[gnso-rds-pdp-wg] Notes and action items from Next-Generation RDS PDP WG Meeting - deep concerns
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Fri Feb 26 05:54:46 UTC 2016
As I said somewhat facetiously during the chat, you should have seen the
dissents I refrained from emitting....the EWG did not start from a de
novo position. Given the repeated failure to even define the purpose of
WHOIS (see the SAC Blind men and the elephant report) we do need to take
a de novo approach. The EWG report provided good analysis on some
issues, and some new approaches. It certainly did not solve all the
problems or deal with all the issues. Brace yourself for me repeatedly
pointing these lacunae out, as I know a lot more about all the issues
than I did when I started with the EWG....
Stephanie Perrin
On 2016-02-25 20:27, Gomes, Chuck wrote:
>
> Please see my responses below Kathy.
>
> Chuck
>
> *From:*Kathy Kleiman [mailto:kathy at kathykleiman.com]
> *Sent:* Thursday, February 25, 2016 5:18 PM
> *To:* Gomes, Chuck; gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] Notes and action items from
> Next-Generation RDS PDP WG Meeting - deep concerns
>
> Hi Chuck,
> I'm sorry, but I don't understand the starting point of the draft work
> plan. It says that the "Bulk of Work in phase 1 relates to
> recommending requirements for Registration Directory Services." After
> review of the EWG, it states that we will "Develop a comprehensive
> list of possible requirement [sic] (without a debate) as a first step."
>
> */[Chuck Gomes] That statement is an assumption based on the WG
> charter. Do you not think that the WG’s main task, which will consume
> most of our time, will involve most of our time? If not, please show
> me what I am missing in the charter./*
>
>
>
> It seems to me that the first step should be evaluating the data
> collected by the registrars for registration purposes. The next step
> should be evaluating the purposes for which that data is collected.
> The third step should be seeking out additionally purposes for which
> folks not registrars would like to use the data. The fourth step
> should be to determine whether the information could legally be made
> available for those additional purposes, and whether those additional
> purposes are even desirable or useful (or are there dangers and concerns?)
>
> */[Chuck Gomes] The EWG already spent countless hours evaluating the
> data collected and had multiple opportunities for public comment on
> their work. Are you suggesting that we should repeat that work? The
> first of the eleven questions deals with users and purposes so your
> suggested first two steps seem to be covered by the WG deliberations
> on the first charter question. In other words, it seems to me that
> the proposed approach covers your first two steps at the beginning
> like you are suggesting. The only difference is that the approach
> suggests identifying possible requirements first./*
>
>
>
> Jumping straight into "Develop a comprehensive list of possible
> requirements (without debate)" skips the whole analysis (above) that I
> understand is necessary under EU nations' laws (and the many other
> countries with data protection laws) and jumps straight into -- "who
> wants this data?! Get your data here!"
>
> */[Chuck Gomes] The analysis will not be skipped. It will happen when
> we do our deliberation./*
>
>
>
> For the draft work plan, section 3 below ("Review and discuss draft
> work plan"), I would start with these opening bullet points:
> - what domain name registration data is collected and for what
> purpose? */[Chuck Gomes] /* First area of deliberation.
> - what specific laws and restrictions limit the re-use or secondary
> use of this domain name registration data? (data gathering, legal
> analysis section)*/[Chuck Gomes] /* This will happen in our
> deliberation on each possible requirement.
> - what additional uses would people like to use the domain name
> registration data and why?*/[Chuck Gomes] /* First area of deliberation.
> - Outreach to the Supporting Organizations, Advisory Committees and
> outreach to the greater Internet Community*/[Chuck Gomes] /* We will
> do this multiple times during our work.
> - Deliberations as to whether these additional uses are legal,
> possible, optional -- and what the costs and benefits are of providing
> this data for the secondary purposes that people are seeking it.
>
> On a related note, I used to program large-scale databases on Wall
> Street and respectfully submit that the term "requirements" in the
> first 3 bullet points of section 3 is being used incorrectly (or
> confusingly) as a technical matter. Until we do the detailed analysis
> of the key issues of what data collected, its primary purpose, sought
> secondary use, proportionality, etc, we can't possibly know or lay out
> the "requirements" we are seeking for the new Registration Directory
> Services. "Requirements" is best used as the term for the features we
> intend to build into our new RDS system. We are nowhere near the
> "requirements" stage yet -- we are at the preliminary data gathering,
> use and user analysis, legal review, and other preliminaries. Shaping,
> scoping, defining and describing the "requirements" of the new system
> will come later. What other term can we use?
