[gnso-rds-pdp-wg] RDS 5 Charter questions

Fri Jun 17 16:26:07 UTC 2016

I support sticking with the original plan -- examining and seeking public
comment on all five fundamental elements simultaneously.  If we put some
elements aside, that prevents a holistic consideration of the subject and
creates the potential for ambiguity and misunderstanding (e.g., what would
one assume about gated access if it's not part of the discussion -- that it
solves all problems, shouldn't be considered (i.e., we are assuming full
public access), or what?).

If we are going to consider putting some elements aside, starting with the
three that induce the most passion and interest (the so-called "big three")
doesn't really make rational sense.  It creates a lopsided division of
labor.  More importantly, I strongly believe that would not be the right
order, if we're going down the road of picking and choosing.

As I mentioned on our recent call, the standard method for legal analysis
is "(1) Find the facts; (2) find the law; (3) apply the law to the facts."
 Gated access is clearly part of the "facts" making up the overall factual
scenario to which any law would need to be applied.  Accuracy is as well,
especially if we get into discussing potential methodologies for improving
accuracy.  Stephanie's most recent email on costs also includes reasons why
gated access is an essential potential factual element and should not be
delayed in our analytical process.

The 3 step method for legal analysis suggests that, if any aspect of our
work should be set aside, it is the exploration of laws (primarily but not
limited to privacy laws).  Getting into a legal analysis of a substantially
incomplete set of facts will be a fruitless waste of time in the long run.
As such, I would suggest that if we are going to break this up into stages,
the (privacy) law discussion be left to the second stage -- not because it
is less important, but because it is premature until we have considered the
factual elements of what a next gen RDS might look.

Greg

On Fri, Jun 17, 2016 at 9:39 AM, Farell Folly <farellfolly at gmail.com> wrote:

