[gnso-rds-pdp-wg] IMPORTANT: Notes from RDS PDP WG Meeting - 1 November
Lisa Phifer
lisa at corecom.com
Fri Nov 3 01:52:28 UTC 2017
Dear all,
Below please find notes from yesterday's RDS PDP WG F2F meeting.
To recap Action Items from Wednesday's meeting -
. Action: Drafting teams to deliver final outputs by Friday 10
November
. Action: Drafting teams to present results to full WG on 14 Nov call
The drafting team schedule of calls for next week will be posted here:
https://community.icann.org/x/lgByB
The next full WG meeting will be on 14 November at 17.00 UTC.
Best regards,
Lisa
Action Items and Notes from RDS PDP WG F2F Meeting - 1 November 2017
These high-level notes are designed to help PDP WG members navigate through
the content of the call and are not meant as a substitute for the transcript
and/or recording. The MP3, transcript, and chat are provided separately and
are posted on the wiki here: https://community.icann.org/x/fSMhB
* Adobe Connect: <https://participate.icann.org/p5ngsivyt69/>
Multimedia Session Recording
* English Audio:
<http://audio.icann.org/meetings/abu60/abu60-OPEN-2017-11-01-T1143-capitalsu
ite1-3p1vmrDVeTNk0Ku0qIBqqSl4Td1LHStK-en.m3u> Session Recording
* AC Chat:
<https://community.icann.org/download/attachments/69280637/RDS%20PDP%20WG%20
1%20Nov%20Chat.docx?version=1&modificationDate=1509669856000&api=v2> RDS PDP
WG 1 Nov Chat.docx
NOTES
1. Introductions and SOI Updates
2. Quick PDP Background
3. Quick review of Meeting Goals and Saturday progress
. Brief updates from DT5 and DT6
. No updates from DT2 or DT3 at this meeting
4. Purposes for gTLD registration data and directory services (continues
from Saturday)
b. Criminal Investigation/DNS Abuse Mitigation (DT#7
. Link to Draft:
<https://community.icann.org/download/attachments/69280637/DraftingTeam7-Cri
mInvAbuseMit-1%20November%202017.pdf>
https://community.icann.org/download/attachments/69280637/DraftingTeam7-Crim
InvAbuseMit-1%20November%202017.pdf
. Slides:
<https://community.icann.org/download/attachments/69280637/RDS3-DT7%20Overvi
ew%20for%20ICANN%2060.pdf>
https://community.icann.org/download/attachments/69280637/RDS3-DT7%20Overvie
w%20for%20ICANN%2060.pdf
. Category covers all use of an RDS to support criminal and other
investigations
. Users include law enforcement, cybersec professionals, IT admins
protecting their own networks, automated protection systems, others pursing
abuse issues
. Definition of "Abuse" is included in the definition slide 2
. Who you need to contact depends upon the particular abuse case
. Expand investigation to understand scope of abuse may involve
identifying additional domain names
. Investigation may lead to request to suspend domain names
. Users either making a lot of ad hoc requests to support
investigation or automated processes that query data for a large number of
domains - probably more than one purpose
. Categories of Actions - should include hosting providers getting
involved in mitigation, as opposed to just the registrars for the underlying
DNs
. Re: hosting companies may not be willing to talk to investigator
but may be willing to talk to the DN's Tech/Admin contact
. Relationship to compliance and reg enforcement purpose as well?
Where do these purposes overlap or do they just relate to each other in a
way that can be defined?
. No such thing as world-recognized law enforcement - jurisdiction
may play role in determining users and chains of users (3d matrix?, even
GDPR does not address needs of law enforcement)
. Note that who gets access to what data still needs to be addressed,
even after defining the purpose and data involved
. Noted that these cases are about access and not putting data into
the system in the first place
a. Domain Name Purchase/Sale (DT#4)
. Link to Draft:
<https://community.icann.org/download/attachments/69280637/DraftingTeam4-DNP
urchaseSale-Definition-v6-clean.pdf>
https://community.icann.org/download/attachments/69280637/DraftingTeam4-DNPu
rchaseSale-Definition-v6-clean.pdf
. Note that this purpose applies to all domain names, regardless of
what the domain name might be used for (business or otherwise)
. Why was history considered important for this purpose - goes to
merchantability, may need to tease this rationale out more to enhance
understanding
. Is merchantability about reputation more than ownership of the
domain name prior to possible purchase?