>
> */[Chuck Gomes] We are using the term from the charter. I agree that
> it may fit better in some cases than others but I suggest we don’t get
> too hung up on terminology. If we can improve it, fine, but let’s not
> spend too much time debating terminology until it becomes critical,
> i.e., when we actually get into our deliberation./*
>
>
>
> /To the other question of the WG, what "rough categories of expertise"
> are needed:
> /I would add groups that specialize in free speech, freedom of
> expression, human rights, domestic violence, international journalist
> organizations, and groups that specialize in political oppression. It
> is these groups that know intimately who is being harassed, stalked
> and even killed based on Whois data -- and many of them participated
> in the last public comment held by the Proxy/Privacy Accreditation
> Working Group. They are definitely reachable and in tune with our issues.
>
> */[Chuck Gomes] We are way past the 24-hour deadline on this. If the
> membership review team has not finalized the categories yet, they of
> course can take your input into consideration but it is possible they
> have already completed the list. /*
>
>
>
> I deeply apologize for missing the meeting this week. We had a death
> of a family friend and given daytime commitments, I could not
> participate in the late-night call.
>
> */[Chuck Gomes] Please accept my condolences./*
>
>
>
> Tx for your review.
> Best,
> Kathy (Kleiman)
>
>
> On 2/25/2016 9:57 AM, Gomes, Chuck wrote:
>
> Thanks for the feedback Kathy. I will let those who were on the EWG
> respond to what happened after London but I did insert some personal
> responses below.
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Kathy Kleiman
> *Sent:* Thursday, February 25, 2016 9:04 AM
> *To:* gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject:* Re: [gnso-rds-pdp-wg] Notes and action items from
> Next-Generation RDS PDP WG Meeting - deep concerns
>
> Hi Chuck,
> Tx you for the reminder for the last call of comments. I would like to
> raise concerns about some of the items in the work plan. My objections
> have to do with the focus of the//"Outline of Approach for Phase 1"
> extensively on input from the EWG Final Report. The work plan, as
> circulated (particularly under its "Assumptions") implies an
> understanding and acceptance of the EWG Final Report that never
> existed. Let me explain**(and invite my EWG friends and all present at
> that time) to supplement this record:
>
> */[Chuck Gomes] Please tell me why you think there is an acceptance of
> the EWG Final Report? No such assumption was made by the Leadership
> Team. As you share below, the intent is for it to be a starting point./*
>
> *
>
> Background: *the EWG Final Report was greatly changed from the interim
> to the final draft. Not a little bit, but significantly,
> substantively, clearly changed. Dozens of new pages were added;
> entirely new analysis and recommendations. The final Report was
> difficult, even impossible, to understand. Long public sessions were
> held at the ICANN meeting in London where speaker after speaker raised
> issues, concerns and questions, questions, questions. There were so
> much ambiguity in the text, so many sections that were unclear, so
> many cross-references that were not complete that even those of us who
> have been in this field for many years found it impossible to
> understand specifically what was being recommended and why. Further,
> there were major questions raised about the large amount of data being
> collected and retained, indications of nearly unlimited access for
> certain types of users, and many more concerns. /There were so many
> questions that commenters at the microphone agreed we/they could not
> even start a full and substantive critique of the Final Report because
> it is unclear even what was being recommended on certain key and
> substantive points. The essence of drafting rules and technical policy
> is, of course, clarity and we agreed in these public session in London
> that it was lacking in this Final Report.** Answers were promised;
> answers never came. The EWG Final Report remains an ambiguous, unclear
> document.
>
> /*No Final Public Comment: *Unfortunately, despite major and extensive
> changes between the interim and final drafts, and ICANN precedent
> itself, the EWG Final Report never went to public written comment. (In
> all my time in ICANN, which is a lot, I have never seen a final report
> which did not go to public comment - particularly a final report as
> complex, difficult, convoluted and significantly-changed as this one.)
> There was no final comment period for this report -- just a promise
> that no group would ever accept the Final Report as an absolute
> starting point; and that all future groups working with the EWG Final
> Report would know that it never received a final review, never
> received consensus, and was never even understood by those critiquing
> it in the public sessions.*
>
> Dissent: *Further, the EWG Final Report received a strong dissent from
> the only member of the EWG with a data protection background - the
> person who was a key drafter of the Canadian Data Protection Report. Her
>
> issues and concerns have, of course, never been addressed because the
> EWG Final Report never went out for that final round of public comment
> and final round of revisions.