> +1 Chuck.
>
> Best Regards
> --ff--
>
> Mail sent from my mobile phone. Excuse for brievety.
> Le 17 juin 2016 14:05, "Gomes, Chuck" <cgomes at verisign.com> a écrit :
>
>> Stephanie,
>>
>>
>>
>> You provide some excellent input for the costing exercise and make a very
>> valid point that none of us want to go through this lengthy exercise only
>> to find out it can’t be funded because of prohibitive costs.  So I
>> definitely agree that we need start examining costs in Phase 1 but I think
>> it will be a little easier (not easy) to start doing that after we
>> deliberate on the possible requirements for the first five questions and
>> agree on an answer to the fundamental question we have to answer at that
>> point, i.e., whether a new RDS system is needed to meet the requirements.
>> In the meantime, it will be wise for us to keep cost implications in mind
>> in everything we do because they will be critical.
>>
>>
>>
>> Chuck
>>
>>
>>
>> *From:* Stephanie Perrin [mailto:stephanie.perrin at mail.utoronto.ca]
>> *Sent:* Thursday, June 16, 2016 11:32 PM
>> *To:* Gomes, Chuck; gnso-rds-pdp-wg at icann.org
>> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>>
>>
>>
>> Excellent question, and it is a hard one.  In my view step one is to
>> isolate every step in the data chain that involves a cost (to the
>> registrant, to the registrar, registry, beneficial user of the data, access
>> control entity, escrow entity, even ICANN etc.).  I include time as money
>> here.  Systems and backup systems I am sure everyone has decent numbers
>> for, I am less sure about the rest because if ICANN demands certain data
>> practices as a condition of accreditation it is hardly worth costing it
>> out.  However, adding data elements, tiered access, authentication, decent
>> security, escrow, adds cost elements. One of the questions that is factored
>> in to that root question, what is the purpose of WHOIS?, is related to
>> affordability and access to the DNS for every individual and company, as
>> far as I am concerned (and I think I speak for most of us in NCSG when I
>> say that).  So if you tell me you can estimate this now, I will relax.  It
>> is a bit like knowing what your budget is when you reach for the grocery
>> cart....and who gave you the money in your purse.  If registrars have to
>> deal with every law enforcement/IP holder demand for data with a human
>> being, the cost may well be prohibitive.  this is a nut that has to be
>> cracked early, in my view, I do not want to be lulled into a false sense of
>> security that tiered access with solve privacy problems if a couple of
>> years from now we are told sorry, the registrant will have to be taxed an
>> extra 250% to cover the cost of that.  Since the EWG tried in vain to find
>> a party who was keen to authenticate law enforcement, I suspect that piece
>> will be extremely costly as well.
>>
>> SP
>>
>>
>>
>> On 2016-06-16 22:20, Gomes, Chuck wrote:
>>
>> Stephanie,
>>
>>
>>
>> You have brought up costs multiple times before but I am still puzzled
>> how we can estimate costs until we have a better understanding of what the
>> requirements will be along with the resulting policies.  And solving the
>> problem of who pays is pretty hard to do until we have a reasonable
>> estimate of the amount of costs. How would you propose we deal with costs
>> at this stage?
>>
>>
>>
>> Chuck
>>
>>
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann.org [
>> mailto:gnso-rds-pdp-wg-bounces at icann.org
>> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Stephanie Perrin
>> *Sent:* Thursday, June 16, 2016 10:09 AM
>> *To:* gnso-rds-pdp-wg at icann.org
>> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>>
>>
>>
>> I will repeat what I have said before.  Discussing "requirements" before
>> purpose sets up business requirements before we have defined the business.
>> DIscussing accuracy and access before we have determined requirements
>> merely throws the cement hardener into the mix.  Why on earth discuss
>> accuracy requirements for data elements that are on someone's wish list
>> unless the costing (and who will pay) is also defined?  Part of discussing
>> original purpose of the collection, use and disclosure of registration data
>> is to determine, in 2016 and for the foreseeable future, why we collect
>> information, what is legally permissible to collect, and who will pay for
>> that collection (in one form or another).
>>
>> as I have said before, I fully understand that tackling this problem is
>> difficult, and I understand the rationale for going with all the
>> "requirements" first.  I do think getting further refinement will sway all
>> of us in certain directions....towards accepting the assumptions that all
>> this data collection is necessary and desirable.  It will also tire out
>> those of us who have another life, but perhaps that is a desired outcome of
>> the majority.
>>
>> Apologies for missing the call yesterday, I was travelling and unable to
