<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph, li.m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph, div.m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph
{mso-style-name:m_479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.gmail-m4089757305539364400msolistparagraph, li.gmail-m4089757305539364400msolistparagraph, div.gmail-m4089757305539364400msolistparagraph
{mso-style-name:gmail-m4089757305539364400msolistparagraph;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:423378429;
mso-list-template-ids:-1894632492;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:753547712;
mso-list-template-ids:2138083474;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1191841273;
mso-list-template-ids:1907115422;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1446847892;
mso-list-type:hybrid;
mso-list-template-ids:-997013920 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:44.3pt;
text-indent:-.25in;
font-family:Symbol;
mso-bidi-font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:80.3pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:116.3pt;
text-indent:-.25in;
font-family:Wingdings;
mso-bidi-font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:152.3pt;
text-indent:-.25in;
font-family:Symbol;
mso-bidi-font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:188.3pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:224.3pt;
text-indent:-.25in;
font-family:Wingdings;
mso-bidi-font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:260.3pt;
text-indent:-.25in;
font-family:Symbol;
mso-bidi-font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:296.3pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:332.3pt;
text-indent:-.25in;
font-family:Wingdings;
mso-bidi-font-family:Wingdings;}
@list l4
{mso-list-id:1621573990;
mso-list-type:hybrid;
mso-list-template-ids:1605010966 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-bidi-font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-bidi-font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-bidi-font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-bidi-font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-bidi-font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-bidi-font-family:Wingdings;}
@list l5
{mso-list-id:2112045057;
mso-list-template-ids:1501173888;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Thanks to Volker and Mark for continuing this discussion in preparation for tomorrow’s EPDP Team meeting. To provide some further context, Volker and Mark have been working with the staff support team on revised language for recommendation #9 (SLAs) which also deals with ‘Urgent’ requests. Note that work on that recommendation is still ongoing – as such, the staff support team has stricken out the reference in the recommendation #8 discussion issues document (see attached) as no language has been agreed yet, and the proposed compromise referenced was not accepted. To focus this discussion, it may be helpful to remind everyone of a few points:<o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><ul style='margin-top:0in' type=disc><li style='color:black;margin-top:0in;margin-bottom:0in;margin-left:8.3pt;margin-bottom:.0001pt;mso-list:l3 level1 lfo7'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Only accredited entities can make requests;<o:p></o:p></span></li><li style='color:black;margin-top:0in;margin-bottom:0in;margin-left:8.3pt;margin-bottom:.0001pt;mso-list:l3 level1 lfo7'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>The Central Gateway is required to inform requestors of the requirements for making an urgent request as well as the potential consequences (de-accreditation) of making urgent requests that do not meet the requirements;<o:p></o:p></span></li><li style='color:black;margin-top:0in;margin-bottom:0in;margin-left:8.3pt;margin-bottom:.0001pt;mso-list:l3 level1 lfo7'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Per recommendation #9, Contracted Parties may recategorize a request if they are of the view that the request does not meet the requirements. Any recategorization is communicated to the Central Gateway Manager and Requestor;<o:p></o:p></span></li><li style='color:black;margin-top:0in;margin-bottom:0in;margin-left:8.3pt;margin-bottom:.0001pt;mso-list:l3 level1 lfo7'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>SLAs, including those for urgent requests are set as targets until the first review (at the latest after 6 months) at which point there will be further information on the actual use of this priority setting;<o:p></o:p></span></li><li style='color:black;margin-top:0in;margin-bottom:0in;margin-left:8.3pt;margin-bottom:.0001pt;mso-list:l3 level1 lfo7'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>The definition included is specific about the limited circumstances in which it can be applied (imminent threat to life, serious bodily injury, critical infrastructure (online and offline) or child exploitation. <o:p></o:p></span></li></ul><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Suggestion: is it worth focusing on developing a set of examples for each of these limited circumstances that will provide a better idea on the types of requests that would meet these criteria, instead of focusing on who is able to make this request? As noted above, CPs will be in a position to reclassify requests if the criteria are not met and