[Gdd-gnso-ppsai-impl] Materials and agenda for 13 June PP IRT meeting

[Janelle McAlister]

Hi Amy,

Here is my feedback on the PSWG proposal - there is some overlap with previous comments

1.1.  This must be limited to the providers local jurisdiction only.   Law enforcement or government consumer protection agencies should be included, but I question whether non-government consumer protection agencies should be included.

1.4.  The requestor should be required to provide a subpoena for the additional, non-contact information including billing and payment information including bank account numbers, billing records, credit and debit card details: verification documents: account access data including session times, duration and associate IP addresses; this additional information may not be easily accessed or available

2.1.1. should be limited to Domain Name only - remove "URL involved"

3.1.1. Providing the email address on a website will drastically increase the spam and abuse of the email address and may delay responses to legitimate request.

3.2.1. Change to "Within 48 hours during standard working days and 72 hours during weekends and holidays"

3.2.2. The burden to prove the identity of the requestor should be on the requestor

4.1.2. Change response time to 48 hours during standard working days and 72 hours during weekends and holidays

4.3. The provider will notify the customer of the disclosure request unless the requestor has provided a subpoena


Thanks,
Janelle


From: gdd-gnso-ppsai-impl-bounces at icann.org [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of DiBiase, Gregory via Gdd-gnso-ppsai-impl
Sent: Friday, June 09, 2017 12:28 PM
To: gdd-gnso-ppsai-impl at icann.org
Subject: Re: [Gdd-gnso-ppsai-impl] Materials and agenda for 13 June PP IRT meeting

Hi Amy,

Some more feedback on the PSWG proposal below.  (there may be some overlap with previous comments, but I wanted to be as specific as possible)

Section 1.4: "Requested Information" significantly exceeds the scope of the policy and the type of information contained in WHOIS data (e.g., credit card information and account access data/session times). Depending on the jurisdiction, a subpoena or court order may be required for some of the information contained in this definition.
Section 1.5: "Priority level" and various priorities should be better defined. Perhaps in a tiered system with defined turnaround times? (e.g., High Priority requests require a response time of 48 hours)
Section 2.1:  The Minimum Requirements should include some form of verification statement, e.g., all provided information is true and correct.
Section 2.1.3: This clause should include the legal authority justifying the provision of data.  Something like, "Details of Requested Information and legal authority to obtain each element thereof".  Currently, there is no requirement in the document for the legal authority justifying the provision of data to be spelled out (just the identity of the authority in 2.1.2 and the optional "reference" to laws in 2.2.3).
Section 3.2.2: How will the Provider verify the identity of the Requestor and ensure that such requests are not fraudulent? Authentication and verification are critical.
Section 4.2.2.3: Disclosure can be refused where "disclosure will endanger the safety of the customer."  That's a high standard and will be difficult for Providers to interpret in practice.  It's conceivable people other than the customer could be endangered as well.  At a minimum, the language should be "...disclosure may endanger the safety of the customer or others."
Section 4.2.3:  Provider must respond to Requestor with specific reasons for refusal, which must happen before any Customer Notification.  While Providers generally will and likely should notify Requestor before issuing a Customer Notification, there could be exceptions.
Section 4.2.5: This is a very vague reconsideration provision.  There is no standard for reconsideration requests.

Thanks,
Greg


From: gdd-gnso-ppsai-impl-bounces at icann.org<mailto:gdd-gnso-ppsai-impl-bounces at icann.org> [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Amy Bivins
Sent: Friday, June 09, 2017 6:10 AM
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>
Subject: [Gdd-gnso-ppsai-impl] Materials and agenda for 13 June PP IRT meeting

Dear Colleagues,

On our next PP IRT call, scheduled for 13 June, 1400 UTC, we will continue discussing your feedback on the PSWG proposal.

To aid this discussion, I'm attaching two documents that include the input provided from the IRT so far.

(1)    A detailed account of all IRT feedback submitted, in table format; and

(2)    A high-level summary of IRT feedback as a markup on the proposal document.

On Tuesday, I'm planning to start at the top of the document and we will go through your feedback section by section, and discuss proposed talking points and questions for the PSWG (and proposed edits, if you have any at this stage). The goal of this exercise is to compile a list of significant issues (and proposed changes/solutions) the IRT would like to present to the PSWG for discussion in Johannesburg. We hope to be able to complete this exercise and have a document ready to share with the PSWG before 23 June.

As an update on ICANN59 planning, we are still working to secure space for an IRT-PSWG meeting. Due to the late date, availability is a challenge, but we will find a space. We have a tentative spot for Tuesday, 27 June, 14:15-15:00 local time (UTC+2). The room we have available for this time slot is quite small and lacks meeting technical capabilities (microphones, etc), so we are working to find any other better alternative before sending out a meeting invitation. If this is our best option, we will likely run the call as a regular IRT meeting, with audio connected via Adobe Connect.

To aid our planning, if you are planning to attend this meeting in person, could you please let me know?

Thanks so much in advance, and I look forward to meeting with you on Tuesday. If you have additional comments on the PSWG proposal between now and Tuesday, please share them on the list.

Best,
Amy

Amy E. Bivins
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax:  +1 (202) 789-0104
Email: amy.bivins at icann.org<mailto:amy.bivins at icann.org>
www.icann.org<http://www.icann.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20170612/8d2ddc97/attachment.html>