[gnso-rds-pdp-wg] IMPORTANT: Notes from RDS PDP WG Meeting - 14 November
Lisa Phifer
lisa at corecom.com
Tue Nov 14 19:11:36 UTC 2017
Dear all,
Below please find notes from today's RDS PDP WG meeting.
To recap Action Items from today's call:
Action Item: DT1 is asked to complete discussion and finalize its output no
later than Friday 17 November to allow WG review for deliberation in next
week's WG call.
Action Item: All WG members to review Tech Issue Resolution purpose (final
output) in advance of next week's call to prepare for deliberation on that
purpose.
Best regards,
Lisa
Action Items and Notes from RDS PDP WG Call - 14 November 2017
These high-level notes are designed to help PDP WG members navigate through
the content of the call and are not meant as a substitute for the transcript
and/or recording. The MP3, transcript, and chat are provided separately and
are posted on the wiki here: https://community.icann.org/x/KgByB
1. Roll Call/SOI Updates
. No SOI updates
2. Drafting teams to present proposed purposes (5 minutes/purpose),
addressing these questions:
a) Give concise single-sentence version of purpose definition, using the
format: "Information to enable contact between WHO and WHO for what
reason..."
b) Briefly describe other changes made to your purpose document since ICANN
60
c) Answer any questions that were posed to the DT by the full WG or your
team
. See Handout:
https://community.icann.org/download/attachments/74580010/Handout-14Nov-RDSW
GCall-v4.pdf
. Slide 3 - background explaining why we are focusing on purposes at
this time - drafting teams were tasked with defining possible purposes as
the foundation for deliberation
. Each possible purpose identified to date - this does not preclude
identifying additional purposes as deliberation proceeds
. Note that "purpose" in the meaning of our group does not
necessarily match the definition of "purpose" under data protection laws. So
there may be a purpose that is legitimate, but that does not meet the legal
requirements for collection and/or provision
Technical Issue Resolution
. Information collected to enable the tracing, identification and
resolution of incidents, which relate, either entirely or in part, to
technical issues relating to the DNS. Use of such data should ordinarily be
limited to those who are affected by such issues, or by those persons who
are tasked (directly or indirectly) with the resolution of such matters on
their behalf.
. Some concern that is a too-significant narrowing of the definition.
Concerns are "relating to DNS" may be misunderstood, and that second
sentence may need reworking as it is not part of the purpose definition
itself and will be deliberated on later in the WG.
. For example, "related to DNS" - resolving mail delivery issues, as
that may or may not be considered a "DNS" tech issue
. May also be differences between outreach to fix and investigation
of an issue
. Alternative may be proposed by DT1:
. Tech Issue Resolution (Greg Squared Alternative): Information
collected to enable contact of the relevant contacts to facilitate tracing,
identification and resolution of incidents related to services associated
with the domain name.
Action Item: DT1 is asked to complete discussion and finalize its output no
later than Friday 17 November to allow WG review for deliberation in next
week's WG call.
Academic or Public Interest Research
. Information collected to enable use of aggregate registration data
elements by researchers and other similar persons, as a source for academic
or other public interest studies or research, relating either solely or in
part, to the use of the DNS.
. Some concern regarding use of "aggregate" and limitation to public
interest research. There may be other aspects of research touched on in the
longer definition that are not encompassed in the single-sentence.
Domain Name Management
. Collecting the required information to create a new domain name
registration and ensuring that the domain registration records are under the
control of the authorized party and that no unauthorized changes, transfers
are made in the record.
. Changes since ICANN60 were largely limited to single-sentence
definition
. Add managing renewal of domain name to the single-sentence purpose
- take note of this to address during deliberation on this purpose
Individual Internet Use
. Collecting the required information of the registrant or relevant
contact in the record to allow the internet user to contact or determine
reputation of the domain name registration.
. Amend last word to read "registration or relevant contact." - take
note of this to address during deliberation on this purpose
Domain Name Certification
. Information collected by a certificate authority to enable contact
between the registrant, or a technical or administrative representative of
the registrant, to assist in verifying that the identity of the certificate
applicant is the same as the entity that controls the domain name.
