[gnso-rds-pdp-wg] Notes, WG agreements and action items from today's meeting

[Marika Konings]

Dear All,

Please find below the notes, WG agreements and action items from today’s RDS PDP WG meeting.

Best regards,

Marika

=============

Notes – RDS PDP WG Meeting – 18 January 2017:

These high-level notes are designed to help PDP WG members navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at: https://community.icann.org/x/C4xlAw.

1. Roll call / SOI

·         Attendance will be taken from Adobe Connect

·         Please remember to state your name for transcription purposes and do not forget to mute your line when not speaking.

·         Please remember to update your SOI, if/when needed

2. Review poll results: Results-Poll-on-Purpose-from-10JanCall-v2.pdf
      a. Review of conclusions & comments/clarifications

·         See results at https://community.icann.org/download/attachments/63157265/Results-Poll-on-Purpose-from-10JanCall-v2.pdf?version=1&modificationDate=1484585516000&api=v2

·         Question 1: Comments pertain to other data elements so no need to discuss. Domain Name Control is a legitimate purpose for “thin data" collection. (95.5%)

·         Further refinement may occur over time, but agreements will be added to key concepts document in order to keep a record and be able to revisit as needed.

WG Agreement #1: Domain Name Control is a legitimate purpose for “thin data" collection.


·         Question 2: Strong results. Technical Issue Resolution is a legitimate purpose for "thin data" collection. (96.43%). Number of comments, but 1 relates to question 3. Comment 2 on scope of Technical Issue Resolution to be addressed when the WG reaches the point of deliberating on specific definitions for each purpose.  Deliberation on more than purposes for collection of “thin data” may be needed to fully-define each purpose, including this one.

WG Agreement #2: Technical Issue Resolution is a legitimate purpose for "thin data" collection.


·         Question 3 - no conclusions, but gives a sense where people preliminary are.

·         None of the additional purposes listed in Question 3 stand out as largely opposed. On a scale of 0 (no support) to 10 (full support), all of those purposes averaged between 6.68 and 7.58.

·         The majority of WG members expressed initial support ranging from neutral (5) to full support (10) for all of the purposes listed in Question 3, with nearly half (11-15) expressing full support.

·         A minority of WG members (2-5) expressed no initial support for all of the purposes listed in Question 3.

·         These results lead us to the next agenda item: deliberating purposes for “thin data” collection, continuing in the order listed in 18JanMeeting-PurposesForThinData-Handout.  Any possible WG agreements reached on those purposes to be confirmed in the next WG poll.

3. Continue deliberation with Users/Purposes Charter Question 2.2 for thin data only, starting with collection only:

·         2.2.1 For what specific (legitimate?) purposes should gTLD registration thin data elements be collected?

·         See handout: 18JanMeeting-PurposesForThinData-Handout.pdf

·         DN Certification - how is thin data used in this regard and why is it helpful? Certificate authorities, when they receive a request for a digital certificate, they investigate who the organization / individual is applying. Number of standards set by the CA browser forum which is the controlling authority. All of the CAs basically use the same practices / processes. Want to make sure that the person requesting is say who they are and representing who they say they are representing. Bind identity with the domain name. Information currently available in WHOIS is essential part of this process. Outside of gTLDs in a ccTLDs world there is a lot of frustration as CAs often do not know how to undertake this validation as the information is not necessarily publicly available. Which data elements do CAs look at and does it very per type of certificate? Different types of certificates, with different levels of 'validation'. From a purely thin data perspective, is there any usage of that or is it more focused on the 'thick' data? All data that CAs have access to is used. Automated processes that use the different data sources. Higher level of certification does require access to thick data. Not having access would have a significant impact on CAs. No clear plan B. Is DN Certification a legitimate purpose for thin data? Nameservers are slightly useful, but main interest will be in thick data as that is required to carry out the type of validaton discussed. No objections by those on the call to include DN certification as a valid purpose for thin data. (note this is still about purpose for collection - disclosure is for a subsequent discussion).

·         A question that will need to be further deliberated in the future is whether authenticators, who arguably ought to be trusted parties, should be harvesting this data off an open WHOIS.  If this is what they are doing as part of their functions, they could be autheticated to seek the data at a deeper level.

Possible WG Agreement #3: Domain Name Certification is a legitimate purpose for "thin data" collection.

Action item #1: Poll to include question to verify that there is support for domain name certification as a legitimate purpose for thin data.


·         Business Domin Name Purchase or Sale. Valid purpose for data that is already collected for other legitimate purposes. Need to set the parameters for disclosure. If in the end the WG decides that certain data elements do not have a purpose in terms of disclosure, it may not need to be collected.

Possible WG Agreement #4: Business Domain Name Purchase or Sale is a legitimate purpose for "thin data" collection

Action item #2: Poll to include question to verify that there is support for Business Domain Name Purchase or Sale as a legitimate purpose for thin data.


·         Academic / Public Interest DNS Research - usually there is a requirement that the data set be archived and available to viewers / readers so they are able to replicate and build upon the research. Is there a risk that the data would go into the public domain, which it shouldn't? It may turn out to be a legitimate purpose but can it be provided to be in compliance with data protection / privacy legislation? Will need to be considered at a later stage.

Possible WG Agreement #5: Academic / Public Interest DNS Research is a legitimate purpose for "thin data" collection

Action item #3: Poll to include question to verify that there is support for Academic / Public Interest DNS Research as a legitimate purpose for thin data collection.


·         Regulatory and Contractual Enforcement

Possible WG Agreement #6: Regulatory and Contractual Enforcement is a legitimate purpose for "thin data" collection

Action item #4: Poll to include question to verify that there is support for Regulatory and Contractual Enforcement as a legitimate purpose for thin data collection.


·         Criminal Investigation & DNS Abuse Mitigation

Possible WG Agreement #7: Criminal Investigation & DNS Abuse Mitigation is a legitimate purpose for "thin data" collection

Action item #5: Poll to include question to verify that there is support for Criminal Investigation & DNS Abuse Mitigation is a legitimate purpose for thin data collection.


·         Legal Actions - identified purpose in EWG report, although it didn't identify thin data as a required element (apart from domain name). Knowing the registrar is also important when legal action is undertaken. Similarly name servers can provide useful information. Proposal to add name servers and sponsoring registrar as a data element.

Possible WG Agreement #8: Legal Actions  is a legitimate purpose for "thin data" collection

Action item #6: Poll to include question to verify that there is support for Legal Actions is a legitimate purpose for thin data collection.


·         Individual Internet Use - could include 'good Samaritan' actions (identifying potential issues such as expiration of domain name).

Possible WG Agreement #9: Individual Internet Use is is a legitimate purpose for "thin data" collection

Action item #7: Poll to include question to verify that there is support for Individual Internet Use is a legitimate purpose for thin data collection.

4. Confirm action items and proposed decision points.

·         See above

·         WG agreements will be included in the key concepts document

·         Poll will be circulated to confirm full WG support for possible WG agreements

5. Confirm next meeting date: Tuesday 24 January 2017 at 17.00UTC  (agenda to include discussion of availability of raw data of survey results).

·         Number of ways in which data can be exported, but best way depends on how WG members want to use the data

·         What is the expectation from the WG from the perspective of privacy as well as transparency?

·         Important that upfront it is clear what data will be shared. (so retroactive sharing unlikely)

Marika Konings
Senior Policy Director & Team Leader for the GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>

Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<http://learn.icann.org/courses/gnso> and visiting the GNSO Newcomer pages<http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-efforts.htm#newcomers>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170118/d3aae440/attachment.html>