further review will take place based on actual experience within 6 months of operationalization of SSAD. <o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>If so, Mark SV provided a first set of examples: <o:p></o:p></span></p><ul style='margin-top:0in' type=disc><li class=gmail-m4089757305539364400msolistparagraph style='color:black;margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l4 level1 lfo8'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>a large banking establishment or school district under ransomware attack<o:p></o:p></span></li><li class=gmail-m4089757305539364400msolistparagraph style='color:black;margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l4 level1 lfo8'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>a nation state actor targeting multiple human rights organizations with persistent spear phishing attacks<o:p></o:p></span></li><li class=gmail-m4089757305539364400msolistparagraph style='color:black;margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l4 level1 lfo8'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>a nation state actor using a malicious domain to compromise and steal information from members of the United Nations<o:p></o:p></span></li><li class=gmail-m4089757305539364400msolistparagraph style='color:black;margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l4 level1 lfo8'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>a nation state actor purchasing large swaths of domains to target multiple organizations in the oil and gas industry, then using them in a large-scale intrusion campaign<o:p></o:p></span></li></ul><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Are there additional examples, or are there concerns about these examples? <o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Best regards,<o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>Marika, Berry, and Caitlin<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Times New Roman",serif;color:black'><o:p> </o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of "Mark Svancarek (CELA) via Gnso-epdp-team" <gnso-epdp-team@icann.org><br><b>Reply-To: </b>"Mark Svancarek (CELA)" <marksv@microsoft.com><br><b>Date: </b>Wednesday, April 29, 2020 at 10:54 AM<br><b>To: </b>Volker Greimann <vgreimann@key-systems.net>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org><br><b>Subject: </b>Re: [Gnso-epdp-team] [EXTERNAL] Re: Regarding Urgent Priority requests by non-LEA<o:p></o:p></span></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><span style='mso-fareast-language:JA'>I want to ensure that the existing Rec 8 language remains:</span><o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'><span style='mso-fareast-language:JA'>“</span>f) A separate accelerated timeline has been recommended for the response to ‘Urgent’ SSAD Requests, those Requests for which evidence is supplied to show an immediate need for disclosure (see below). The criteria to determine whether it concerns an urgent request are limited to circumstances that pose an imminent threat to life, serious bodily injury, critical infrastructure (online and offline) or child exploitation. Note that the use of ‘Urgent’ SSAD Requests is not limited to LEA."<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:JA'>You seem to be supporting the existing language. I hope that you and other CPs will continue to support when it comes up for review again. Thank you.</span><o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:JA'>/marksv</span><o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:JA'> </span><o:p></o:p></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Volker Greimann <vgreimann@key-systems.net> <br><b>Sent:</b> Wednesday, April 29, 2020 10:34 AM<br><b>To:</b> Mark Svancarek (CELA) <marksv@microsoft.com><br><b>Cc:</b> gnso-epdp-team@icann.org<br><b>Subject:</b> Re: [EXTERNAL] Re: [Gnso-epdp-team] Regarding Urgent Priority requests by non-LEA<o:p></o:p></p></div><p class=MsoNormal> <o:p></o:p></p><div><div><p class=MsoNormal>I am not disagreeing that some non-LEA may very well have access to this queue, I am just saying we should be very picking in who shall pass that threshold. Allowing non LEAs does not mean everyone and their dogs after all.<o:p></o:p></p></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Also, I never argued solely on behalf of centralnic whereas you just came out with: if my employer cannot get it, we will withhold support. That is what I was referring to that rubbed me against the grain.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p><div><div><p class=MsoNormal>On Wed 29. Apr 2020 at 19:25, Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com">marksv@microsoft.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I’d like to remind everyone that we’ve already negotiated this and the report sent out for public comment already declared that non-LEA could use urgent priority. I am just trying to keep the language already in the draft report, which presumably you previously agreed to!<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>We already work very closely with LEA. We do research and share the results with them. This is a system which is beneficial to them. But as described below, there is a category of urgent requests that we would take directly to the infrastructure owner, and it would not be helpful to delay our engagement with them while hunting for an interested government agency to sponsor an urgent request.