. Note that definition has been tuned to indicate that RDS data is
used for this purpose but not strictly speaking required for this purpose
Domain Name Purchase/Sale
. Information to enable contact between the registrant and
third-party buyer to assist registrant in proving and exercising property
interest in the domain name and third-party buyer in confirming the
registrant's property interest and related merchantability.
. Changes made to address questions raised at ICANN60 re:
merchantability and use for trademark investigation.
. Discussed but chose not to change third-party buyer to registrant
because there are cases where the buyer does not end up being the
registrant.
ICANN Contractual Enforcement
. Information accessed to enable ICANN Compliance to monitor and
enforce contracted parties' agreements with ICANN.
. Narrowed purpose to focus on ICANN compliance (rather than broader
contractual compliance) and use of data by ICANN for this purpose
Regulatory Enforcement
. Information accessed by regulatory entities to enable contact with
the registrant to ensure compliance with applicable laws.
. Tightened the definition to eliminate overlap with Legal Actions
Legal Actions
. Includes assisting certain parties (or their legal representatives,
agents or service providers) to investigate and enforce civil and criminal
laws, protect recognized legal rights, address online abuse or contractual
compliance matters, or to assist parties defending against these kinds of
activities, in each case with respect to all stages associated with such
activities, including investigative stages; communications with registrants,
registration authorities or hosting providers, or administrative or
technical personnel relevant to the domain at issue; arbitrations;
administrative proceedings; civil litigations (private or public); and
criminal prosecutions.
. Removed due process from definition since ICANN60. Other minor
edits to the document.
Criminal Activity/DNS Abuse - Investigation
. Information to be made available to regulatory authorities, law
enforcement, cybersecurity professionals, IT administrators, automated
protection systems and other incident responders for the purpose of enabling
identification of the nature of the registration and operation of a domain
name linked to abuse and/or criminal activities to facilitate the eventual
mitigation and resolution of the abuse identified: Domain metadata
(registrar, registration date, nameservers, etc.), Registrant contact
information, Registrar contact Information, DNS contact, etc..
. Rolled up use cases into groups, resulting in three distinct
purposes - investigation, notification, and reputation
. For other purposes: may wish to consider splitting apart
investigation from taking action (which may be contacting the registrant or
designated contacts)
. Question: Is there a real distinction between regulatory
compliance, legal actions, and criminal activity investigation or
reputation? For example, is blocking spam for the purpose of enforcing
anti-spam regulations or laws? (not really - reputation is used for defense
of networks and not by a regulatory authority for enforcement)
. Answer: There is definitely a large amount of overlap between
LE/Abuse/Regulatory reasons. Use case is largely the same but actors and
basis for activities are different.
. Investigate and contact apply to almost all purposes - who is
making the request and what they intend to do with the information is what
varies across purposes
Criminal Activity/DNS Abuse - Notification
. Information collected and made available for the purpose of
enabling notification by regulatory authorities, law enforcement,
cybersecurity professionals, IT administrators, automated protection systems
and other incident responders of the appropriate party (registrant,
providers of associated services, registrar, etc), of abuse linked to a
certain domain name registration to facilitate the mitigation and resolution
of the abuse identified: Registrant contact information, Registrar contact
Information, DNS contact, etc..
Criminal Activity/DNS Abuse - Reputation
. Information made available to organizations running automated
protection systems for the purpose of enabling the establishment of
reputation for a domain name to facilitate the provision of services and
acceptance of communications from the domain name examined: Domain metadata
(registrar, registration date, nameservers, etc.), Registrant contact
information, Registrar contact Information, DNS contact, etc..
. Different because you are not going to contact the registrant or
other responsible party - you are going to do something else as a result
(e.g., reputation - protect your own network).
. This involves access to data already collected vs. collecting data
specifically for the stated purpose
. Reputation is not a universal concept -subject to ranking of a
particular CyberSecurity organization. All such lists have their own
parameters and construction, much less timeliness, accuracy, etc.
