECRETARIAT [mailto:gnso.secretariat@xxxxxxxxxxxxxx]
Sent: Tuesday, 7 October 2003 3:58 AM
To: whois-sc@xxxxxxxxxxxxxx
Cc: Richard Francis
Subject: [whois-sc] TR: Whois @ ICANN Carthage.

[To whois-sc@xxxxxxxxxxxxxx]

 

Please see the following request from Richard Francis, the ccTLD Secretariat.

Please advise whether a meeting room will be needed and on what day?

Thank you.

 

Glen de Saint Géry

GNSO Secretariat

 

WHOIS - Balancing Rights of Privacy and Access to ccTLD Databases - ccTLD Secretariat Briefing

1  The CENTR Secretariat have today alerted members to publication of  the Joint Research Centre of the European Commission of a study on the implications for data privacy of decisions taken by governments in the wake of September 11 and also of new technologies such as identity-management systems and location-based services. The survey was commissioned by the European Parliament and is available here

http://www.jrc.es/home/publications/publication.cfm?pub=1118

2  Nigel is ccTLD Liaison to the gNSO Whois Privacy Steering Group. http://gnso.icann.org/issues/whois-privacy/membership-liaison-update-19sep03.shtml
Nigel has drawn the attention of the Secretariat to a table of 'issues' and minutes of two gNSO WHOIS WG meetings in August and September 2003, posted on the ICANN gNSO Website

http://gnso.icann.org/issues/whois-privacy/table-whois-privacy-issue.shtml

http://gnso.icann.org/issues/whois-privacy/index.shtml


3  The ICANN Staff report, posted on 13 May suggested that the gNSO Whois/Privacy Steering Group should provide its work plan by a specified date (such as 1 August 2003) in advance of the Carthage meeting  and :-

3.1 Define the five (approximately) issues that the Whois/Privacy Steering Group recommends be accorded high priority in the policy-development process.

3.2 Prepare Issue Reports on each of these issues in time for the GNSO Council?s consideration of all of them at the Carthage meeting.

It went on to suggest that after considering and discussing the Issue Reports, the GNSO Council should initiate PDPs in a sequence it concludes is appropriate, with the understanding that any task forces formed would be separate from the Whois/Privacy Steering Group.

4  The ccTLD Secretariat will contact Glen de Saint Gery to establish whether the gNSO Whois Privacy Steering Group would be willing to present to the ccTLD Managers, if invited to do so.

Best regards

Richard Francis
ccTLD Secretariat

www.wwtld.org

+44 1993 898889


2  Four other groups in ICANN are actively involved in investigating Whois issues:

At-Large Advisory Committee
http://forum.icann.org/alac-forum/whois/

Governmental Advisory Committee Whois WG Convened by Robyn Layton
http://www.gacsecretariat.org/web/contact/LiaisonConvenors.xls

Security and Stability Advisory Committee
http://www.icann.org/committees/security/sac003.htm

ICANN Board ? At its March 2003 meeting, the ICANN Board directed the President to appoint a President's Standing Committee on Privacy, to be responsible for monitoring the implications of existing and proposed ICANN policies on the handling of personal data.




http://www.icann.org/gnso/issue-reports/whois-privacy-report-13may03.htm

Date: Mon, 06 Oct 2003 16:33:04 +0200
To: ga@xxxxxxxxx
From: Gabriella Schittek <gabriella@xxxxxxxxx>

Dear all,

The Commission's Joint Research Centre has just published a study on the implications for data privacy of decisions taken by governments in the wake of September 11 and also of new technologies such as identity-management systems and location-based services. The survey was commissioned by the European Parliament and its key findings are summarised below.

Gabriella

Digital technologies post-September 11^th: more security but less privacy for the European citizen?

Will new technologies protect privacy or hamper it in the post-September 11 world? Trends in information society technology will have a significant impact on the balance between citizens' security and privacy, according to a report released today by the European Commission's Joint Research Centre (JRC)⁽¹⁾. The study on "Security and Privacy for the Citizen in the Post-September 11 Digital Age: A Prospective Overview", commissioned by the European Parliament, analyses the security and privacy implications of three emerging technologies: identity management (on-line services based on the identification of the user), location-based services (focusing on local positioning and tracking of the user) and virtual residence in an ambient intelligence environment (with "smart" and mobile electronic devices connected to our home, office, car etc.). According to the report, there is a need to restore the balance in favour of privacy as the use of these technologies for some governmental or commercial actions stretch the ability of current legislation to provide adequate personal data protection.

"In response to the threat of terrorism after the tragedy of September 11, many governments enhanced their surveillance powers, but at the risk of affecting privacy", said European Research Commissioner Philippe Busquin. "However, citizens are not prepared to let privacy be one of the casualties in the war on terrorism. This comprehensive report will raise the awareness of decision makers for the need to maintain a balance between protecting data and making services widely available online, and the need to fight terrorism and crime whilst respecting individual privacy."