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>As for “We should move away from trying to defend our employers particular interests and focus on the bigger picture”, I would of course say the same thing to CPs who I hoped would be my partners.<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>/marksv<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Volker Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>> <br><b>Sent:</b> Wednesday, April 29, 2020 10:06 AM<br><b>To:</b> Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>><br><b>Cc:</b> <a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a><br><b>Subject:</b> Re: [EXTERNAL] Re: [Gnso-epdp-team] Regarding Urgent Priority requests by non-LEA<o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Maybe I know to little about the MDCU and I am sure they do excellent work but ultimately they cannot be compared to public authorities or critical national infrastructure providers, can they?<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If you get in, what is to stop smaller two-person internet crime fighter outfits from demanding the same?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Maybe the solution is that you work closer with law enforcement so you provide the data they need to them and they take it from there?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>We should move away from trying to defend our employers particular interests and focus on the bigger picture. <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Wed 29. Apr 2020 at 18:41, Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I cannot accept a policy which does not include a path for Microsoft DCU to ultimately receive authority to make urgent priority requests.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Perhaps I am still misunderstanding your proposal. Please clarify.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Does <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:.5in'>“others may also have access to the urgent queue, but would be more restricted in its use" <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Mean <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:.5in'>“there will be a practical way for Microsoft Digital Crimes Unit to be accredited to make occasional urgent priority requests”?<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Volker Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>> <br><b>Sent:</b> Wednesday, April 29, 2020 9:27 AM<br><b>To:</b> Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>><br><b>Cc:</b> <a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a><br><b>Subject:</b> Re: [EXTERNAL] Re: [Gnso-epdp-team] Regarding Urgent Priority requests by non-LEA<o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I would assume others may also have access to the urgent queue, but would be more restricted in its use. Operators of critical national infrastructure could be included. Private crime fighters such as the unit you describe would probably not be considered as such though. <br clear=all><o:p></o:p></p><div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fwww.key-2Dsystems.net-252F-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695594867-26sdata-3DClIfPgneRYzS-252FTdYiYD36MhMysGVjizKxXp-252FSiYxaWE-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=WvHcBsaUQfr8rRpkvPpk0F_fCqaa5VIwrh2_fG8vaEQ&e=" target="_blank"><span style='color:#1155CC'>www.key-systems.net</span> [nam06.safelinks.protection.outlook.com]</a><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Oliver Fries and Robert Birkner<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Wed, Apr 29, 2020 at 6:13 PM Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A), as written below, still implies that only government entities may receive authority to make urgent requests. It is possible that I am misinterpreting this.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Please clarify – how would Microsoft Digital Crime Unit receive authorization to make urgent priority requests? Is this a special type of accreditation?<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>B) and C) are already required in our draft policy, so there should be no controversy here. <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor currentcolor'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Volker Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>> <br><b>Sent:</b> Wednesday, April 29, 2020 8:18 AM<br><b>To:</b> Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>><br><b>Cc:</b> <a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a><br><b>Subject:</b> Re: [EXTERNAL] Re: [Gnso-epdp-team] Regarding Urgent Priority requests by non-LEA<o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>to expand upon my previous mail on the subject I would see the following basic requirements for any framework for urgent requests:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>a) Requestor is authorised to send urgent request <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>b) Request is made in relation to subject matters where urgent requests are permitted<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>c) Requestor demonstrates urgency is required in this case<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>For a), we will