Investigation vs. contact - do these concepts apply to every purpose?
. Consider these questions as we try to start using these definitions
for deliberation
. Tech Issue Resolution - may involve investigation and then contact
for resolution
. Public Internet Research - involves investigation but not
necessarily contact
. DN Management - may not fit this model, as contact is not always
involved
. Contact can involve registrant, registrar, registry, or another
designated contact or responsible party - do not presume that contact must
be between registrant and requestor of data
3. Leadership proposal for moving forward
. Take building block approach to deliberation by considering
possible purposes one by one
o Consider whether the purpose is legit and why
o Consider data needed and if it can be collected for that purpose
. Propose starting with Technical Issue Resolution as a way to move
forward, hopefully by agreeing on at least one legitimate purpose and the
data needed (and to be collected) for that purpose
. If we have that foundation, we can examine other possible purposes
and whether they legitimately uses data collected for other purposes - vs -
they need additional data collected specifically for the purpose
. Need to be mindful of whether or not purposes are overly broad and
consistent with ICANN's mission - may be divergent opinions on this
. As we create building blocks, we may also create workflows and
scenarios where data is used for other purposes
4. Confirm action items and proposed decision points
Action Item: DT1 is asked to complete discussion and finalize its output no
later than Friday 17 November to allow WG review for deliberation in next
week's WG call.
Action Item: All WG members to review Tech Issue Resolution purpose (final
output) in advance of next week's call to prepare for deliberation on that
purpose.
5. Confirm next WG meeting: Tuesday, 21 November 2017 at 17:00 UTC
Meeting Materials (all posted at https://community.icann.org/x/KgByB)
. Meeting Handout:
<https://community.icann.org/download/attachments/74580010/Handout-14Nov-RDS
WGCall-v4.pdf?version=1&modificationDate=1510677604000&api=v2>
Handout-14Nov-RDSWGCall-v4.pdf
. <https://community.icann.org/x/q5BEB> List of Drafting Teams
(includes team member lists & links to team email archives)
. Drafting Team outputs:
o DT1:
<https://community.icann.org/download/attachments/74580010/techissues-14Nov.
pdf?version=1&modificationDate=1510677314000&api=v2> Tech Issue Resolution
<https://community.icann.org/download/attachments/74580010/techissues-14Nov.
pdf?version=1&modificationDate=1510677314000&api=v2> PDF and
<https://community.icann.org/download/attachments/74580010/techissues-14Nov.
docx?version=1&modificationDate=1510677328000&api=v2> DOC (draft)
o DT1:
<https://community.icann.org/download/attachments/74580010/techissues-14Nov.
pdf?version=1&modificationDate=1510677314000&api=v2> DNS Research
<https://community.icann.org/download/attachments/74580010/techissues-14Nov.
pdf?version=1&modificationDate=1510677314000&api=v2> PDF and
<https://community.icann.org/download/attachments/74580010/techissues-14Nov.
