<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I think the proposal sounds like a reasonable way to move forward to give survey takers the ability to pause and return.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Michael R.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt">From:</span></b><span style="font-size:11.0pt"> Gnso-rpm-data [mailto:gnso-rpm-data-bounces@icann.org]
<b>On Behalf Of </b>Ariel Liang<br>
<b>Sent:</b> Friday, August 17, 2018 6:42 AM<br>
<b>To:</b> Dorrain, Kristine <dorraink@amazon.com>; gnso-rpm-data@icann.org<br>
<b>Subject:</b> Re: [Gnso-rpm-data] [Ext] RE: Advice Needed: Complications Regarding Saving Survey Responses<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Hello Kristine and all, <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Please see below the responses from Analysis Group to Kristine’s question. Analysis Group has been making progress on the alternative options/workarounds, and will be able to provide another update shortly.
We will keep the Sub Team posted. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Please let us know if you have any further comments/questions.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Mary, Julie, Ariel & Berry <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">==<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#00B050">Kristine</span><span style="font-size:11.0pt;color:#1F497D">: </span><span style="font-size:11.0pt;color:#00B050">If we do NOT use passwords, than anyone with the link can take the survey, right?</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">AG: That is correct. The survey will be publicly available, and anyone with the link will be able to take the survey.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#00B050">Kristine: So if DO use passwords and we allow users to create them, what is the risk if they don’t create “unique” passwords? Because I’m not seeing any risk to just letting them create a password.
This is just a little placeholder - a dog-earing of the electronic page if you will, it’s not performing a security function. (Right??)</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">AG: If we allow users to create passwords, the survey will remain publicly available and anyone with the link will be able to take the survey. Users who create passwords will be able to save
their responses and return to them later. The concern involved with non-unique passwords is that, because the password will be the only way for our programming to identify which survey record to re-open (i.e., users will not be creating unique user IDs and
we will not be collecting IP address due to GDPR issues, so saved responses will be cataloged only by their password), if any users create the same password, their survey responses will appear in the survey data as if they came from one respondent when in
fact there are two distinct respondents answering the questions. This can cause consistency issues, since we will be unaware of instances where this happens. For example, if a user chooses the password "1234" and completes questions 1-10 and leaves the survey,
and then a second user attempts to create a password "1234" -- the second user will unwittingly log-in to the first user's survey and pick-up the survey at question 11. We will be unaware of this happening, but may find that the data appear inconsistent and/or
invalid during our analysis of the data.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#00B050">Kristine: Or are you saying that the password is really just a token and if someone else arbitrarily creates the same one (like “1234” or “password”) we’ll have a mess?</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">AG: Yes, as described above, we run the risk of overwriting or combining responses in a way that would cause responses to be impossible to untangle.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">To continue to follow up with our progress on the passwords:</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">One solution that we would like to suggest is that users can be allowed to create a password, and we will embed a page visit counter next to the password field. We will suggest that users use
the number from the counter for their password. This will guarantee that passwords will be unique for each user, although the pattern of the password generation may be a bit transparent. We have identified a way to implement this solution but will need to
be careful to make sure the directions for password creation (for first-time visitors) and log-in (for return visitors) are very clear. Unfortunately, the password creation and log-in fields appear as one field in the survey. We are unable to place them on
separate pages (i.e., create a log-in page for first-time users and a separate log-in page for return users).</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">We are also investigating issues related to cookies, and expect to have resolved that issue and any related implementation issues by the end of this weekend if not sooner. We can send you another
update tomorrow as we continue to make progress. There is a trade-off to consider regarding a portion of potential respondents who choose not to complete the survey if they learn that cookies are being sent to their computer.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">"Dorrain, Kristine" <<a href="mailto:dorraink@amazon.com">dorraink@amazon.com</a>><br>
<b>Date: </b>Thursday, August 16, 2018 at 7:55 PM<br>
<b>To: </b>Ariel Liang <<a href="mailto:ariel.liang@icann.org">ariel.liang@icann.org</a>>, "<a href="mailto:gnso-rpm-data@icann.org">gnso-rpm-data@icann.org</a>" <<a href="mailto:gnso-rpm-data@icann.org">gnso-rpm-data@icann.org</a>>, "Dorrain, Kristine" <<a href="mailto:dorraink@amazon.com">dorraink@amazon.com</a>><br>
<b>Subject: </b>[Ext] RE: [Gnso-rpm-data] Advice Needed: Complications Regarding Saving Survey Responses<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Thanks for this Ariel:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">My initial thought is this.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">If we do NOT use passwords, than anyone with the link can take the survey, right?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">So if DO use passwords and we allow users to create them, what is the risk if they don’t create “unique” passwords? Because I’m not seeing any risk to just letting them create a password. This
is just a little placeholder - a dog-earing of the electronic page if you will, it’s not performing a security function. (Right??)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Or are you saying that the password is really just a token and if someone else arbitrarily creates the same one (like “1234” or “password”) we’ll have a mess?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">(ccing myself since I’m out tomorrow and I want to see the answer!)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Kristine</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt">From:</span></b><span style="font-size:11.0pt"> Gnso-rpm-data [<a href="mailto:gnso-rpm-data-bounces@icann.org">mailto:gnso-rpm-data-bounces@icann.org</a>]
<b>On Behalf Of </b>Ariel Liang<br>
<b>Sent:</b> Thursday, August 16, 2018 9:42 AM<br>
<b>To:</b> <a href="mailto:gnso-rpm-data@icann.org">gnso-rpm-data@icann.org</a><br>
<b>Subject:</b> [Gnso-rpm-data] Advice Needed: Complications Regarding Saving Survey Responses</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Dear Data Sub Team members, </span>
<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Analysis Group is in process programming the surveys; the actual/potential registrant survey has already been pushed to the beta testing phase.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">A complication was discovered. Analysis Group informed staff that it is not possible to allow survey takers to “save” their responses and return to the surveys later to complete, unless the survey taker is
given a login credential that can be validated. To create a login credential, the simplest way is for Analysis Group to obtain a list of email addresses of the individual survey takers. This, however, cannot be achieved given the outreach method that we are
using to distribute the surveys (e.g., public links accessed via mailing lists, announcements, social media). Although GDD has the email contacts of registries and registrars, ICANN Org is not allowed to share the email contacts with Analysis Group directly
due to the rightful use of these email contacts and associated legal/GDPR implications.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Analysis Group is exploring other options/workarounds for survey takers to “save” their responses. One option is to allow users to create their own passwords, though it is difficult for Analysis Group to enforce
unique password creation. They are experimenting with methods of suggesting unique passwords to users who would like to create a password. Another option is to distribute "cookies" with the survey, which will allow respondents to return to surveys that they
have started. This option requires Analysis Group to explore any legal issues involved in the use of cookies. In summary, these options may raise technical and privacy issues that need to be cleared internally by Analysis Group. Consequently, this complication
may add to the time for the surveys to be launched. Staff are seeking clarification from AG on the ETA to solve these technical/privacy issues.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt">QUESTION: </span></b><span style="font-size:11.0pt">The need to get the surveys out ASAP/as many responses as possible thus needs to be weighed against the benefit of enabling respondents to save their
responses/impact to the response rate. What does the Sub Team advise? </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thank you for input!</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Best Regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Mary, Julie, Ariel, Berry </span>
<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
</body>
</html>