need to define who should have the authority to even be allowed to enter the portal to urgent requests. If you are not a bearer of the special pass, thou shalt not enter these hallowed halls. Basic concepts required for this pass should be special authority, dependability and potentially others. Authority would flow from specific legal powers, such as law enforcement of appropriate jurisdictions. Others may be possible but should still have comparable authority that can be shown in evidence. Dependability would be measured as a track record of previously confirmed urgent requests, e.g. how dependable is the requestor in only using this fast lane for cases where it is actually required. <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>b) Obviously, if you are an operator of a facility that has been granted access to make urgent requests to act quickly in case your site is attacked, you should not be using the queue to request data of someone violating your trade mark. So we will probably down the line have to define what matters can make use of this speed lane. This should probably be an open-ended refinement process as otherwise we will surely forget something or someone. For starters, the content of the draft Rec 9 should be sufficient, but will need some more defining. For example, critical infrastructure could be equated by what is defined by many national laws as critical national infrastructure but the problem here is that such laws do not exist in every country and may be wildly different in scope. Our approach should work across the board.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>c) Every request with urgency should be accompanied with a statement of why an urgent response is needed and how your request is related to your authority. Fail to make that case and to the back of the regular queue you go.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fwww.key-2Dsystems.net-252F-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695604823-26sdata-3Dm9p-252FcFVI5ilTiTO5SkXcpO7MPij9oz3nC2NH7KMFSOU-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=OFk2yXFe_yJZOrE4nSlHWep3MflSIpTx3FtNt8HqKiQ&e=" target="_blank"><span style='color:#1155CC'>www.key-systems.net</span> [nam06.safelinks.protection.outlook.com]</a><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Oliver Fries and Robert Birkner<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Wed, Apr 29, 2020 at 4:21 PM Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Everyone, we will be discussing this topic in plenary soon. Given the business of meetings, it will be good if we can discuss this topic in advance of the meeting. If you have any additional feedback which may be helpful before we meet, please add it here.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thx.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>/marksv<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Mark Svancarek (CELA) <br><b>Sent:</b> Thursday, April 23, 2020 6:59 AM<br><b>To:</b> Volker Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>>; <a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a><br><b>Subject:</b> RE: [EXTERNAL] Re: [Gnso-epdp-team] Regarding Urgent Priority requests by non-LEA<o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thanks, Volker! My comments are inline below.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>/marksv<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From:</b> Volker Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>> <br><b>Sent:</b> Thursday, April 23, 2020 1:37 AM<br><b>To:</b> Mark Svancarek (CELA) <<a href="mailto:marksv@microsoft.com" target="_blank">marksv@microsoft.com</a>><br><b>Cc:</b> <a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a><br><b>Subject:</b> [EXTERNAL] Re: [Gnso-epdp-team] Regarding Urgent Priority requests by non-LEA<o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thank you Mark, you explanation highlights one of the key issues of this debate:<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>What is an urgent issue for one party may not be the same for another. <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] Correct. That’s why more than one category of requestor should be allowed to use the system. This is also why a centralized decider would have been nice, to get some consistency. C’est la vie.</i></b><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Ultimately we will need an objective standard to measure urgency. The ones I believe we had already agreed to was life and death situations and imminent terrorist attacks. Another issue is trust in the reporter. <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] Correction: The latest draft of Rec 9 says, “<span style='color:black;background:yellow'>imminent threat to life, serious bodily injury, critical infrastructure (online and offline) or child exploitation</span><span style='color:black'>.“ It doesn’t matter who the attacker is – that may not be know at the time – only what is being attacked. Note that “critical infrastructure” is likely a defined term in a jurisdiction.