[Gdd-gnso-ppsai-impl] FW: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments
Sara Bockey
sbockey at godaddy.com
Wed Dec 6 19:30:41 UTC 2017
Thanks, Caitlin!
When can we expect the agenda and all related docs for the next meeting?
Sara
sara bockey
sr. policy manager | GoDaddy™
sbockey at godaddy.com 480-366-3616
skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
On 12/6/17, 12:29 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces at icann.org on behalf of caitlin.tubergen at icann.org> wrote:
Hi Theo,
Thank you for the question.
Attached, please find the updated draft PPAA, which includes Peter’s comments.
I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly.
Kind regards,
Caitlin
On 12/6/17, 4:12 AM, "gtheo" <gtheo at xs4all.nl> wrote:
Hi Caitlin,
Are Peters comments going to be added to the draft so we can discuss
them?
Thanks,
Theo
Caitlin Tubergen schreef op 2017-12-05 04:07 PM:
> FROM: "Roman, Peter (CRM)" <Peter.Roman at usdoj.gov>
> DATE: Tuesday, December 5, 2017 at 5:40 AM
> TO: Caitlin Tubergen <caitlin.tubergen at icann.org>,
> "gdd-gnso-ppsai-impl at icann.org" <gdd-gnso-ppsai-impl at icann.org>
> SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments
>
> Good morning all –
>
> I have a few additional comments on the draft:
>
> Overall – this agreement seems to misunderstand the point of having
> a high priority request mechanism. High priority requests are usually
> emergencies where victims are moments away from danger. Not requiring
> immediate responses to these requests renders them moot. A request
> that is answered within 24 hours, but 20 hours after the victim is
> dead, does not respect the importance of the request or the imminence
> of the danger.
>
> 3.12.2 - If the abuse contact point is not monitored 24/7, how are
> providers going to respond to high priority requests in time?
>
> SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK
> SPECIFICATION
>
> 3.1 – This is the same issue as for 3.12.2 in the main bod of the
> agreement, if the point of contact is not required to be available
> 24/7, it defeats the purpose of the high priority requests.
>
> 3.2.1 – This part of the receipt process combined with 4.1 creates a
> two day window before providers have to even address whether a request
> is high priority, again defeating the purpose of having a high
> priority request.
>
> 4.1.1 – By waiting to respond until after the Receipt Process is
> complete, which can take up to two days under 3.2.1, the agreement
> renders the high priority request provisions moot.
>
> 4.1.2 – Responding to high priority requests within 24 hours is not
> sufficient. A request that is answered within 24 hours, but 20 hours
> after the victim is dead, does not respect the importance of the
> request or the imminence of the danger. High priority requests need
> to be responded to more or less immediately.
>
> 4.3.2 – The Provider should be required to disclose changes to the
> timeframe for notification of the Customer to LEA Requestors with
> current requests (i.e., “should” should be “must”). If the
> Customer is a target, notifying the Customer without alerting LEA can
> lead to the Customer destroying evidence, fleeing, or even threatening
> or killing informants who led law enforcement to the Customer’s
> account in the first place.
>
> 5.1 – I do not understand the purpose of this provision. LEA is not
> a party to this agreement and the agreement has no ability to bind LEA
> actions if the Provider fails to respond to a request.
>
> 6.2 – I do not understand the purpose of this provision either. LEA
> is not a party to this agreement and the agreement has no ability to
> bind LEA use of the evidence provided by the Provider.
>
> Peter Roman
>
> Senior Counsel
>
> Computer Crime & Intellectual Property Section
>
> Criminal Division
>
> Department of Justice
>
> 1301 New York Ave., NW
> Washington, DC 20530
> (202) 305-1323
>
> peter.roman at usdoj.gov
>
> FROM: Caitlin Tubergen [mailto:caitlin.tubergen at icann.org]
> SENT: Monday, December 4, 2017 11:36 PM
> TO: gdd-gnso-ppsai-impl at icann.org
> CC: Roman, Peter (CRM) <Peter.Roman at CRM.USDOJ.GOV>
> SUBJECT: Agenda + Updated Draft PPAA with IRT comments
>
> Greetings, Colleagues.
>
> Thank you for all of your input on the draft Privacy and Proxy Service
> Provider Accreditation Agreement (“PPAA”).
>
> Attached, you will find an updated PPAA, which incorporates the
> comments received. I am also working on updating the issues list and
> will be distributing the list some time tomorrow.
>
> For tomorrow’s call, we can begin by discussing some of the
> high-level issues some of the IRT members have raised. Specifically:
>
> * The concern that the text of the PPAA does not match the WG’s
> recommendations
> * The idea of having two PPAAs: one for affiliated providers and one
> for unaffiliated providers
> * The IRT’s preferred path forward for dealing with the comments
> received
>
> Additionally, I’d like to note two things. First, further to
> Darcy’s message today, the GNSO Council recently voted to move the
> Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I
> believe the Council directed this issue to be discussed during the
> public comment period. Darcy, please feel free to add additional
> context either on the list or on tomorrow’s call.
>
> Lastly, there have been several mentions of GDPR as a potential
> issue/barrier to the PPSAI implementation. I would like to note that
> ICANN has engaged legal experts to analyze the impact the European
> Union General Data Protection Regulation (“GDPR”) will have on
> various data processing activities under ICANN policies and contracts.
> Such policies and contracts require or permit various entities that
> participate in the gTLD domain name system, including registries and
> registrars, to collect, create, retain, escrow, and publish a variety
> of personal data elements related to registry/registrar operations,
> domain name registrations, and registrants.
>
> The legal review and analysis is being conducted in iterative phases,
> and ICANN gathered questions from community discussions and
> submissions to submit to the legal experts for possible discussion in
> Part 2 of the analysis. One of the questions included the following:
> “ICANN org is working with the community to develop implementation
> details for consensus policy recommendations governing the
> accreditation of privacy and proxy providers. How should GDPR
> requirements be factored into developing the accreditation process?”
> We will certainly keep you apprised of any feedback we receive.
>
> See you on our call tomorrow.
>
> Kind regards,
>
> Caitlin
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing list
> Gdd-gnso-ppsai-impl at icann.org
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
More information about the Gdd-gnso-ppsai-impl
mailing list