[gnso-rds-pdp-wg] Notes and action items from Next-Generation RDS PDP WG Meeting - deep concerns

Fri Feb 26 10:06:12 UTC 2016

Hello all, 

I quite agree with Chuck’s plan too . I think he is right as it is important to see who wants data and for what purposes-“ The requirement list “.Once the picture is clear ,further questions can be addressed.

Regards,

Karnika Seth

From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Deacon, Alex
Sent: 26 February 2016 07:40
To: Gomes, Chuck <cgomes at verisign.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Notes and action items from Next-Generation RDS PDP WG Meeting - deep concerns

Hi All, 

We have a boat load of important work ahead of us.   As such it is important that we are doing everything we can to make sure we are working “smart” and not duplicating effort - especially the hard effort of the EWG.   Reading this thread however its not clear to me that the approach developed by Chuck and the leadership team (which I support) is vastly different from Kathy’s plan.    

Personally I’d prefer that we start with the full list of fields (based on the work in the EWG report) and analyze them holistically vs. starting with a blank slate.   But either way I’m quite sure we an address Kathy’s concerns within the framework of Chucks approach.   

Alex

Alex Deacon
Senior VP, Internet Technology
Motion Picture Association of America
Alex_Deacon at mpaa.org <mailto:Alex_Deacon at mpaa.org>  

+1.415.802.9776 (mobile)

On Feb 25, 2016, at 5:27 PM, Gomes, Chuck <cgomes at verisign.com <mailto:cgomes at verisign.com> > wrote:

Please see my responses below Kathy.

Chuck

From: Kathy Kleiman [ <mailto:kathy at kathykleiman.com> mailto:kathy at kathykleiman.com] 
Sent: Thursday, February 25, 2016 5:18 PM
To: Gomes, Chuck;  <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Notes and action items from Next-Generation RDS PDP WG Meeting - deep concerns

Hi Chuck, 
I'm sorry, but I don't understand the starting point of the draft work plan. It says that the "Bulk of Work in phase 1 relates to recommending requirements for Registration Directory Services." After review of the EWG, it states that we will "Develop a comprehensive list of possible requirement [sic] (without a debate) as a first step." 

[Chuck Gomes] That statement is an assumption based on the WG charter.  Do you not think that the WG’s main task, which will consume most of our time, will involve most of our time?  If not, please show me what I am missing in the charter.

It seems to me that the first step should be evaluating the data collected by the registrars for registration purposes. The next step should be evaluating the purposes for which that data is collected. The third step should be seeking out additionally purposes for which folks not registrars would like to use the data. The fourth step should be to determine whether the information could legally be made available for those additional purposes, and whether those additional purposes are even desirable or useful (or are there dangers and concerns?)

[Chuck Gomes] The EWG already spent countless hours evaluating the data collected and had multiple opportunities for public comment on their work.  Are you suggesting that we should repeat that work?  The first of the eleven questions deals with users and purposes so your suggested first two steps seem to be covered by the WG deliberations on the first charter question.  In other words, it seems to me that the proposed approach covers your first two steps at the beginning like you are suggesting.  The only difference is that the approach suggests identifying possible requirements first.

Jumping straight into "Develop a comprehensive list of possible requirements (without debate)" skips the whole analysis (above) that I understand is necessary under EU nations' laws (and the many other countries with data protection laws) and jumps straight into -- "who wants this data?! Get your data here!"

[Chuck Gomes] The analysis will not be skipped.  It will happen when we do our deliberation.

For the draft work plan, section 3 below ("Review and discuss draft work plan"), I would start with these opening bullet points:
- what domain name registration data is collected and for what purpose? [Chuck Gomes]  First area of deliberation.
- what specific laws and restrictions limit the re-use or secondary use of this domain name registration data?  (data gathering, legal analysis section)[Chuck Gomes]  This will happen in our deliberation on each possible requirement.
- what additional uses would people like to use the domain name registration data and why?[Chuck Gomes]  First area of deliberation.
- Outreach to the Supporting Organizations, Advisory Committees and outreach to the greater Internet Community[Chuck Gomes] We will do this multiple times during our work.
- Deliberations as to whether these additional uses are legal, possible, optional -- and what the costs and benefits are of providing this data for the secondary purposes that people are seeking it. 