</span></i></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i> </i></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Again, this is something that is easier to attribute to law enforcement of appropriate jurisdiction than to other reporters from the private sector as the latter have no checks and balances and may be motivated by other influences. Handling a request with urgency reduces our ability to verify the accusations made in the request. Many of the issues you describe are not verifiable by contracted parties and need to be believed or taken at face value. So trust is an issue. <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] Trust is an important aspect throughout SSAD. Reputation can serve as a vehicle for trust. An entity can develop a favorable reputation by being accredited or certified, by having a history of good requests, and by taking extra steps to become a trusted notifier. Favorable reputations shall be lost by having a history of policy-defined bad requests, by failing audits, or by making spurious escalations when denied. Over time these can be factored into the learning system and recommendations of the CG, as in many other systems.</i></b><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>All in all, I am open to considering other matters for urgency, but these will have to be carefully considered and weighed against the risks. <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] Thanks!</i></b><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>We also need to consider that these requests will not end the threats you describe. Is it really that urgent to get the registration data for a domain when a private enterprise like a bank is under attack by a ransomware operation? Do the security folks not have more important things to deal with at such times, like stopping the attacks or the domains from resolving? Will knowing the data that the registrant provided at the time of registration really end the attack? It may help, but is it really that urgent to know?<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] We may have multiple tools in our toolbox. When a domain name record is the tool we need for a specific job, we should be allowed to use it. If not, we would use our other tools. As you say, reputation is important. </i></b><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Finally, if you open the gates too much, the special queue may become useless. <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] I would rephrase that as “<span style='color:black;background:yellow'>if you open the gates too much, the special queue will be less effective and non-urgent requesters will be impacted</span>". I suspect that no threshold of urgent requests will be deemed acceptable to certain CPs, another reason why I prefer a central decider. But over time we will develop a sense how much volume is to be expected. Until then we risk urgent requestors might negatively impacting non-urgent requestors. I don’t think that reality disqualifies the concept, it’s just one more thing to discuss in Rec 9 or wherever else the issue pops up.</i></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I do not subscribe to the opinion of the Texan Lt. Gov that there are more important things than living. Life is the most important to protect. Everything else comes later. <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] Hopefully there is no confusion that attacks on life are more serious than attacks on banks. But there are definitions of critical infrastructure for a reason, and we should consider that, too.</i></b><o:p></o:p></p></div><div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i>[Mark Svancarek] PS: In USA there are many states. Illinois has a history of electing governors whom they subsequently send to prison. Texas has a recent history of electing governors who say really stupid things.</i></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fwww.key-2Dsystems.net-252F-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695614780-26sdata-3DbuMDs7H8OvD6OjcqIrlbFi450zaM-252BunlWM9CgwiEePQ-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=mHl3mCc2F4X5HLzYnrOlzbrBNRVbtIEB3Lzw3yxPMFQ&e=" target="_blank"><span style='color:#1155CC'>www.key-systems.net</span> [nam06.safelinks.protection.outlook.com]</a><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Oliver Fries and Robert Birkner<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Thu, Apr 23, 2020 at 7:22 AM Mark Svancarek (CELA) via Gnso-epdp-team <<a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Although we’ve always discussed urgent priority requests as being available to both LEA and non-LEA, we are regularly asked why non-LEA should be allowed to use this type of request. We’ve seen this again in the public comments, with new suggestions that a non-LEA requestor must route urgent requests through a government agency rather than making such a request themselves.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>To clarify why it’s not sufficient to limit these requests to law enforcement and government agents, I asked my Digital Crime Unit and state actor cyberdefense teams for details. Here’s what they said.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><ul type=disc><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l2 level1 lfo3'>Law enforcement (LE) and Microsoft priorities do not always overlap such that what we consider an emergency, where this information could be necessary to protect our customers ( such as a threat to our infrastructure or our customer’s infrastructure), is the same as an emergency for LE.