[gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )

Thu Jul 21 09:27:15 UTC 2016

> On 21 Jul 2016, at 12:41 AM, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca> wrote:
> 
> I realize that this discussion is premature but it is very important.  Despite our reliance in this group on the work of the EWG, it is important to note a few things that we addressed in a very insufficient manner in that report, and in my view they are deal-breakers:
> 
> 1)  How to authenticate law enforcement, private cybersecurity actors, and lawyers/paralegals when they are requesting access to greater levels of detail.  Court orders cover only certain cases, most are not covered.  Who are they, what do they get, why do they get it, and how do you audit what they actually did?  THese are to my non technical mind, separate authentication issues.  The actors need to be authenticated, the request needs to be signed and authenticated as coming from an appropriate authority, the scope needs to be established and signed, the trail needs to be auditable (and thus authenticated).  Guys like Brad Malin who have done interesting work on anonymization of hospital records have tackled these problems, but I cannot imagine how we apply it to this honking big global system.
> 
	While these are obviously complicated issues, they are primarily policy issues not technical ones. It is my opinion that there are potential technical mechanisms that could provide support for relatively efficient technical implication of these mechanisms if needed. The efficient policy implementation of these issues is more complex, but surely the process you describe is aspirational at best in some jurisdictions. 

> 
> 2)  Nation states do not sign MLATS with all countries.  Why would ICANN engineer a system that overrides national sovereignty and permits actors in untrusted jurisdictions to request data they could not get through another country's justice department?

It is important to understand that all LEAs are not equal, even that complying with a lawful order in one jurisdiction might be illegal in another. 
We should also understand that some voluntary cooperation with some requests from outside national jurisdictions is also a possibility. Cross-jurisdictional requests are something that we should consider carefully. 

	David