>> accept the callout.  Comments will be coming shortly.
>>
>> SP
>>
>>
>>
>> On 2016-06-16 5:59, Victoria Sheckler wrote:
>>
>> +1
>>
>>
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann.org [
>> mailto:gnso-rds-pdp-wg-bounces at icann.org
>> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Vayra, Fabricio
>> (Perkins Coie)
>> *Sent:* Wednesday, June 15, 2016 10:50 AM
>> *To:* Gomes, Chuck <cgomes at verisign.com> <cgomes at verisign.com>; Ayden
>> Férdeline <icann at ferdeline.com> <icann at ferdeline.com>; Susan Kawaguchi
>> <susank at fb.com> <susank at fb.com>
>> *Cc:* gnso-rds-pdp-wg at icann.org
>> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>>
>>
>>
>> I agree with Susan.  There’s a reason the charter was written as is and
>> to change it unwinds the charter without the benefit of the thoughtful work
>> and deliberations that went into it.  Moreover, leaving access and accuracy
>> out of the discussion until the end has us making decisions in a vacuum.
>> And, finally, I’m not sure how you divorce Users/Purposes, Privacy, and
>> Data elements from Access and Accuracy, as the latter two are a constant
>> and vital reference within all documents I’ve reviewed on the former three
>> … so to separate these two topics out until later just sets us up for
>> unnecessary grid-lock when we have to revisit the first three topics
>> through the interrelated latter two topics of Access and Accuracy.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> *Fabricio Vayra*
>>
>> *PARTNER*
>>
>> 700 Thirteenth Street, N.W. Suite 600
>>
>> Washington, DC 20005-3960
>>
>> D. +1.202.654.6255
>>
>> F. +1.202.654.9678
>>
>> E. FVayra at perkinscoie.com
>>
>> [image: cid:image001.jpg at 01D054C5.01001EE0]
>>
>>
>>
>> *From:* gnso-rds-pdp-wg-bounces at icann.org [
>> mailto:gnso-rds-pdp-wg-bounces at icann.org
>> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Gomes, Chuck
>> *Sent:* Wednesday, June 15, 2016 9:21 AM
>> *To:* Ayden Férdeline; Susan Kawaguchi
>> *Cc:* gnso-rds-pdp-wg at icann.org
>> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>> *Importance:* High
>>
>>
>>
>> Thanks for continuing the discussion on the approach to reaching
>> consensus.  I strongly encourage others to express your opinion on that
>> along with your rationale:  1) Should we leave our work plan as is or 2)
>> should we change it from two issue reports to three issue reports with the
>> first one following deliberation on the user/purpose, privacy/data
>> protection and data element questions?
>>
>>
>>
>> I appreciate the time you took to explain your position but note that
>> much of what you said gets into what we will discuss in our future
>> deliberations so I ask everyone to not go there yet but instead focus on
>> commenting on the approach to reaching consensus.  Our goal is to finalize
>> that approach in our meeting next week.
>>
>>
>>
>> Chuck
>>
>>
>>
>> *From:* Ayden Férdeline [mailto:icann at ferdeline.com <icann at ferdeline.com>]
>>
>> *Sent:* Wednesday, June 15, 2016 6:54 AM
>> *To:* Susan Kawaguchi
>> *Cc:* gnso-rds-pdp-wg at icann.org; Gomes, Chuck
>> *Subject:* Re: [gnso-rds-pdp-wg] RDS 5 Charter questions
>>
>>
>>
>> Hi Susan,
>>
>>
>>
>> Thanks for sharing these reflections. I understand the desire not to
>> complicate this task. As someone who is new to the ICANN community and its
>> approach to policy-making – and, also, someone who is an advocate of
>> privacy – it would seem to me that all the costs and burdens associated
>> with rallying against an open-access Registration Directory Service have
>> been put on some stakeholders, while proponents of the status quo profit
>> from the lack of consensus or inertia on a different path forward. I say
>> this not to demonise any views, but to clarify that I do indeed share your
>> perspective that we don’t want to be permanently gridlocked here.
>>
>>
>>
>> This is actually why my preference would be to go down the path that was
>> suggested on our call yesterday – from what I recall, it would mean three
>> opportunities for public comment, and a mandate to focus our energies on
>> understanding Users/Purposes, Privacy, and Data Elements before we consider
>> whether or not gated access is necessary or whether or not records should
>> be accurate. It seems a little premature to me to consider the latter
>> points when we have not yet established if there is a basis for collecting
>> registration data in the first place. I share your point, though, that we
>> should be distinguishing between individuals and commercial entities –
>> which is not to presuppose that there ultimately will be a need for
>> variations in treatment if the RDS is warranted.
>>
>>
>>
>> We can make our work easier, however. If we decide upon a standard by
>> which to assess whether or not the RDS complies with, say, data privacy
>> laws, we might have a more straightforward exercise ahead. And on that