On a related note, I used to program large-scale databases on Wall Street and respectfully submit that the term "requirements" in the first 3 bullet points of section 3 is being used incorrectly (or confusingly) as a technical matter. Until we do the detailed analysis of the key issues of what data collected, its primary purpose, sought secondary use, proportionality, etc, we can't possibly know or lay out the "requirements" we are seeking for the new Registration Directory Services.  "Requirements" is best used as the term for the features we intend to build into our new RDS system. We are nowhere near the "requirements" stage yet -- we are at the preliminary data gathering, use and user analysis, legal review, and other preliminaries. Shaping, scoping, defining and describing the "requirements" of the new system will come later.  What other term can we use?

[Chuck Gomes] We are using the term from the charter.  I agree that it may fit better in some cases than others but I suggest we don’t get too hung up on terminology.  If we can improve it, fine, but let’s not spend too much time debating terminology until it becomes critical, i.e., when we actually get into our deliberation.

To the other question of the WG, what "rough categories of expertise" are needed:
I would add groups that specialize in free speech, freedom of expression, human rights, domestic violence, international journalist organizations, and groups that specialize in political oppression. It is these groups that know intimately who is being harassed, stalked and even killed based on Whois data -- and many of them participated in the last public comment held by the Proxy/Privacy Accreditation Working Group. They are definitely reachable and in tune with our issues.

[Chuck Gomes] We are way past the 24-hour deadline on this.  If the membership review team has not finalized the categories yet, they of course can take your input into consideration but it is possible they have already completed the list. 

I deeply apologize for missing the meeting this week. We had a death of a family friend and given daytime commitments, I could not participate in the late-night call.

[Chuck Gomes] Please accept my condolences.

Tx for your review. 
Best,
Kathy (Kleiman)

On 2/25/2016 9:57 AM, Gomes, Chuck wrote:

Thanks for the feedback Kathy.  I will let those who were on the EWG respond to what happened after London but I did insert some personal responses below.

Chuck

From:  <mailto:gnso-rds-pdp-wg-bounces at icann.org> gnso-rds-pdp-wg-bounces at icann.org [ <mailto:gnso-rds-pdp-wg-bounces at icann.org> mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Kathy Kleiman
Sent: Thursday, February 25, 2016 9:04 AM
To:  <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Notes and action items from Next-Generation RDS PDP WG Meeting - deep concerns

Hi Chuck,
Tx you for the reminder for the last call of comments. I would like to raise concerns about some of the items in the work plan. My objections have to do with the focus of the "Outline of Approach for Phase 1" extensively on input from the EWG Final Report. The work plan, as circulated (particularly under its "Assumptions") implies an understanding and acceptance of the EWG Final Report that never existed. Let me explain (and invite my EWG friends and all present at that time) to supplement this record:

[Chuck Gomes] Please tell me why you think there is an acceptance of the EWG Final Report?  No such assumption was made by the Leadership Team.  As you share below, the intent is for it to be a starting point.

Background:  the EWG Final Report was greatly changed from the interim to the final draft. Not a little bit, but significantly, substantively, clearly changed. Dozens of new pages were added; entirely new analysis and recommendations. The final Report was difficult, even impossible, to understand. Long public sessions were held at the ICANN meeting in London where speaker after speaker raised issues, concerns and questions, questions, questions. There were so much ambiguity in the text, so many sections that were unclear, so many cross-references that were not complete that even those of us who have been in this field for many years found it impossible to understand specifically what was being recommended and why. Further, there were major questions raised about the large amount of data being collected and retained, indications of nearly unlimited access for certain types of users, and many more concerns.  There were so many questions that commenters at the microphone agreed we/they could not even start a full and substantive critique of the Final Report because it is unclear even what was being recommended on certain key and substantive points. The essence of drafting rules and technical policy is, of course, clarity and we agreed in these public session in London that it was lacking in this Final Report.** Answers were promised; answers never came. The EWG Final Report remains an ambiguous, unclear document. 

No Final Public Comment: Unfortunately, despite major and extensive changes between the interim and final drafts, and ICANN precedent itself, the EWG Final Report never went to public written comment. (In all my time in ICANN, which is a lot, I have never seen a final report which did not go to public comment - particularly a final report as complex, difficult, convoluted and significantly-changed as this one.) There was no final comment period for this report -- just a promise that no group would ever accept the Final Report as an absolute starting point; and that all future groups working with the EWG Final Report would know that it never received a final review, never received consensus, and was never even understood by those critiquing it in the public sessions. 

Dissent: Further, the EWG Final Report received a strong dissent from the only member of the EWG with a data protection background - the person who was a key drafter of the Canadian Data Protection Report. Her

issues and concerns have, of course, never been addressed because the EWG Final Report never went out for that final round of public comment and final round of revisions.

