[Ssr2-review] [EXT] Re: Call summary: SSR2 Plenary - 29 July 2020

Barrett, Kerry-Ann KABarrett at oas.org
Mon Aug 24 21:15:50 UTC 2020 

Hi KC

I wanted to check if you had some of the language specific to the areas you would like to propose. I don't think just answering the questions will lead us closer to agreed  text. The edits you see on the agreed text was based on modification from the public comments. I can update some of the time sensitive references you highlighted but in terms of title for example this was generated from our first iteration of the team so if you have any proposed language for the concerns at each bullet please circulate as well and I will work on updating the text.


We can have a call this week if you are available and I will work on updating the text.


Sincerely
Kerry-Ann Barrett 
Cybersecurity Program Officer
Secretariat of the Inter-American Committee against Terrorism (CICTE)
Secretariat for Multidimensional Security (SMS)
Organization of American States
1889 F Street NW Washington D.C. 20006
  (202) 370 4675 -  (202) 458 3857  
www.oas.org/cyber
@KerryOAS| @OEA_Cyber

Register to our distribution list here!
 


-----Original Message-----
From: Ssr2-review [mailto:ssr2-review-bounces at icann.org] On Behalf Of k claffy
Sent: Saturday, August 22, 2020 9:54 PM
To: ssr2-review at icann.org
Subject: [EXT] Re: [Ssr2-review] Call summary: SSR2 Plenary - 29 July 2020


Trying to catch up, I see on this call (that i missed) that Recommendation #29 was reviewed and approved.
https://docs.google.com/document/d/1MJrPzXTngRCrdXLuiyPf7SeZsuPvwjjFGFoooQsT62U/edit#
	(p68). The team generally agreed to the text, with a minor change
	to 29.4, which was made on the call and is reflected in the
	document.

when i look at the document, i see problems:

first, why is it called "Privacy and SSR Measurements"
There is no measurement referred to in this recommendation.
I'm confused. 

(1) 29.1: Why is DOH stuck into the same recommendation as access to registration data, which has been a topic of interminable debate for decades?  Access to registration data merits its own recommendation, given that we've now spent 2 years on an "EPDP" to try to make progress on this topic.

(2) Why is this recommendation not even referring to the EPDP, which has been going on for two years and its final report came out 2 days after this meeting, and SSAC has already published a quite adversarial comment on the EPDP draft report that came out back in the spring?
( SSAC is about to publish a similar comment on the final report, but we should at least have considered the SSAC comment on the draft report..)

I don't see how this recommendation can completely ignore the EPDP work.

(3) Why is this recommendation using the term WHOIS, which the community is replacing with RDAP? 

(4) 29.3.2 [god help us if we end up with sub-sub-recommendation numbering!] basically says "ICANN should not break privacy law".
Explain to me why this is needed?  I claim ICANN is already aware they should not break the law, and already has lawyers monitoring this area.

(5) 29.3.3:  develop a policy for *who* to protect PII?
ICANN is not in charge of how registrars in Germany protect their PII.  I don't understand this subrecommendation, what known problem it's aimed at solving, and how SSR3 will know it's been implemented.  

(6) 29.3.4:  We want ICANN to audit registrars around the world?
Like in China, to make sure that Chinese registrars are following
Chinese registrar law?  I don't see this happening.   I think
we have to be realistic here.  What problem are we trying to solve, and how will SSR3 know that progress has occurred?

(7) 29.4:  What's a DPO? it's not yet been mentioned in this document.  "provide guidance to managers and stakeholders" -- which managers and stakeholders?  whkich "relevant technical developments".  I have no idea what problem this subrecommendation is trying to solve.

there also seem to be entire paragraphs in the 'Rationale and Finding' for this recommendation that have nothing to do with privacy, but are focused rather on accuracy of WHOIS information.
the text uses WHOIS and RDAP in different places without explaining why.  Are we supposed to be reviewing recommendation text but not the accompanying text on Rationale and Findings?

struggling,
k

_______________________________________________
Ssr2-review mailing list
Ssr2-review at icann.org
https://mm.icann.org/mailman/listinfo/ssr2-review

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

More information about the Ssr2-review mailing list