docx?version=1&modificationDate=1510677328000&api=v2> DOC (draft)
o DT2:
<https://community.icann.org/download/attachments/74580010/RDS%20WG%20DT2%20
Draft%20edits%201113.pdf?version=1&modificationDate=1510596194000&api=v2>
Domain Name Control PDF and
<https://community.icann.org/download/attachments/74580010/RDS%20WG%20DT2%20
Draft%20edits%201113.docx?version=1&modificationDate=1510596207000&api=v2>
DOC
o DT2:
<https://community.icann.org/download/attachments/74580010/RDS%20WG%20DT2%20
Draft%20edits%201113.pdf?version=1&modificationDate=1510596194000&api=v2>
Individual Internet Use PDF and
<https://community.icann.org/download/attachments/74580010/RDS%20WG%20DT2%20
Draft%20edits%201113.docx?version=1&modificationDate=1510596207000&api=v2>
DOC
o DT3:
<https://community.icann.org/download/attachments/74580010/DraftingTeam3-DNC
ertification-final%20clean.pdf?version=1&modificationDate=1510596148000&api=
v2> Domain Name Certification PDF and
<https://community.icann.org/download/attachments/74580010/DraftingTeam3-DNC
ertification-final%20clean.docx?version=1&modificationDate=1510596165000&api
=v2> DOC
o DT4:
<https://community.icann.org/download/attachments/74580010/DraftingTeam4-DNP
urchaseSale-Purpose-v9-clean.pdf?version=1&modificationDate=1510442425000&ap
i=v2> Domain Name Purchase/Sale PDF and
<https://community.icann.org/download/attachments/74580010/DraftingTeam4-DNP
urchaseSale-Purpose-v9-clean.doc?version=1&modificationDate=1510442435000&ap
i=v2> DOC
o DT5:
<https://community.icann.org/download/attachments/74580010/DT5%20Final%20Del
iverable%20for%20the%20Regulatory%20Purpose%20%28Use%20Case%29%20-%208%20Nov
%2017%20%28002%291.pdf?version=1&modificationDate=1510442493000&api=v2>
Regulatory Enforcement PDF and
<https://community.icann.org/download/attachments/74580010/DT5%20Final%20Del
iverable%20for%20the%20Regulatory%20Purpose%20%28Use%20Case%29%20-%208%20Nov
%2017%20%28002%291.docx?version=1&modificationDate=1510442505000&api=v2> DOC
o DT5:
<https://community.icann.org/download/attachments/74580010/DT5%20Final%20Del
iverable%20for%20the%20Contactual%20Enforcement%20Purpose%20%28Use%20Case%29
%20-%208%20Nov%2017%20%28002%291.pdf?version=1&modificationDate=151044253000
0&api=v2> ICANN Contractual Enforcement PDF and
<https://community.icann.org/download/attachments/74580010/DT5%20Final%20Del
iverable%20for%20the%20Contactual%20Enforcement%20Purpose%20%28Use%20Case%29
%20-%208%20Nov%2017%20%28002%291.docx?version=1&modificationDate=15104425450
00&api=v2> DOC
o DT6:
<https://community.icann.org/download/attachments/74580010/DT6%20Deliverable
%20for%20the%20Legal%20Actions%20Purpose%20%28Use%20Case%29%20-%208%20Nov%20
171.pdf?version=2&modificationDate=1510442580000&api=v2> Legal Actions PDF
and
<https://community.icann.org/download/attachments/74580010/DT6%20Deliverable
%20for%20the%20Legal%20Actions%20Purpose%20%28Use%20Case%29%20-%208%20Nov%20
171.pdf?version=2&modificationDate=1510442580000&api=v2> DOC
o DT7:
<https://community.icann.org/download/attachments/74580010/DraftingTeam7-Cri
mInvAbuseMit-10%20Nov%202017%20clean.pdf?version=1&modificationDate=15104426
02000&api=v2> Criminal Activity/DNS Abuse - Investigation PDF and
<https://community.icann.org/download/attachments/74580010/DraftingTeam7-Cri
mInvAbuseMit-10%20Nov%202017%20clean.docx?version=1&modificationDate=1510442
618000&api=v2> DOC
o DT7:
<https://community.icann.org/download/attachments/74580010/DraftingTeam7-Cri
mInvAbuseMit-10%20Nov%202017%20clean.pdf?version=1&modificationDate=15104426
02000&api=v2> Criminal Activity/DNS Abuse - Notification PDF and
<https://community.icann.org/download/attachments/74580010/DraftingTeam7-Cri
mInvAbuseMit-10%20Nov%202017%20clean.docx?version=1&modificationDate=1510442
618000&api=v2> DOC
o DT7:
<https://community.icann.org/download/attachments/74580010/DraftingTeam7-Cri
mInvAbuseMit-10%20Nov%202017%20clean.pdf?version=1&modificationDate=15104426
02000&api=v2> Criminal Activity/DNS Abuse - Reputation PDF and
<https://community.icann.org/download/attachments/74580010/DraftingTeam7-Cri
mInvAbuseMit-10%20Nov%202017%20clean.docx?version=1&modificationDate=1510442
618000&api=v2> DOC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171114/e9fbe4e3/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list