[Chuck Gomes] I fully expect and encourage the dissenter (Stephanie) to add possible requirements that address her concerns.

Accordingly: calls for acceptance and reliance on the EWG Final Report should be much more carefully worded and limited in the Work Plan than they are now. I know the Board wants us to refer it as a reference point and touch point, but not the only or exclusive starting point.  The work plan has references to other sources other than the EWG Final Report, but what are they, where are they and who will find and summarize them?  Given the speed we want to work, it is incumbent on the WG, at this early point in development, in this Work Plan, to determine what these other sources might be and how we can access them quickly, efficiently and effectively. I would like to request that the Work Plan include provisions for subteams to form and Staff to help find, use and summarize these other sources so that they will be available as quickly as the EWG Report (and noting that it may be difficult for members of the community to drop other work and write short White Papers.) But it is clear that we need to fairly and fully pull in the widest range of information and input at this critical point of Phase 1 -- the RDS Working Group richly deserves it!

[Chuck Gomes] If you think the wording asks for acceptance and reliance on the EWG Final Report, please suggest alternative wording.  Regarding other sources, many of them are identified in the EWG Report, in the Issues Report and I encourage WG members to identify other sources.  Stephanie’s minority statement is one source already mentioned, although I consider it part of the EWG Report.

In my view, I see no need for writing white papers.  What we will need though in the early parts of our work is for everyone to identify possible requirements so that we create as comprehensive a list as possible.  That list will then be deliberated on by the WG to determine which ones we agree should be recommended.

Best, 
Kathy (Kleiman)
p.s. In summary, I would like to ask Assumptions be modified to reflect the huge questions and concerns raised about the EWG Final Report in London, and the complete lack of any final comment period on a hugely and substantively-changed final report.  I would also like to request that Outline of Approach to Phase 1 be modified to reflect a concerted effort of the WG, Leadership Team subteam(s) and Staff to identify, define and summarize the "sources other than the EWG Final Report" that will be used and what resources will be devoted by Staff to collecting and summarizing them for ease of use by the WG. 

Best regards,
Kathy

On 2/24/2016 1:34 AM, Marika Konings wrote: 

Dear All,

Please find below the notes and action items of today’s meeting. I would like to draw special attention to the following action items and deadlines associated with these:

*	Action item #1: All to review categories identified by small team and provide feedback within 24 hours (see attached)
*	Action item #4: All to review work plan approach as has been circulated with the agenda and provide any comments / questions on the mailing list within 48 hours. (see attached)

Please share any input or questions you may have with the mailing list.

Best regards,

Marika

Notes/Action items 24 February 2016 - Next–Generation RDS PDP WG Meeting

1. Roll call/ SOI

*	Note, observers have read-only access to the mailing list and do not receive the call details. If you want to change your status, you can inform the GNSO Secretariat accordingly.
*	Members are required to provide a Statement of Interest in order to participate in the Working Group.
*	Updates to SOIs are requested at the start of every meeting.

Action item #1: Please complete / update your Statement of Interest if you have not done so yet. 

2. Review of WG membership & expertise update

*	Small team has been discussing how to identify current level of expertise
*	Identified a number of rough categories of expertise that is expected to be needed for this effort: Legal (IP, criminal, civil), Technical (Protocol development, Security, Audit), Data Protection, Operational (Registrar, Registries), Commercial/e-business, Non commercial/not for profit, government advisory, law enforcement (police, investigators, courts), individual internet user.
*	Proposal to put these categories into a zoomerang poll to allow for WG members to self-identify their expertise
*	Small team would like to receive input on the categories identified and possible sub-categories
*	Consider removing investigators as it can be considered part of 'police'. There are also other agencies that are involved in investigations, maybe that is why it has been identified as a separate category. Should investigators (non-government) be a separate category? This would include organisations like consumer organisations.
*	Security may not only be technical expertise, there may also be non-technical aspects to it. Consider having a security category that is not under the technical heading.
*	DNS technical specialists should also be considered as a category
*	Categories are intended to get a general sense of expertise available
*	Consider updating law enforcement to public safety to capture a broader category of investigators?
*	Should public defenders be added to the legal category? Might already be covered by legal/criminal?
*	Consider a category for cybersecurity. 
*	Experts can be invited to just join when a particular topic is discussed - not only looking at filling gaps in membership, but also identify specific support that may be needed in an expert capacity. 
*	Consider adding a category for WHOIS software / service developer

Action item #1: All to review categories identified and provide feedback within 24 hours

Action item #2: staff to develop survey on the basis of the categories identified and request WG members to participate

Action item #3: small team to review feedback received to the survey and identify whether additional outreach is needed based on the survey results. 