. Should "third party buyer" be "potential registrant" - no, because
there are many scenarios where the party making contact for purchase will
not end up being the registrant
. Why is trademark infringement part of this purpose? Perhaps narrow
text to indicate this is for cases in which the situation is resolved
through purchasing the domain name
c. Technical Issue Resolution (DT#1)
. Link to Draft:
<https://community.icann.org/download/attachments/69280637/techissues1.pdf>
https://community.icann.org/download/attachments/69280637/techissues1.pdf
. One of the more obvious uses considering it was one of the first
basic uses envisaged for WHOIS
. Note "Technical Contacts" is intended to represent those who can
help resolve technical issues, not necessarily the WHOIS "Tech Contact" set
of data elements
. "Internet users" may be too broad - break out IT users
. Is abuse responder an overlap with the purpose from DT7 - would
this be abuse reporter? For example, a broken feature that someone reports
may turn out to be the result of DN abuse, but that might be distinct from a
third party subsequently responding to that DN abuse (DT7)?
. From chat: It seems that the ability to search across multiple
domain names (to identify common registrants, name servers, etc., is a
common theme across several uses/purposes. Note that strictly speaking this
is NOT a feature of the current RDS --- in the sense that it is not
something contracted parties provide today (they did in the system ICANN
inherited, but that is another story). Third parties provide this today.
d. Academic/Public Interest DNS Research (DT#1)
. Link to Draft:
<https://community.icann.org/download/attachments/69280637/techissues1.pdf>
https://community.icann.org/download/attachments/69280637/techissues1.pdf
. For example, DN registration history was used in a study of the
introduction of new TLDs
. Another example: APWG researching trends and patterns - for example
history data (WhoWas)
. WHOIS accuracy studies (starting from 2000 USG study, continuing
through ICANN ARS)
. May also be used to assess P/P use, examining geographic
distribution of registrations, etc.
. Could potentially be used for examining the impacts of GDPR in the
future
. Many of these are examples of public policy research (including
ICANN policies)
. Examples of organizations conducting such studies include ISOC, EFF
. Data elements list is not inclusive - often use whatever data is
available, may need data across many domains for statistical analysis, etc.
. Distinction between this and market research? Sometimes academic
study data ends up being applied for other reasons, including commercial
. Question: Since virtually all the examples given require the
aggregation of RDS data and the ability to search across multiple domains,
do we need to treat this aggregation itself as a use case/purpose?
. Would it be a method or use or purpose? Or would the search of
aggregated data produces a new data set, that may then be used several
purposes?
. See ref to ICANN contractual enforcement - is this covered by DT5?
Use of data by Contractual Enforcement Dept for research vs. use of data by
Contractual Enforcement Dept for enforcement purpose?
5. Confirm action items and next meeting dates
. Continue Drafting Teams through next week to address these points:
o Summarize each purpose in one sentence:
"Information collected to enable contact between the registrant and <who>
<to accomplish what>"
o Think in terms of explaining to the data subject why data is being
collected for this purpose - keep it concise and simple.
o Are the tasks/users identified by your team so diverse and distinct that
they may be more than one purpose? If so, split them up and describe each
purpose separately.
o Which purposes covered by other teams are closely related to or overlap
the purpose(s) covered by your team?
o Is there any data collected specifically for the stated purpose? Or does
that purpose use only data collected for other purposes?
Action: Drafting teams to deliver final outputs by Friday 10 November
Action: Drafting teams to present results to full WG on 14 Nov call
. Questions
o Are these purposes or use cases? Many see what has been produced so far
as use cases
o Does calling them "purposes" imply legitimacy? Or can we frame these as
possible purposes?
o How do we get from use cases to purposes?
o Formulation of one-sentence action focuses on contact - but not always
limited to contact?
