[gnso-rds-pdp-wg] Notes and action items from Next-Generation RDS PDP WG Meeting - deep concerns
Elaine Pruis
elaine at donuts.email
Thu Feb 25 22:57:05 UTC 2016
I agree with Kathy's suggestion:
"start with these opening bullet points:
- what domain name registration data is collected and for what purpose?
- what specific laws and restrictions limit the re-use or secondary use of
this domain name registration data? (data gathering, legal analysis
section)
- what additional uses would people like to use the domain name
registration data and why?
- Outreach to the Supporting Organizations, Advisory Committees and
outreach to the greater Internet Community
- Deliberations as to whether these additional uses are legal, possible,
optional -- and what the costs and benefits are of providing this data for
the secondary purposes that people are seeking it. "
On Thu, Feb 25, 2016 at 2:17 PM, Kathy Kleiman <kathy at kathykleiman.com>
wrote:
> Hi Chuck,
> I'm sorry, but I don't understand the starting point of the draft work
> plan. It says that the "Bulk of Work in phase 1 relates to recommending
> requirements for Registration Directory Services." After review of the EWG,
> it states that we will "Develop a comprehensive list of possible
> requirement [sic] (without a debate) as a first step."
>
> It seems to me that the first step should be evaluating the data collected
> by the registrars for registration purposes. The next step should be
> evaluating the purposes for which that data is collected. The third step
> should be seeking out additionally purposes for which folks not registrars
> would like to use the data. The fourth step should be to determine whether
> the information could legally be made available for those additional
> purposes, and whether those additional purposes are even desirable or
> useful (or are there dangers and concerns?)
>
> Jumping straight into "Develop a comprehensive list of possible
> requirements (without debate)" skips the whole analysis (above) that I
> understand is necessary under EU nations' laws (and the many other
> countries with data protection laws) and jumps straight into -- "who wants
> this data?! Get your data here!"
>
> For the draft work plan, section 3 below ("Review and discuss draft work
> plan"), I would start with these opening bullet points:
> - what domain name registration data is collected and for what purpose?
> - what specific laws and restrictions limit the re-use or secondary use of
> this domain name registration data? (data gathering, legal analysis
> section)
> - what additional uses would people like to use the domain name
> registration data and why?
> - Outreach to the Supporting Organizations, Advisory Committees and
> outreach to the greater Internet Community
> - Deliberations as to whether these additional uses are legal, possible,
> optional -- and what the costs and benefits are of providing this data for
> the secondary purposes that people are seeking it.
>
> On a related note, I used to program large-scale databases on Wall Street
> and respectfully submit that the term "requirements" in the first 3 bullet
> points of section 3 is being used incorrectly (or confusingly) as a
> technical matter. Until we do the detailed analysis of the key issues of
> what data collected, its primary purpose, sought secondary use,
> proportionality, etc, we can't possibly know or lay out the "requirements"
> we are seeking for the new Registration Directory Services. "Requirements"
> is best used as the term for the features we intend to build into our new
> RDS system. We are nowhere near the "requirements" stage yet -- we are at
> the preliminary data gathering, use and user analysis, legal review, and
> other preliminaries. Shaping, scoping, defining and describing the
> "requirements" of the new system will come later. What other term can we
> use?
>
> *To the other question of the WG, what "rough categories of expertise" are
> needed:*
> I would add groups that specialize in free speech, freedom of expression,
> human rights, domestic violence, international journalist organizations,
> and groups that specialize in political oppression. It is these groups that
> know intimately who is being harassed, stalked and even killed based on
> Whois data -- and many of them participated in the last public comment held
> by the Proxy/Privacy Accreditation Working Group. They are definitely
> reachable and in tune with our issues.
>
> I deeply apologize for missing the meeting this week. We had a death of a
> family friend and given daytime commitments, I could not participate in the
> late-night call.
>
> Tx for your review.
> Best,
> Kathy (Kleiman)
>
>
>
> On 2/25/2016 9:57 AM, Gomes, Chuck wrote:
>
> Thanks for the feedback Kathy. I will let those who were on the EWG
> respond to what happened after London but I did insert some personal
> responses below.