>
> */[Chuck Gomes] I fully expect and encourage the dissenter (Stephanie)
> to add possible requirements that address her concerns./*
> *
> Accordingly: *calls for acceptance and reliance on the EWG Final
> Report should be much more carefully worded and limited in the Work
> Plan than they are now. I know the Board wants us to refer it as a
> reference point and touch point, but not the only or exclusive
> starting point*. *The work plan has references to other sources other
> than the EWG Final Report, but what are they, where are they and who
> will find and summarize them? Given the speed we want to work, it is
> incumbent on the WG, at this early point in development, in this Work
> Plan, to determine what these other sources might be and how we can
> access them quickly, efficiently and effectively. I would like to
> request that the Work Plan include provisions for subteams to form and
> Staff to help find, use and summarize these other sources so that they
> will be available as quickly as the EWG Report (and noting that it may
> be difficult for members of the community to drop other work and write
> short White Papers.) But it is clear that we need to fairly and fully
> pull in the widest range of information and input at this critical
> point of Phase 1 -- the RDS Working Group richly deserves it!
>
> */[Chuck Gomes] If you think the wording asks for acceptance and
> reliance on the EWG Final Report, please suggest alternative wording.
> Regarding other sources, many of them are identified in the EWG
> Report, in the Issues Report and I encourage WG members to identify
> other sources. Stephanie’s minority statement is one source already
> mentioned, although I consider it part of the EWG Report./*
>
> *//*
>
> */In my view, I see no need for writing white papers. What we will
> need though in the early parts of our work is for everyone to identify
> possible requirements so that we create as comprehensive a list as
> possible. That list will then be deliberated on by the WG to
> determine which ones we agree should be recommended./*
>
>
>
> Best,
> Kathy (Kleiman)
> p.s. In summary, I would like to ask Assumptions be modified to
> reflect the huge questions and concerns raised about the EWG Final
> Report in London, and the complete lack of any final comment period on
> a hugely and substantively-changed final report. I would also like to
> request that Outline of Approach to Phase 1 be modified to reflect a
> concerted effort of the WG, Leadership Team subteam(s) and Staff to
> identify, define and summarize the "sources other than the EWG Final
> Report" that will be used and what resources will be devoted by Staff
> to collecting and summarizing them for ease of use by the WG.
>
> Best regards,
> Kathy
>
> On 2/24/2016 1:34 AM, Marika Konings wrote:
>
>
> Dear All,
>
> Please find below the notes and action items of today’s meeting. I
> would like to draw special attention to the following action items and
> deadlines associated with these:
>
> * *Action item #1*: All to review categories identified by small
> team and provide feedback within 24 hours (see attached)
> * *Action item #4*: All to review work plan approach as has been
> circulated with the agenda and provide any comments / questions on
> the mailing list within 48 hours. (see attached)
>
> Please share any input or questions you may have with the mailing list.
>
> Best regards,
>
> Marika
>
> *Notes/Action items 24 February 2016 - Next–Generation RDS PDP WG Meeting*
>
> /1. Roll call/ SOI/
>
> * Note, observers have read-only access to the mailing list and do
> not receive the call details. If you want to change your status,
> you can inform the GNSO Secretariat accordingly.
> * Members are required to provide a Statement of Interest in order
> to participate in the Working Group.
> * Updates to SOIs are requested at the start of every meeting.
>
> A*ction item #1*: Please complete / update your Statement of Interest
> if you have not done so yet.
>
> /2. Review of WG membership & expertise update/
>
> * Small team has been discussing how to identify current level of
> expertise
> * Identified a number of rough categories of expertise that is
> expected to be needed for this effort: Legal (IP, criminal,
> civil), Technical (Protocol development, Security, Audit), Data
> Protection, Operational (Registrar, Registries),
> Commercial/e-business, Non commercial/not for profit, government
> advisory, law enforcement (police, investigators, courts),
> individual internet user.
> * Proposal to put these categories into a zoomerang poll to allow
> for WG members to self-identify their expertise
> * Small team would like to receive input on the categories
> identified and possible sub-categories
> * Consider removing investigators as it can be considered part of
> 'police'. There are also other agencies that are involved in
> investigations, maybe that is why it has been identified as a
> separate category. Should investigators (non-government) be a
> separate category? This would include organisations like consumer
> organisations.
> * Security may not only be technical expertise, there may also be
> non-technical aspects to it. Consider having a security category
> that is not under the technical heading.
> * DNS technical specialists should also be considered as a category
> * Categories are intended to get a general sense of expertise available
> * Consider updating law enforcement to public safety to capture a
> broader category of investigators?
> * Should public defenders be added to the legal category? Might
> already be covered by legal/criminal?
> * Consider a category for cybersecurity.
> * Experts can be invited to just join when a particular topic is
> discussed - not only looking at filling gaps in membership, but
> also identify specific support that may be needed in an expert
> capacity.