3. Review and discuss draft work plan approach

*	Bulk of work in phase 1 relates to recommending requirements for Registration Directory Services
*	Use EWG Final Report as starting point, as instructed by the ICANN Board. Substantial public input was provided and incorporated by this effort. Not restricted to the EWG Final Report, but an important starting point. 
*	Develop a comprehensive list of possible requirement (without a debate) as a first step. Deliberations on each possible requirement will be the next step after developing this comprehensive list, including reaching consensus on whether requirements should be included or not.
*	Outreach to SO/ACs is expected during various stages of the PDP, periodically as needed. This outreach may take various forms, formal, informal. There is a requirement for formal input at the early phase of the process. 
*	Interdependency of all eleven questions in the charter will main that the WG may need to go back and forth between questions. 
*	First five questions are critical as they are essential to responding to the foundational question of whether a new RDS is needed. 
*	No comment period held on the Final EWG Report. EWG Report expected to be starting point - not stopping there, just a first list of possible requirements that the WG is expected to add to.
*	Should purpose be defined before discussion uses? Purposes and uses are part of the charter which are expected to result in possible requirements (see question 1).
*	Leadership team has started developing a first list of possible requirements - draft as a starting point for the full WG to review and add to. SO/AC/SG/Cs can also be asked to add to the list of possible requirements. Objective to have comprehensive list of requirements. 
*	Once this comprehensive list is 'complete' (WG is of the view that all possible requirements have been added), systematic review of the requirements by the WG. 
*	Deliberation of some requirements could be deferred to later phases, if deemed appropriate. 
*	Following this work, the WG is expected to deliberate on foundational question: is a new RDS needed or can the existing WHOIS system be modified to satisfy the recommended requirements for questions 1-5. Answer to this question will determine subsequent steps. 
*	Who will come up with costing based on the requirements identified? Is it possible to estimate costs until you get to phase 2 and 3? Might be possible to get a high level idea in phase 1, but you cannot do it thorougly until you get to phase 2 when the policies are identified. Phase 1 could identify what costs need to be measured while phase 2 may ballpark those. Cost impact expected across the whole eco-system. Impact assessment will be important question.
*	Outreach to SO/ACs may involve those groups to consult with their respective constituencies that may take more than 35 days. Smaller requests more frequently may facilitate feedback. All should be communicating regularly with their respective groups - bring feedback to the WG on an ongoing basis. If any request for input would be associated with a minimum 35 day timeline it would have a significant impact on the overall timeline.
*	Leadership team will work on the detail of the work plan based on the approach outlined and comments received.
*	Those on the call were supportive of the approach outlined. Provide opportunity for those not on the call to provide feedback on the approach. 
*	Leadership team would like to be able to send out a first cut of a work plan by the end of this week so it can be further discussed and reviewed during next week's meeting.

Action item #4: All to review work plan approach as has been circulated with the agenda and provide any comments / questions on the mailing list within 48 hours. 

Action item #5: Leadership team to send out first draft of work plan by the end of this week.

4. Discuss proposed outreach to SO/AC/SG/Cs to solicit early input

*	Required to formally request input at early stage, minimum of 35 days response time. Considering asking for general input.
*	Request formal input shortly after ICANN meeting in Marrakech. 

Action item #6: Leadership team to develop draft outreach message for WG review.

5. ICANN meeting in Marrakech F2F meeting

*	See  <http://doodle.com/poll/7f9h9spwwmys26c5> http://doodle.com/poll/7f9h9spwwmys26c5. To date 46 expected to participate in person, 20 are planning to participate remotely and 5 are not able to attend.
*	See  <https://meetings.icann.org/en/marrakech55/schedule/wed-rds> https://meetings.icann.org/en/marrakech55/schedule/wed-rds for further details.

6. Confirm next steps and next meeting

*	Next meeting will be scheduled for Tuesday 1 March at 16.00 UTC 
*	Chuck will not be available for the next meeting - Susan Kawaguchi has volunteered to chair the meeting on 1 March.

_______________________________________________
gnso-rds-pdp-wg mailing list
 <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
 <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________
gnso-rds-pdp-wg mailing list
 <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
 <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160226/0e7f8a48/attachment.html>