[gnso-rds-pdp-wg] RDS 5 Charter questions
Gomes, Chuck
cgomes at verisign.com
Fri Jun 17 13:01:58 UTC 2016
Stephanie,
You provide some excellent input for the costing exercise and make a very valid point that none of us want to go through this lengthy exercise only to find out it can't be funded because of prohibitive costs. So I definitely agree that we need start examining costs in Phase 1 but I think it will be a little easier (not easy) to start doing that after we deliberate on the possible requirements for the first five questions and agree on an answer to the fundamental question we have to answer at that point, i.e., whether a new RDS system is needed to meet the requirements. In the meantime, it will be wise for us to keep cost implications in mind in everything we do because they will be critical.
Chuck
From: Stephanie Perrin [mailto:stephanie.perrin at mail.utoronto.ca]
Sent: Thursday, June 16, 2016 11:32 PM
To: Gomes, Chuck; gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
Excellent question, and it is a hard one. In my view step one is to isolate every step in the data chain that involves a cost (to the registrant, to the registrar, registry, beneficial user of the data, access control entity, escrow entity, even ICANN etc.). I include time as money here. Systems and backup systems I am sure everyone has decent numbers for, I am less sure about the rest because if ICANN demands certain data practices as a condition of accreditation it is hardly worth costing it out. However, adding data elements, tiered access, authentication, decent security, escrow, adds cost elements. One of the questions that is factored in to that root question, what is the purpose of WHOIS?, is related to affordability and access to the DNS for every individual and company, as far as I am concerned (and I think I speak for most of us in NCSG when I say that). So if you tell me you can estimate this now, I will relax. It is a bit like knowing what your budget is when you reach for the grocery cart....and who gave you the money in your purse. If registrars have to deal with every law enforcement/IP holder demand for data with a human being, the cost may well be prohibitive. this is a nut that has to be cracked early, in my view, I do not want to be lulled into a false sense of security that tiered access with solve privacy problems if a couple of years from now we are told sorry, the registrant will have to be taxed an extra 250% to cover the cost of that. Since the EWG tried in vain to find a party who was keen to authenticate law enforcement, I suspect that piece will be extremely costly as well.
SP
On 2016-06-16 22:20, Gomes, Chuck wrote:
Stephanie,
You have brought up costs multiple times before but I am still puzzled how we can estimate costs until we have a better understanding of what the requirements will be along with the resulting policies. And solving the problem of who pays is pretty hard to do until we have a reasonable estimate of the amount of costs. How would you propose we deal with costs at this stage?
Chuck
From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Stephanie Perrin
Sent: Thursday, June 16, 2016 10:09 AM
To: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
I will repeat what I have said before. Discussing "requirements" before purpose sets up business requirements before we have defined the business. DIscussing accuracy and access before we have determined requirements merely throws the cement hardener into the mix. Why on earth discuss accuracy requirements for data elements that are on someone's wish list unless the costing (and who will pay) is also defined? Part of discussing original purpose of the collection, use and disclosure of registration data is to determine, in 2016 and for the foreseeable future, why we collect information, what is legally permissible to collect, and who will pay for that collection (in one form or another).
as I have said before, I fully understand that tackling this problem is difficult, and I understand the rationale for going with all the "requirements" first. I do think getting further refinement will sway all of us in certain directions....towards accepting the assumptions that all this data collection is necessary and desirable. It will also tire out those of us who have another life, but perhaps that is a desired outcome of the majority.
Apologies for missing the call yesterday, I was travelling and unable to accept the callout. Comments will be coming shortly.
SP
On 2016-06-16 5:59, Victoria Sheckler wrote:
+1
From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Vayra, Fabricio (Perkins Coie)
Sent: Wednesday, June 15, 2016 10:50 AM
To: Gomes, Chuck <cgomes at verisign.com><mailto:cgomes at verisign.com>; Ayden Férdeline <icann at ferdeline.com><mailto:icann at ferdeline.com>; Susan Kawaguchi <susank at fb.com><mailto:susank at fb.com>
Cc: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
I agree with Susan. There's a reason the charter was written as is and to change it unwinds the charter without the benefit of the thoughtful work and deliberations that went into it. Moreover, leaving access and accuracy out of the discussion until the end has us making decisions in a vacuum. And, finally, I'm not sure how you divorce Users/Purposes, Privacy, and Data elements from Access and Accuracy, as the latter two are a constant and vital reference within all documents I've reviewed on the former three ... so to separate these two topics out until later just sets us up for unnecessary grid-lock when we have to revisit the first three topics through the interrelated latter two topics of Access and Accuracy.
Thanks,
Fabricio Vayra
PARTNER
700 Thirteenth Street, N.W. Suite 600
Washington, DC 20005-3960
D. +1.202.654.6255
F. +1.202.654.9678
E. FVayra at perkinscoie.com<mailto:FVayra at perkinscoie.com>
[cid:image001.jpg at 01D054C5.01001EE0]
From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Gomes, Chuck
Sent: Wednesday, June 15, 2016 9:21 AM
To: Ayden Férdeline; Susan Kawaguchi
Cc: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
Importance: High
Thanks for continuing the discussion on the approach to reaching consensus. I strongly encourage others to express your opinion on that along with your rationale: 1) Should we leave our work plan as is or 2) should we change it from two issue reports to three issue reports with the first one following deliberation on the user/purpose, privacy/data protection and data element questions?