>
>
>
> Chuck
>
>
>
> *From:* gnso-rds-pdp-wg-bounces at icann.org [
> mailto:gnso-rds-pdp-wg-bounces at icann.org
> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Kathy Kleiman
> *Sent:* Thursday, February 25, 2016 9:04 AM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] Notes and action items from
> Next-Generation RDS PDP WG Meeting - deep concerns
>
>
>
> Hi Chuck,
> Tx you for the reminder for the last call of comments. I would like to
> raise concerns about some of the items in the work plan. My objections have
> to do with the focus of the "Outline of Approach for Phase 1" extensively
> on input from the EWG Final Report. The work plan, as circulated
> (particularly under its "Assumptions") implies an understanding and
> acceptance of the EWG Final Report that never existed. Let me explain (and
> invite my EWG friends and all present at that time) to supplement this
> record:
>
> *[Chuck Gomes] Please tell me why you think there is an acceptance of the
> EWG Final Report? No such assumption was made by the Leadership Team. As
> you share below, the intent is for it to be a starting point.*
>
>
>
> * Background: *the EWG Final Report was greatly changed from the interim
> to the final draft. Not a little bit, but significantly, substantively,
> clearly changed. Dozens of new pages were added; entirely new analysis and
> recommendations. The final Report was difficult, even impossible, to
> understand. Long public sessions were held at the ICANN meeting in London
> where speaker after speaker raised issues, concerns and questions,
> questions, questions. There were so much ambiguity in the text, so many
> sections that were unclear, so many cross-references that were not complete
> that even those of us who have been in this field for many years found it
> impossible to understand specifically what was being recommended and why.
> Further, there were major questions raised about the large amount of data
> being collected and retained, indications of nearly unlimited access for
> certain types of users, and many more concerns.
>
> *There were so many questions that commenters at the microphone agreed
> we/they could not even start a full and substantive critique of the Final
> Report because it is unclear even what was being recommended on certain key
> and substantive points. The essence of drafting rules and technical policy
> is, of course, clarity and we agreed in these public session in London that
> it was lacking in this Final Report.** Answers were promised; answers never
> came. The EWG Final Report remains an ambiguous, unclear document. **No
> Final Public Comment: *Unfortunately, despite major and extensive changes
> between the interim and final drafts, and ICANN precedent itself, the EWG
> Final Report never went to public written comment. (In all my time in
> ICANN, which is a lot, I have never seen a final report which did not go to
> public comment - particularly a final report as complex, difficult,
> convoluted and significantly-changed as this one.) There was no final
> comment period for this report -- just a promise that no group would ever
> accept the Final Report as an absolute starting point; and that all future
> groups working with the EWG Final Report would know that it never received
> a final review, never received consensus, and was never even understood by
> those critiquing it in the public sessions.
>
> * Dissent: *Further, the EWG Final Report received a strong dissent from
> the only member of the EWG with a data protection background - the person
> who was a key drafter of the Canadian Data Protection Report. Her
>
> issues and concerns have, of course, never been addressed because the EWG
> Final Report never went out for that final round of public comment and
> final round of revisions.
>
> *[Chuck Gomes] I fully expect and encourage the dissenter (Stephanie) to
> add possible requirements that address her concerns.*
>
> * Accordingly: *calls for acceptance and reliance on the EWG Final Report
> should be much more carefully worded and limited in the Work Plan than they
> are now. I know the Board wants us to refer it as a reference point and
> touch point, but not the only or exclusive starting point*. *The work
> plan has references to other sources other than the EWG Final Report, but
> what are they, where are they and who will find and summarize them? Given
> the speed we want to work, it is incumbent on the WG, at this early point
> in development, in this Work Plan, to determine what these other sources
> might be and how we can access them quickly, efficiently and effectively. I
> would like to request that the Work Plan include provisions for subteams to
> form and Staff to help find, use and summarize these other sources so that
> they will be available as quickly as the EWG Report (and noting that it may
> be difficult for members of the community to drop other work and write
> short White Papers.) But it is clear that we need to fairly and fully pull
> in the widest range of information and input at this critical point of
> Phase 1 -- the RDS Working Group richly deserves it!