<o:p></o:p></li><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l2 level1 lfo3'>The threshold for what is important to protect our customers is often different or lower than the threshold for a LE emergency as outlined below – but nonetheless just as important. <o:p></o:p></li><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l2 level1 lfo3'>When a customer or partner is under attack, we would not necessarily engage LE. We would only notify/contact the customer directly since the impact is on their tenant. LE engagement is then at their discretion.<o:p></o:p></li><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l2 level1 lfo3'>Here are some scenarios where we would likely make urgent data requests separate from LE engagement: <o:p></o:p></li></ul><ul type=disc><ul type=circle><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l0 level2 lfo6'>a large banking establishment or school district under ransomware attack<o:p></o:p></li><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l0 level2 lfo6'>a nation state actor targeting multiple human rights organizations with persistent spear phishing attacks<o:p></o:p></li><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l0 level2 lfo6'>a nation state actor using a malicious domain to compromise and steal information from members of the United Nations<o:p></o:p></li><li class="m479324743280328242m-5863868821449381827gmail-m-498536285512511528gmail-m731816482059628218gmail-m4089757305539364400msolistparagraph" style='mso-list:l0 level2 lfo6'>a nation state actor purchasing large swaths of domains to target multiple organizations in the oil and gas industry, then using them in a large-scale intrusion campaign<o:p></o:p></li></ul></ul><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.25in'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Remember that abuse of the Urgent Priority request mechanism is already defined as an activity which may lead to loss of accreditation, even for LEA. That safeguard would be certainly be invoked quickly if the privilege were abused by a non-LEA requester.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I look forward to discussing this topic soon.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>/marksv<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>_______________________________________________<br>Gnso-epdp-team mailing list<br><a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fmm.icann.org-252Fmailman-252Flistinfo-252Fgnso-2Depdp-2Dteam-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695614780-26sdata-3DYUxBrs5ylVPIZVYq-252Fvuu8uSa-252BS65oQX6nKIXJ7-252FOenM-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=PfWAPuyFuXViWnVlH0a2LznjUXybfJ587ad4Q2uNNrw&e=" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-team [nam06.safelinks.protection.outlook.com]</a><br>_______________________________________________<br>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.icann.org-252Fprivacy-252Fpolicy-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695624736-26sdata-3Dl1Ns3YWQwW2hXs1MnlgOk2vbNpOuZKt2-252BZy4Kn3HXak-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=L_DIgGaK1OEjhsk15pksh2RytHmU8tnGSTtnCdC0ghM&e=" target="_blank">https://www.icann.org/privacy/policy [nam06.safelinks.protection.outlook.com]</a>) and the website Terms of Service (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.icann.org-252Fprivacy-252Ftos-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695624736-26sdata-3D5QrHa6XUsk8Qwq16vr8z5SF1FXfWBm8dHvIhjlJN-252Bh8-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=2RtjLhTcSA6cNTor7UESuxqiuNWrdpvsb-ZaltlJXFY&e=" target="_blank">https://www.icann.org/privacy/tos [nam06.safelinks.protection.outlook.com]</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></p></blockquote></div></div></div></blockquote></div></div></div></blockquote></div></div></div></blockquote></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- <o:p></o:p></p><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fwww.key-2Dsystems.net-252F-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695634692-26sdata-3Dbr5Pmlicsb-252B-252FDyObU6unkaErtXtmTBFO6aHHu2W11kA-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=8HP0oG2R0lMyNR613NMEszqpgLNoecfPzcwYD5WcNUM&e=" target="_blank"><span style='color:#1155CC'>www.key-systems.net</span> [nam06.safelinks.protection.outlook.com]</a><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Oliver Fries and Robert Birkner<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<o:p></o:p></p></div></div></div></div></div></div></blockquote></div></div><p class=MsoNormal>-- <o:p></o:p></p><div><div><div><div><p class=MsoNormal>-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fwww.key-2Dsystems.net-252F-26data-3D02-257C01-257Cmarksv-2540microsoft.com-257Cc37b10d5910c45208f9a08d7ec639103-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637237784695644647-26sdata-3DtZZHFnunOLmclTrXPw-252BuguZUvZeFFDfMrJgchXwgXj8-253D-26reserved-3D0&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=KqtqdmmAjYOwJBEVmNDmH8YhwDkTjQEm65Xxg1JMVKo&s=XanUP-V9IKYFwWSv9ipObwlU_VP0rfgV4nreqkabmS8&e=" target="_blank"><span style='color:#1155CC'>www.key-systems.net</span> [nam06.safelinks.protection.outlook.com]</a><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Oliver Fries and Robert Birkner<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<o:p></o:p></p></div></div></div></div></div></body></html>