<html><head></head><body>Hi Alan,<div class=""><br class=""/></div><div class="">The intention here was to state a principle on which further work down the road may be developed when we eventually get to deliberation on an access model. The principle is meant to provide guidance on a set of specific circumstances, that if met, should allow specific portions of non-public gTLD Registration Data to be shared with specific third-parties, to address specific issues. The objective is to allow this while maintaining compliance with GDPR, or possibly other privacy laws/regulations.</div><div class=""><br class=""/></div><div class="">This is not to say that a third-party requires the kind of legal rights or mandate I believe you are describing, as in your comparison between LEAs and independent cybersecurity workers. So yes, ICANN’s Mission does come into play here. In fact, I believe it to be a key factor of consideration. At some point, we’re going to have to deliberate on how that Mission does or does not allow third-parties access non-public Registration Data.</div><div class=""><br class=""/></div><div class="">I hope this was helpful.</div><div class=""><br class=""/></div><div class="">Thanks.</div><div class=""><br class=""/></div><div class="">Amr<br class=""/><div><br class=""/><blockquote type="cite" class=""><div class="">On Sep 13, 2018, at 4:55 AM, Alan Greenberg <<a href="mailto:alan.greenberg@mcgill.ca" class="">alan.greenberg@mcgill.ca</a>> wrote:</div><br class="Apple-interchange-newline"/><div class="">
<div class="">
I am generally in support of this, but I question the term "grounded
in legal bases". It this the legal basis in reference to GDPR
(ie that there needs to be a legitimate demonstrable need to access
otherwise private information). Or a legal basis as in reference to law
enforcement having a right to demand certain information. <br class=""/><br class=""/>
I can accept the former (if it is made clear), but not the latter.
ICANN's Mission-defined interest in ensuring that security and stability
of the DNS (and by implication, the trusted nature of the DNS) may create
a need for cybersecurity workers to have access to certain data, but
there is no LAW that gives them that right.<br class=""/><br class=""/>
Alan<br class=""/><br class=""/>
At 11/09/2018 04:33 PM, Alex Deacon wrote:<br class=""/>
<blockquote type="cite" class="cite" cite="">Hi All,<br class=""/><br class=""/>
As you know a group of us has been working to recommend an update to
Section 4.4.8 of the temp spec. <br class=""/><br class=""/>
While we haven't come to full agreement on the update, we are pretty
close and wanted to share the current/tentative output of the volunteer
team with the broader team. <br class=""/>
<dl class=""><br class=""/>
<dd class=""><font color="#0000FF" class="">4.4.8 Supporting a framework that enables
identification of third-parties with legitimate interests grounded in
legal bases, and providing these third-parties with access to
Registration Data relevant to addressing specific issues involving domain
name registrations related to consumer protection, investigation of
cybercrime, DNS abuse and intellectual property protection. </font><br class=""/>
<br class=""/>
</dd></dl><font color="#0000FF" class=""><br class=""/>
</font>The non-bold text was suggested by Amr/NCSG and the added bold
text was an updated suggested by me/IPC and supported by the BC.
<br class=""/><br class=""/>
Giving it a re-read again today I think additional word-smithing could be
warranted, but for now I will resist and step away and let others share
their thoughts. <br class=""/><br class=""/>
Alex<br class=""/><br class=""/>
<font color="#0000FF" class=""><br class=""/>
</font><br class=""/>
-- <br class=""/>
___________<br class=""/>
Alex Deacon<br class=""/>
Cole Valley Consulting<br class=""/>
<a href="mailto:alex@colevalleyconsulting.com" class="">
alex@colevalleyconsulting.com</a><br class=""/>
+1.415.488.6009<br class=""/><br class=""/>
_______________________________________________<br class=""/>
Gnso-epdp-team mailing list<br class=""/>
<a href="mailto:Gnso-epdp-team@icann.org" class="">Gnso-epdp-team@icann.org</a><br class=""/>
<a href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team" eudora="autourl" class="">
https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a></blockquote>
</div>
</div></blockquote></div><br class=""/></div></body></html>