<div>Greg,<br></div><div><br></div><div>A worst case scenario is not a fantasy. It is a real, possible outcome that justifies taking precautions from the onset of our work. We should not under-estimate these scenarios but prepare for them. I tend to think of risk as a seesaw; it is easy to be ambivalent and to see merit on both sides of the issue, or to think something as though it is very unlikely to happen, but if we ignore a potentially catastrophic outcome we are only asking for trouble and could tip the seesaw out of equilibrium. I would encourage the Working Group to consider Volker and Carlton's suggested approach.<br></div><div><br></div><div>Best wishes,</div><div><br></div><div class="protonmail_signature_block"><div>Ayden <br></div><div><br></div></div><blockquote type="cite" class="protonmail_quote"><div>-------- Original Message --------<br></div><div>Subject: Re: [gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical<br></div><div>Local Time: August 22, 2016 5:43 PM<br></div><div>UTC Time: August 22, 2016 4:43 PM<br></div><div>From: gca@icginc.com<br></div><div>To: carlton.samuels@gmail.com,vgreimann@key-systems.net<br></div><div>gnso-rds-pdp-wg@icann.org<br></div><div><br></div><div><br></div><div class="WordSection1"><p class="MsoNormal"><a name="_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">No traditional risk analysis starts with the assumption that the worst-case scenario will determines what will be done. (Otherwise none of us should
drive because of the risk of accidents, and none of us should fly, because terrorists.)
</span></span></a><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">Risk analysis tends to follow this outline:</span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><span style="mso-list:Ignore">1.<span style="font-family:"Times New Roman"" class="font"><span style="font-size:7pt" class="size">
</span></span></span></span></span><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">What can happen? (i.e., what can go wrong?)</span></span></span><br></p><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><span style="mso-list:Ignore">2.<span style="font-family:"Times New Roman"" class="font"><span style="font-size:7pt" class="size">
</span></span></span></span></span><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">How likely is it that it will happen?</span></span></span><br></p><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"><span style="mso-list:Ignore">3.<span style="font-family:"Times New Roman"" class="font"><span style="font-size:7pt" class="size">
</span></span></span></span></span><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">If it does happen, what are the consequences?</span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">And then choices are made, balancing the various variables. As we have been discussing, there are various opinions and concerns
among the participants and stakeholders. At some point those need to be laid out and quantified where possible, so that fact-based decision-making and balancing can be done.</span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">See also SAC061 Recommendation 2: “The ICANN Board should ensure that a formal security risk assessment of the registration data
policy be conducted as an input into the Policy Development Process.” That would happen down the line, when things have progressed further and policy options have are coalesced.</span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">All best,</span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">--Greg</span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> </span></span></span><br></p><div><span style="mso-bookmark:_MailEndCompose"></span><br></div><p class="MsoNormal"><b><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size">From:</span></span></b><span style="font-family:Calibri, sans-serif" class="font"><span style="font-size:11pt" class="size"> gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org]
<b>On Behalf Of </b>Carlton Samuels<br>
<b>Sent:</b> Monday, August 22, 2016 12:02 PM<br>
<b>To:</b> Volker Greimann <vgreimann@key-systems.net><br>
<b>Cc:</b> RDS WG <gnso-rds-pdp-wg@icann.org><br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical</span></span></p><p class="MsoNormal"> <br></p><div><div><p class="MsoNormal"> <br></p><div><p class="MsoNormal">On Mon, Aug 22, 2016 at 2:19 AM, Volker Greimann <<a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>> wrote:<br></p><blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt"><p class="MsoNormal">Simply put: Anything that can be abused, will be abuse. We therefore need to model our approach on the worst possible actors, not the best.
<br></p></blockquote></div><p class="MsoNormal"> <br></p><div><p class="MsoNormal"><span style="font-family:"Comic Sans MS"" class="font">+1</span><br></p></div><div><p class="MsoNormal"><span style="font-family:"Comic Sans MS"" class="font"> </span><br></p></div><div><p class="MsoNormal"><span style="font-family:"Comic Sans MS"" class="font">I cannot see how any other model makes sense in this context.</span><br></p></div><div><p class="MsoNormal"><span style="font-family:"Comic Sans MS"" class="font"> </span><br></p></div><div><p class="MsoNormal"><span style="font-family:"Comic Sans MS"" class="font">-Carlton</span><span style="font-family:"Comic Sans MS"" class="font"></span><br></p></div><p class="MsoNormal"><br></p><div><br></div><p><br></p><div><div><div><div><p class="MsoNormal"><br></p><div><br></div><div>==============================<br></div><div><i><span style="font-family:"Comic Sans MS"" class="font">Carlton A Samuels</span></i><br></div><div><i><span style="font-family:"Comic Sans MS"" class="font">Mobile: 876-818-1799<br>
<span style="color:rgb(51, 204, 0)" class="colour">Strategy, Planning, Governance, Assessment & Turnaround</span></span></i></div><div>=============================<br></div><p><br></p></div></div></div></div></div></div></div></blockquote><div><br></div>