>> point I would like to note that just because the Internet originated in the
>> US and its governance framework has been historically dominated by US-based
>> actors does not mean we should by default turn to US law for contextual
>> protections or principles. I would like to respectfully suggest that
>> European instruments such as the European Convention on Human Rights,
>> standards set by the European Union Data Protection Directive, and
>> Convention 108 of the Council of Europe might be helpful starting points.
>> These are not obscure laws or conventions which apply to no one: the EU
>> population is over 500 million people, far greater than that of the US.
>>
>>
>>
>> I am not a lawyer and I do not come at this topic with the same
>> institutional knowledge that others do have. I do not know all the details
>> or decisions that have led us to this point where, it would seem, the
>> (political) cost to move away from the current default is so very high. I
>> say this to be clear, from the onset, that I might well be misinformed or
>> wrong about how we move forward in this working group. However, it is my
>> view that just because the Internet is by nature cross-border does not mean
>> that it should be treated as a self-governing realm beyond the reach of
>> national laws. WHOIS today, to me, seems to subvert and/or undermine
>> domestic norms and institutions in many territories worldwide. I don’t want
>> to get into the question of sovereignty online, but it would be helpful to
>> at least establish whether or not we believe ICANN should mandate through
>> its contracts with registrars that they comply with local legal
>> regulations, or whether we instead believe that market forces should be
>> driving fundamental decisions about the nature of the Internet.
>>
>>
>>
>> You can probably guess my position here, but I’d like to think we can
>> reach some common ground. What are we more concerned about – the rights of
>> the data subject and controller, or the rights of those who wish to
>> monetise it? To come up with, like we have, a list of something like 780
>> possible requirements for the RDS strikes me as a recipe for disaster. It
>> seems inevitable that we will accidentally impose huge costs on some
>> stakeholder groups – the unintended consequence of trying to achieve some
>> short-term policy goal not to do with any functional imperative of the
>> Internet itself, but to meet someone’s obscure interest. That’s why I want
>> to hammer down on what data is being collected, why it is being used, and
>> what are the implications for privacy before we proceed any further.
>>
>>
>>
>> Just my $0.02.
>>
>>
>>
>> - Ayden
>>
>>
>>
>>
>>
>> On Tue, Jun 14, 2016 10:51 PM, Susan Kawaguchi susank at fb.com wrote:
>>
>> Hello All,
>>
>>
>>
>> I have been thinking about the RDS discussion from this morning’s meeting
>> and wanted to clarify my personal position (not as a vice chair of the WG)
>>  I think we will complicate our task if we initially limit the discussion
>> to  three of the charter questions relating to users/purposes, privacy and
>> data elements.  Much thought went into drafting the charter and
>> brainstorming how a WG should approach deliberations.
>>
>>
>>
>> Users/Purposes
>>
>> Privacy
>>
>> Data elements
>>
>> Access
>>
>> Accuracy
>>
>>
>>
>> All of the above are very interrelated and I can’t imagine that we can
>> sufficiently discuss one or two without the others.
>>
>>
>>
>> One other issue that comes to mind is that we must keep in mind PII data
>> but we also have to be wary of creating requirements that convey data
>> protection rights of individuals to commercial entities.  For each of the
>> topics above we need to address how it would affect an individual or a
>> commercial entity.
>>
>>
>>
>> I think we should move forward with the original plan according to the
>> Charter and discuss all 5 issues in the first pass.
>>
>> Susan Kawaguchi
>>
>> Domain Name Manager
>>
>> Facebook Legal Dept.
>>
>>
>>
>>
>>
>> Ayden Férdeline
>>
>> Statement of Interest
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gnsosoi_Ayden-26-2343-3BF-25C3-25A9rdeline-26-2343-3BSOI&d=CwMGaQ&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=fLy_j2dJidfz8cbOpf5vyO1JREPzgsOw2KKOvpqP3eI&s=kkHizDWFLQRbNkD1e9Kt9tnqA6BmHLWlIte1Qy8Q500&e=>
>>
>>
>>
>>
>> ------------------------------
>>
>>
>> NOTICE: This communication may contain privileged or other confidential
>> information. If you have received it in error, please advise the sender by
>> reply email and immediately delete the message and any attachments without
>> copying or disclosing the contents. Thank you.
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> gnso-rds-pdp-wg mailing list
>>
>> gnso-rds-pdp-wg at icann.org
>>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160617/b658728d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4701 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160617/b658728d/image001.jpg>