> * Consider adding a category for WHOIS software / service developer
>
> *Action item #1*: All to review categories identified and provide
> feedback within 24 hours
>
> *Action item #2*: staff to develop survey on the basis of the
> categories identified and request WG members to participate
>
> *Action item #3*: small team to review feedback received to the survey
> and identify whether additional outreach is needed based on the survey
> results.
>
> /3. Review and discuss draft work plan approach/
>
> * Bulk of work in phase 1 relates to recommending requirements for
> Registration Directory Services
> * Use EWG Final Report as starting point, as instructed by the ICANN
> Board. Substantial public input was provided and incorporated by
> this effort. Not restricted to the EWG Final Report, but an
> important starting point.
> * Develop a comprehensive list of possible requirement (without a
> debate) as a first step. Deliberations on each possible
> requirement will be the next step after developing this
> comprehensive list, including reaching consensus on whether
> requirements should be included or not.
> * Outreach to SO/ACs is expected during various stages of the PDP,
> periodically as needed. This outreach may take various forms,
> formal, informal. There is a requirement for formal input at the
> early phase of the process.
> * Interdependency of all eleven questions in the charter will main
> that the WG may need to go back and forth between questions.
> * First five questions are critical as they are essential to
> responding to the foundational question of whether a new RDS is
> needed.
> * No comment period held on the Final EWG Report. EWG Report
> expected to be starting point - not stopping there, just a first
> list of possible requirements that the WG is expected to add to.
> * Should purpose be defined before discussion uses? Purposes and
> uses are part of the charter which are expected to result in
> possible requirements (see question 1).
> * Leadership team has started developing a first list of possible
> requirements - draft as a starting point for the full WG to review
> and add to. SO/AC/SG/Cs can also be asked to add to the list of
> possible requirements. Objective to have comprehensive list of
> requirements.
> * Once this comprehensive list is 'complete' (WG is of the view that
> all possible requirements have been added), systematic review of
> the requirements by the WG.
> * Deliberation of some requirements could be deferred to later
> phases, if deemed appropriate.
> * Following this work, the WG is expected to deliberate on
> foundational question: is a new RDS needed or can the existing
> WHOIS system be modified to satisfy the recommended requirements
> for questions 1-5. Answer to this question will determine
> subsequent steps.
> * Who will come up with costing based on the requirements
> identified? Is it possible to estimate costs until you get to
> phase 2 and 3? Might be possible to get a high level idea in phase
> 1, but you cannot do it thorougly until you get to phase 2 when
> the policies are identified. Phase 1 could identify what costs
> need to be measured while phase 2 may ballpark those. Cost impact
> expected across the whole eco-system. Impact assessment will be
> important question.
> * Outreach to SO/ACs may involve those groups to consult with their
> respective constituencies that may take more than 35 days. Smaller
> requests more frequently may facilitate feedback. All should be
> communicating regularly with their respective groups - bring
> feedback to the WG on an ongoing basis. If any request for input
> would be associated with a minimum 35 day timeline it would have a
> significant impact on the overall timeline.
> * Leadership team will work on the detail of the work plan based on
> the approach outlined and comments received.
> * Those on the call were supportive of the approach outlined.
> Provide opportunity for those not on the call to provide feedback
> on the approach.
> * Leadership team would like to be able to send out a first cut of a
> work plan by the end of this week so it can be further discussed
> and reviewed during next week's meeting.
>
> *Action item #4*: All to review work plan approach as has been
> circulated with the agenda and provide any comments / questions on the
> mailing list within 48 hours.
>
> *Action item #5*: Leadership team to send out first draft of work plan
> by the end of this week.
>
> /4. Discuss proposed outreach to SO/AC/SG/Cs to solicit early input/
>
> * Required to formally request input at early stage, minimum of 35
> days response time. Considering asking for general input.
> * Request formal input shortly after ICANN meeting in Marrakech.
>
> *Action item #6:* Leadership team to develop draft outreach message
> for WG review.
>
> /5. ICANN meeting in Marrakech F2F meeting/
>
> * See http://doodle.com/poll/7f9h9spwwmys26c5. To date 46 expected
> to participate in person, 20 are planning to participate remotely
> and 5 are not able to attend.
> * See https://meetings.icann.org/en/marrakech55/schedule/wed-rds for
> further details.
>
> /6. Confirm next steps and next meeting/
>
> * Next meeting will be scheduled for Tuesday 1 March at 16.00 UTC
> * Chuck will not be available for the next meeting - Susan Kawaguchi
> has volunteered to chair the meeting on 1 March.
>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160226/505be1ef/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list