>
> *[Chuck Gomes] If you think the wording asks for acceptance and reliance
> on the EWG Final Report, please suggest alternative wording. Regarding
> other sources, many of them are identified in the EWG Report, in the Issues
> Report and I encourage WG members to identify other sources. Stephanie’s
> minority statement is one source already mentioned, although I consider it
> part of the EWG Report.*
>
>
>
> *In my view, I see no need for writing white papers. What we will need
> though in the early parts of our work is for everyone to identify possible
> requirements so that we create as comprehensive a list as possible. That
> list will then be deliberated on by the WG to determine which ones we agree
> should be recommended.*
>
>
>
> Best,
> Kathy (Kleiman)
> p.s. In summary, I would like to ask Assumptions be modified to reflect
> the huge questions and concerns raised about the EWG Final Report in
> London, and the complete lack of any final comment period on a hugely and
> substantively-changed final report. I would also like to request that
> Outline of Approach to Phase 1 be modified to reflect a concerted effort of
> the WG, Leadership Team subteam(s) and Staff to identify, define and
> summarize the "sources other than the EWG Final Report" that will be used
> and what resources will be devoted by Staff to collecting and summarizing
> them for ease of use by the WG.
>
> Best regards,
> Kathy
>
> On 2/24/2016 1:34 AM, Marika Konings wrote:
>
> Dear All,
>
>
>
> Please find below the notes and action items of today’s meeting. I would
> like to draw special attention to the following action items and deadlines
> associated with these:
>
> - *Action item #1*: All to review categories identified by small team
> and provide feedback within 24 hours (see attached)
> - *Action item #4*: All to review work plan approach as has been
> circulated with the agenda and provide any comments / questions on the
> mailing list within 48 hours. (see attached)
>
> Please share any input or questions you may have with the mailing list.
>
>
>
> Best regards,
>
>
>
> Marika
>
>
>
> *Notes/Action items 24 February 2016 - Next–Generation RDS PDP WG Meeting*
>
>
>
> *1. Roll call/ SOI*
>
> - Note, observers have read-only access to the mailing list and do not
> receive the call details. If you want to change your status, you can inform
> the GNSO Secretariat accordingly.
> - Members are required to provide a Statement of Interest in order to
> participate in the Working Group.
> - Updates to SOIs are requested at the start of every meeting.
>
> A*ction item #1*: Please complete / update your Statement of Interest if
> you have not done so yet.
>
>
>
> *2. Review of WG membership & expertise update*
>
> - Small team has been discussing how to identify current level of
> expertise
> - Identified a number of rough categories of expertise that is
> expected to be needed for this effort: Legal (IP, criminal, civil),
> Technical (Protocol development, Security, Audit), Data Protection,
> Operational (Registrar, Registries), Commercial/e-business, Non
> commercial/not for profit, government advisory, law enforcement (police,
> investigators, courts), individual internet user.
> - Proposal to put these categories into a zoomerang poll to allow for
> WG members to self-identify their expertise
> - Small team would like to receive input on the categories identified
> and possible sub-categories
> - Consider removing investigators as it can be considered part of
> 'police'. There are also other agencies that are involved in
> investigations, maybe that is why it has been identified as a separate
> category. Should investigators (non-government) be a separate category?
> This would include organisations like consumer organisations.
> - Security may not only be technical expertise, there may also be
> non-technical aspects to it. Consider having a security category that is
> not under the technical heading.
> - DNS technical specialists should also be considered as a category
> - Categories are intended to get a general sense of expertise available
> - Consider updating law enforcement to public safety to capture a
> broader category of investigators?
> - Should public defenders be added to the legal category? Might
> already be covered by legal/criminal?
> - Consider a category for cybersecurity.
> - Experts can be invited to just join when a particular topic is
> discussed - not only looking at filling gaps in membership, but also
> identify specific support that may be needed in an expert capacity.
> - Consider adding a category for WHOIS software / service developer
>
> *Action item #1*: All to review categories identified and provide
> feedback within 24 hours
>
>
>
> *Action item #2*: staff to develop survey on the basis of the categories
> identified and request WG members to participate
>
>
>
> *Action item #3*: small team to review feedback received to the survey
> and identify whether additional outreach is needed based on the survey
> results.
>
>
>
> *3. Review and discuss draft work plan approach*
>
> - Bulk of work in phase 1 relates to recommending requirements for
> Registration Directory Services
> - Use EWG Final Report as starting point, as instructed by the ICANN
> Board. Substantial public input was provided and incorporated by this
> effort. Not restricted to the EWG Final Report, but an important starting
> point.