o Will also need to identify impact on registrant (data subject) when
stating purpose
o See chat comments about limitations of the suggested formulation and use
of formulation as a tool to teach out contact specifics and help teams
pinpoint other data or needs
o For example, putting registrant first highlights when
registrant-supplied data is being used to enable contact with another party
not the registrant
. Next Meeting Dates:
o 7 Nov - no full WG call, complete DT work
o Schedule of DT calls: <https://community.icann.org/x/lgByB>
https://community.icann.org/x/lgByB
o Next full WG Call: 14 Nov - 17:00 UTC
o NOTE: Starting next week, we shift back to the weekly call time slots
used last winter: 17:00/06:00 UTC
Meeting Materials (all posted at https://community.icann.org/x/fSMhB)
. Slides:
<https://community.icann.org/download/attachments/69280637/ICANN60%20RDS%20P
DP%20F2F%20v6.pdf?version=1&modificationDate=1509520198000&api=v2> ICANN60
RDS PDP F2F v6.PDF (updated 1 November for Wednesday F2F)
. <https://community.icann.org/x/q5BEB> List of Drafting Teams
(includes team member lists & links to team email archives)
. Drafting Team outputs:
. DT1: Tech Issue Resolution and DNS Research [
<https://community.icann.org/download/attachments/69280637/techissues1.docx?
version=1&modificationDate=1509425759000&api=v2> doc,
<https://community.icann.org/download/attachments/69280637/techissues1.pdf?v
ersion=1&modificationDate=1509425778000&api=v2> PDF]
. DT2: Domain Name Control and Individual Internet Use [
<https://community.icann.org/download/attachments/69280635/RDS%20WG%20DT2%20
Draft.docx?version=3&modificationDate=1509137690000&api=v2> doc,
<https://community.icann.org/download/attachments/69280635/RDS%20WG%20DT2%20
Draft.pdf?version=2&modificationDate=1509137554000&api=v2> PDF]
. DT3: Domain Name Certification [
<https://community.icann.org/download/attachments/69280635/DraftingTeam3-DNC
ertification-Output.docx?version=1&modificationDate=1509126754000&api=v2>
doc,
<https://community.icann.org/download/attachments/69280635/DraftingTeam3-DNC
ertification-Output.pdf?version=1&modificationDate=1509126773000&api=v2>
PDF]
. DT4: Domain Name Purchase/Sale [
<https://community.icann.org/download/attachments/69280637/DraftingTeam4-DNP
urchaseSale-Definition-v6-clean.doc?version=1&modificationDate=1509520230000
&api=v2> doc,
<https://community.icann.org/download/attachments/69280637/DraftingTeam4-DNP
urchaseSale-Definition-v6-clean.pdf?version=1&modificationDate=1509520249000
&api=v2> PDF]
. DT5: Regulatory or Contractual Enforcement [
<https://community.icann.org/download/attachments/69280635/DT5%20Deliverable
%2026%20Oct%2017%20v2.docx?version=1&modificationDate=1509047453000&api=v2>
doc,
<https://community.icann.org/download/attachments/69280635/DT5%20Deliverable
%2026%20Oct%2017%20v2.pdf?version=3&modificationDate=1509047470000&api=v2>
PDF]
. DT6: Legal Actions [
<https://community.icann.org/download/attachments/69280635/RDS%20WG%20DT6%20
Draft%20-%20Revised%2010.26.2017%20v3.docx?version=1&modificationDate=150904
7493000&api=v2> doc,
<https://community.icann.org/download/attachments/69280635/RDS%20WG%20DT6%20
Draft%20-%20Revised%2010.26.2017%20v3.pdf?version=2&modificationDate=1509047
508000&api=v2> PDF]
. DT7: Criminal Investigation/DNS Abuse Mitigation [
<https://community.icann.org/download/attachments/69280637/DraftingTeam7-Cri
mInvAbuseMit-1%20November%202017.docx?version=1&modificationDate=15095171620
00&api=v2> doc,
<https://community.icann.org/download/attachments/69280637/DraftingTeam7-Cri
mInvAbuseMit-1%20November%202017.pdf?version=1&modificationDate=150951716100
0&api=v2> PDF] and
<https://community.icann.org/download/attachments/69280637/RDS3-DT7%20Overvi
ew%20for%20ICANN%2060.pdf?version=1&modificationDate=1509539097000&api=v2>
slides
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171102/3400224a/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list