I appreciate the time you took to explain your position but note that much of what you said gets into what we will discuss in our future deliberations so I ask everyone to not go there yet but instead focus on commenting on the approach to reaching consensus. Our goal is to finalize that approach in our meeting next week.
Chuck
From: Ayden Férdeline [mailto:icann at ferdeline.com]
Sent: Wednesday, June 15, 2016 6:54 AM
To: Susan Kawaguchi
Cc: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>; Gomes, Chuck
Subject: Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
Hi Susan,
Thanks for sharing these reflections. I understand the desire not to complicate this task. As someone who is new to the ICANN community and its approach to policy-making - and, also, someone who is an advocate of privacy - it would seem to me that all the costs and burdens associated with rallying against an open-access Registration Directory Service have been put on some stakeholders, while proponents of the status quo profit from the lack of consensus or inertia on a different path forward. I say this not to demonise any views, but to clarify that I do indeed share your perspective that we don't want to be permanently gridlocked here.
This is actually why my preference would be to go down the path that was suggested on our call yesterday - from what I recall, it would mean three opportunities for public comment, and a mandate to focus our energies on understanding Users/Purposes, Privacy, and Data Elements before we consider whether or not gated access is necessary or whether or not records should be accurate. It seems a little premature to me to consider the latter points when we have not yet established if there is a basis for collecting registration data in the first place. I share your point, though, that we should be distinguishing between individuals and commercial entities - which is not to presuppose that there ultimately will be a need for variations in treatment if the RDS is warranted.
We can make our work easier, however. If we decide upon a standard by which to assess whether or not the RDS complies with, say, data privacy laws, we might have a more straightforward exercise ahead. And on that point I would like to note that just because the Internet originated in the US and its governance framework has been historically dominated by US-based actors does not mean we should by default turn to US law for contextual protections or principles. I would like to respectfully suggest that European instruments such as the European Convention on Human Rights, standards set by the European Union Data Protection Directive, and Convention 108 of the Council of Europe might be helpful starting points. These are not obscure laws or conventions which apply to no one: the EU population is over 500 million people, far greater than that of the US.
I am not a lawyer and I do not come at this topic with the same institutional knowledge that others do have. I do not know all the details or decisions that have led us to this point where, it would seem, the (political) cost to move away from the current default is so very high. I say this to be clear, from the onset, that I might well be misinformed or wrong about how we move forward in this working group. However, it is my view that just because the Internet is by nature cross-border does not mean that it should be treated as a self-governing realm beyond the reach of national laws. WHOIS today, to me, seems to subvert and/or undermine domestic norms and institutions in many territories worldwide. I don't want to get into the question of sovereignty online, but it would be helpful to at least establish whether or not we believe ICANN should mandate through its contracts with registrars that they comply with local legal regulations, or whether we instead believe that market forces should be driving fundamental decisions about the nature of the Internet.
You can probably guess my position here, but I'd like to think we can reach some common ground. What are we more concerned about - the rights of the data subject and controller, or the rights of those who wish to monetise it? To come up with, like we have, a list of something like 780 possible requirements for the RDS strikes me as a recipe for disaster. It seems inevitable that we will accidentally impose huge costs on some stakeholder groups - the unintended consequence of trying to achieve some short-term policy goal not to do with any functional imperative of the Internet itself, but to meet someone's obscure interest. That's why I want to hammer down on what data is being collected, why it is being used, and what are the implications for privacy before we proceed any further.
Just my $0.02.
- Ayden
On Tue, Jun 14, 2016 10:51 PM, Susan Kawaguchi susank at fb.com<mailto:susank at fb.com> wrote:
Hello All,
I have been thinking about the RDS discussion from this morning's meeting and wanted to clarify my personal position (not as a vice chair of the WG) I think we will complicate our task if we initially limit the discussion to three of the charter questions relating to users/purposes, privacy and data elements. Much thought went into drafting the charter and brainstorming how a WG should approach deliberations.
Users/Purposes
Privacy
Data elements
Access
Accuracy
All of the above are very interrelated and I can't imagine that we can sufficiently discuss one or two without the others.
One other issue that comes to mind is that we must keep in mind PII data but we also have to be wary of creating requirements that convey data protection rights of individuals to commercial entities. For each of the topics above we need to address how it would affect an individual or a commercial entity.
I think we should move forward with the original plan according to the Charter and discuss all 5 issues in the first pass.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
Ayden Férdeline
Statement of Interest<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gnsosoi_Ayden-26-2343-3BF-25C3-25A9rdeline-26-2343-3BSOI&d=CwMGaQ&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=fLy_j2dJidfz8cbOpf5vyO1JREPzgsOw2KKOvpqP3eI&s=kkHizDWFLQRbNkD1e9Kt9tnqA6BmHLWlIte1Qy8Q500&e=>
________________________________
NOTICE: This communication may contain privileged or other confidential information. If you have received it in error, please advise the sender by reply email and immediately delete the message and any attachments without copying or disclosing the contents. Thank you.
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160617/5c471c51/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4701 bytes
Desc: image001.jpg
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160617/5c471c51/image001.jpg>
More information about the gnso-rds-pdp-wg
mailing list