> - Develop a comprehensive list of possible requirement (without a
> debate) as a first step. Deliberations on each possible requirement will be
> the next step after developing this comprehensive list, including reaching
> consensus on whether requirements should be included or not.
> - Outreach to SO/ACs is expected during various stages of the PDP,
> periodically as needed. This outreach may take various forms, formal,
> informal. There is a requirement for formal input at the early phase of the
> process.
> - Interdependency of all eleven questions in the charter will main
> that the WG may need to go back and forth between questions.
> - First five questions are critical as they are essential to
> responding to the foundational question of whether a new RDS is needed.
> - No comment period held on the Final EWG Report. EWG Report expected
> to be starting point - not stopping there, just a first list of possible
> requirements that the WG is expected to add to.
> - Should purpose be defined before discussion uses? Purposes and uses
> are part of the charter which are expected to result in possible
> requirements (see question 1).
> - Leadership team has started developing a first list of possible
> requirements - draft as a starting point for the full WG to review and add
> to. SO/AC/SG/Cs can also be asked to add to the list of possible
> requirements. Objective to have comprehensive list of requirements.
> - Once this comprehensive list is 'complete' (WG is of the view that
> all possible requirements have been added), systematic review of the
> requirements by the WG.
> - Deliberation of some requirements could be deferred to later phases,
> if deemed appropriate.
> - Following this work, the WG is expected to deliberate on
> foundational question: is a new RDS needed or can the existing WHOIS system
> be modified to satisfy the recommended requirements for questions 1-5.
> Answer to this question will determine subsequent steps.
> - Who will come up with costing based on the requirements identified?
> Is it possible to estimate costs until you get to phase 2 and 3? Might be
> possible to get a high level idea in phase 1, but you cannot do it
> thorougly until you get to phase 2 when the policies are identified. Phase
> 1 could identify what costs need to be measured while phase 2 may ballpark
> those. Cost impact expected across the whole eco-system. Impact assessment
> will be important question.
> - Outreach to SO/ACs may involve those groups to consult with their
> respective constituencies that may take more than 35 days. Smaller requests
> more frequently may facilitate feedback. All should be communicating
> regularly with their respective groups - bring feedback to the WG on an
> ongoing basis. If any request for input would be associated with a minimum
> 35 day timeline it would have a significant impact on the overall timeline.
> - Leadership team will work on the detail of the work plan based on
> the approach outlined and comments received.
> - Those on the call were supportive of the approach outlined. Provide
> opportunity for those not on the call to provide feedback on the approach.
> - Leadership team would like to be able to send out a first cut of a
> work plan by the end of this week so it can be further discussed and
> reviewed during next week's meeting.
>
> *Action item #4*: All to review work plan approach as has been circulated
> with the agenda and provide any comments / questions on the mailing list
> within 48 hours.
>
>
>
> *Action item #5*: Leadership team to send out first draft of work plan by
> the end of this week.
>
>
>
> *4. Discuss proposed outreach to SO/AC/SG/Cs to solicit early input*
>
> - Required to formally request input at early stage, minimum of 35
> days response time. Considering asking for general input.
> - Request formal input shortly after ICANN meeting in Marrakech.
>
> *Action item #6:* Leadership team to develop draft outreach message for
> WG review.
>
>
>
> *5. ICANN meeting in Marrakech F2F meeting*
>
> - See http://doodle.com/poll/7f9h9spwwmys26c5. To date 46 expected to
> participate in person, 20 are planning to participate remotely and 5 are
> not able to attend.
> - See https://meetings.icann.org/en/marrakech55/schedule/wed-rds for
> further details.
>
> *6. Confirm next steps and next meeting*
>
> - Next meeting will be scheduled for Tuesday 1 March at 16.00 UTC
> - Chuck will not be available for the next meeting - Susan Kawaguchi
> has volunteered to chair the meeting on 1 March.
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
--
[image: Donuts Inc.] <http://www.donuts.domains>
*Elaine Pruis*, Vice President, Operations
*Donuts Inc. <http://www.donuts.domains>*
10500 NE 8th Street, Suite 350, Bellevue Washington, 98004, U.S.A. |
Telephone: 509.899.3161
[image: Twitter] <https://twitter.com/DonutsInc>[image: Facebook]
<https://www.facebook.com/donutstlds>[image: Linked In]
<http://www.linkedin.com/company/donuts-inc->
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160225/3278df4a/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list