[Gnso-ssr] discussion -- SAC061 -- SSAC Comment on ICANN’s Initial Report from the Expert Working Group on gTLD Directory Services

[Mike O'Connor]

hi all,

here’s a thread to talk about the SSAC comment on EWG initial report.

here are a few questions.  view them as a starting-point, not a rigid requirement.  if you have a comment that falls outside of these questions, please go ahead and make your post.  i’m just posting these to start conversation, not restrict it.

- what’s the current status of the EWG work?

- where are we in the process of establishing a registration data policy?

- who, if anybody, has taken these SSAC recommendations on board?

- is there anything that the GNSO, and/or the GNSO Council, should be doing in Singapore to help move this along?

- are there any other questions people would like to raise about this comment?

SAC061:  SSAC Comment on ICANN’s Initial Report from the Expert Working Group on gTLD Directory Services

http://www.icann.org/en/groups/ssac/documents/sac-061-en.pdf

Recommendation 1: SSAC reiterates its recommendation from SAC055: The ICANN Board should explicitly defer any other activity (within ICANN’s remit) directed at finding a ‘solution’ to ‘the WHOIS problem’ until the registration data policy has been developed and accepted in the community. The EWG should clearly state its proposal for the purpose of registration data, and focus on policy issues over specific implementations.

Recommendation 2: The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process.

Recommendation 3: SSAC recommends that the EWG state more clearly its positions on the following questions of data availability:

A. Why is a change to public access justified?
This explanation should describe the potential impact upon ordinary Internet users and casual or occasional users of the directory service.

B. Does the EWG believe that access to data currently accessible in generic Top Level Domain (gTLD) WHOIS output should become restricted?
If so, what fields and to what extent exactly? Under the EWG proposal, queries from non- authenticated requestors would return only “public data available to anyone, for

C. Should all gTLD registries be required to provision their contact data into the Aggregated Registration Data Service (ARDS)?  
There may be jurisdictions that prohibit by law the export of personally identifiable information outside the jurisdiction. If so, the ARDS may not be a viable way to deliver data accuracy and compliance across all gTLDs.

D. Does the EWG propose more types of sensitive registration data be provisioned into ARDS than are found in current gTLD WHOIS output? 

Recommendation 4: The SSAC suggests that the EWG address this recommendation from SAC058: “SSAC Report on Domain Name Registration Data Validation”3:
As the ICANN community discusses validating contact information, the SSAC recommends that the following meta-questions regarding the costs and benefits of registration data validation should be answered:

• What data elements need to be added or validated to comply with requirements or expectations of different stakeholders?
• Is additional registration processing overhead and delay an acceptable cost for improving accuracy and quality of registration data?
• Is higher cost an acceptable outcome for improving accuracy and quality?
• Would accuracy improve if the registration process were to provide natural persons with privacy protection upon completion of multi-factored validation?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ssr/attachments/20140212/f82bd721/attachment-0001.html>