"Steps have already been taken at the EU level to address concerns raised by some governmental or commercial use of communications technologies", said Enterprise and Information Society Commissioner Liikanen. "The new Directive on Privacy and Electronic Communications, applicable in all Member States at the end of this month, applies important principles of EU law to communications services, including new mobile and Internet-based services. For instance, it requires that location information generated by mobile phones can only be further used or passed on by network operators with prior user consent, unless it is an emergency call. Where exceptions have to be made, for example for national security, they must be necessary and proportionate and laid down in legislation".

Is Big Brother watching you?

The effects of September 11 on privacy have yet to be fully assessed. In the immediate aftermath, the United Nations responded with Resolution 1368 calling for increased co-operation between countries to prevent and fight terrorism. The ability of law enforcement and national security agencies to intercept communications was increased, as were powers of search and seizure. The variety of data accessed has also grown. While no full appraisal of the effects of September 11 has been carried out, new technologies and communication infrastructures have strengthened enforcement of these powers, putting at risk the rights of individual citizens to privacy.

Biometrics (using statistical and mathematical methods to analyse biological data), for example, can be used to enhance the security levels in identification processes. Biometrics can help identify a person's physical features using electronic parameters. However it can also provide additional and sensitive data such as ethnic or medical information. A way to counter-balance this side-effect could be to only use a sample of facial characteristics (the major pertinent points) in producing the template needed for the matching process instead of a full picture of the face.

Protecting an individual's privacy

To address these issues the European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs, asked the Commission's JRC to develop a detailed and comprehensive report on information society trends to identify particular concerns. The Commission's Joint Research Centre sees an emerging pattern and trend, characterised by a shift from 'reactive' to 'pro-active' security protection, using information and communications technology systems to support intelligence gathering.

These facilitate the control and tracking of personal data, while offering opportunities of access for third parties for commercial purposes. For example, Radio Frequency Identification (RFID) tags, tiny chips that will be increasingly embedded in all kinds of devices and goods, will enable such items to be tracked. However, they could also be used to identify the owner of the item. It is important that these RFID tags are regulated by legislation addressing identity-related issues.

I can see you, I can feel you, and I know where you are

The JRC report outlines technology trends and implications for privacy and security and new challenges. It summarises important issues relating to policy development for privacy and surveillance in several areas, including:

• Identity-management systems: Identity is a key concept for the future Information Society. Identity-management systems and identity-related technologies will become an essential part of communicating via the Internet, enhancing the user's protection against potential privacy and security risks.
  
  
• Location-based services: Location computing technologies and permanent mobile broadband connections provide multifunctional global positioning. Commercial use of such services could enhance security but also expose users to the risk of unauthorized access to personal data.
• Ambient intelligence and Virtual Residence: Computing technologies in all kinds of objects will provide a large number of services. The new environment will blur the traditional boundaries between private and public domains and is uncharted territory in terms of privacy practice in the future smart home, in cyberspace and when mobile. New security and privacy measures will have to be devised.

Reducing risks to a minimum

Based on security measures identified, the JRC report recommends:

• Privacy-invasive measures resulting from September 11, developed as an immediate response to establish a safer environment, should be temporary and limited; and
• Policy should strike an appropriate longer-term balance between security and privacy when dealing with measures facilitating the development of the Information Society.

The role of technology

Technology can bring about change - but also solutions to the problems caused by change. The flexibility of new technologies must be acknowledged and considered before appropriate policy measures can be formulated. While technologies could be used to invade privacy, they can also help enhance protection of personal data and increase transparency in security processes.

According to the JRC report, technology could play a key role in protecting individual privacy against abuse if aligned with current legal measures in the EU. The JRC identified a number of areas where policy action may be needed, such as: identity theft; private-sector databases; private-public sphere indicators; and technology-specific regulation.

In the case of identity theft in Europe, the report stressed that due to strong existing European legislation, which defines clear privacy and data protection rights, this type of crime is less frequent than in other countries. In order to maintain this level of security for the citizen, new technologies will need to be integrated into the existing legal framework. The report recommends that a monitoring activity be established to track the rate of change in technology, its impact on the security/privacy balance and the potential need for regulatory action.

For further information, please see

http://www.jrc.es/home/publications/publication.cfm?pub=1118

^{(1)"The mission of the JRC is to provide customer-driven scientific and technical support for the conception, development, implementation and monitoring of EU policies.As a service of the European Commission, the JRC functions as a reference centre of science and technology for the Union. Close to the policy-making process, it serves the common interest of the Member States, while being independent of commercial or national interests."}

 <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Simon O'Connor

Senior Consultant
Weber Shandwick | Adamson
Park Leopold

Rue Wiertz 50

B - 1050 Brussels
Tel: + 32 2 743 42 24
Fax: + 32 2 230 14 96
soconnor@xxxxxxxxxxxxxxxxxx

www.webershandwick-eu.com
www.webershandwick.com