[Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Lindsay Hamilton-Reid
Lindsay.Hamilton-Reid at fasthosts.com
Tue Feb 13 10:00:54 UTC 2018
No, I was not suggesting that but if the registrar is listed on the WHOIS, then that is another avenue for LEAs to contact them. As I said, I am sure most registrars have regular dealings with LEAs and have their own methods of contact. I know we do.
Lindsay Hamilton-Reid
Senior Legal Counsel
Direct: +44 (0)1452 509145 | Mobile: 07720 091147 | Email: Lindsay.Hamilton-Reid at 1and1.co.uk<mailto:Lindsay.Hamilton-Reid at 1and1.co.uk>
www.fasthosts.co.uk<http://www.fasthosts.co.uk/> www.1and1.co.uk<http://www.1and1.co.uk/>
[fh-1and1]
© 2015 All rights reserved. Fasthosts is the trading name of Fasthosts Internet Limited. Company registration no. 03656438. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 720821857. 1&1 is the trading name of 1&1 Internet Limited. Company registration no. 03953678. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 752539027.
This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify 1&1 on 0844 335 1211 or Fasthosts on 0333 0142 700. Any statements, opinions or information in this message are provided by the author, not on behalf of 1&1 and/or Fasthosts, unless subsequently confirmed by an individual who is authorised to represent 1&1 and/or Fasthosts.
[linkedin]<http://www.linkedin.com/company/fasthosts-internet-ltd>[twitter]<https://twitter.com/Fasthosts>[facebook]<https://www.facebook.com/fasthostsinternet>[gplus]<https://plus.google.com/u/0/b/107582097021398424605/+fasthosts/posts>[blog]<http://blogs.fasthosts.co.uk/>[youtube]<http://www.youtube.com/user/Fasthostsinternet>
From: Roman, Peter (CRM) [mailto:Peter.Roman at usdoj.gov]
Sent: 09 February 2018 18:00
To: Lindsay Hamilton-Reid <Lindsay.Hamilton-Reid at fasthosts.com>; gdd-gnso-ppsai-impl at icann.org
Subject: RE: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
So are you suggesting that privacy providers should provide law enforcement with an emergency number for emergencies?
Peter Roman
Senior Counsel
Computer Crime & Intellectual Property Section
Criminal Division
Department of Justice
1301 New York Ave., NW
Washington, DC 20530
(202) 305-1323
peter.roman at usdoj.gov<mailto:peter.roman at usdoj.gov>
From: Lindsay Hamilton-Reid [mailto:Lindsay.Hamilton-Reid at fasthosts.com]
Sent: Friday, February 9, 2018 12:08 PM
To: Roman, Peter (CRM) <Peter.Roman at CRM.USDOJ.GOV<mailto:Peter.Roman at CRM.USDOJ.GOV>>; gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>
Subject: RE: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
The point that appears to be missing is the burden on privacy providers. The 24 hour timeline is not acceptable. As a registrar, if law enforcement need to take immediate action, then they contact us directly, not through an abuse email contact. If it is out of hours, most registrars have an emergency number.
Many thanks
Lindsay
Lindsay Hamilton-Reid
Senior Legal Counsel
Direct: +44 (0)1452 509145 | Mobile: 07720 091147 | Email: Lindsay.Hamilton-Reid at 1and1.co.uk<mailto:Lindsay.Hamilton-Reid at 1and1.co.uk>
www.fasthosts.co.uk<http://www.fasthosts.co.uk/> www.1and1.co.uk<http://www.1and1.co.uk/>
[fh-1and1]
© 2015 All rights reserved. Fasthosts is the trading name of Fasthosts Internet Limited. Company registration no. 03656438. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 720821857. 1&1 is the trading name of 1&1 Internet Limited. Company registration no. 03953678. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 752539027.
This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify 1&1 on 0844 335 1211 or Fasthosts on 0333 0142 700. Any statements, opinions or information in this message are provided by the author, not on behalf of 1&1 and/or Fasthosts, unless subsequently confirmed by an individual who is authorised to represent 1&1 and/or Fasthosts.
[linkedin]<http://www.linkedin.com/company/fasthosts-internet-ltd>[twitter]<https://twitter.com/Fasthosts>[facebook]<https://www.facebook.com/fasthostsinternet>[gplus]<https://plus.google.com/u/0/b/107582097021398424605/+fasthosts/posts>[blog]<http://blogs.fasthosts.co.uk/>[youtube]<http://www.youtube.com/user/Fasthostsinternet>
From: Roman, Peter (CRM) [mailto:Peter.Roman at usdoj.gov]
Sent: 09 February 2018 17:05
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>; Lindsay Hamilton-Reid <Lindsay.Hamilton-Reid at fasthosts.com<mailto:Lindsay.Hamilton-Reid at fasthosts.com>>
Subject: RE: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
I don’t understand this argument. Isn’t the high priority request process the direct way to contact the provider in an emergency? Isn’t that the whole point?
Peter Roman
Senior Counsel
Computer Crime & Intellectual Property Section
Criminal Division
Department of Justice
1301 New York Ave., NW
Washington, DC 20530
(202) 305-1323
peter.roman at usdoj.gov<mailto:peter.roman at usdoj.gov>
From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Sara Bockey
Sent: Friday, February 9, 2018 11:52 AM
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>; Lindsay Hamilton-Reid <Lindsay.Hamilton-Reid at fasthosts.com<mailto:Lindsay.Hamilton-Reid at fasthosts.com>>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
As the proposal states, in High Priority instances (meaning a loss of life emergency), the onus should be on LEA to make every effort to contact and speak with the Provider (or its affiliated Registrar), so in my view this may or may not be after the 2 days depending on how proactive the LEA is. If you submit an email or send a FedEX instead of getting on the phone, yes, you will likely still be subject to some processing delay even if they move you to the front of the queue.
sara bockey
sr. policy manager | GoDaddy™
sbockey at godaddy.com<mailto:sbockey at godaddy.com> 480-366-3616
skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org<mailto:gdd-gnso-ppsai-impl-bounces at icann.org>> on behalf of "Roman, Peter (CRM)" <Peter.Roman at usdoj.gov<mailto:Peter.Roman at usdoj.gov>>
Reply-To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>
Date: Friday, February 9, 2018 at 9:32 AM
To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>, Lindsay Hamilton-Reid <Lindsay.Hamilton-Reid at fasthosts.com<mailto:Lindsay.Hamilton-Reid at fasthosts.com>>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Are we still talking about ‘within 24 hours’ or ‘as soon as possible’ after the 2 business days that providers have to review the request?
Peter Roman
Senior Counsel
Computer Crime & Intellectual Property Section
Criminal Division
Department of Justice
1301 New York Ave., NW
Washington, DC 20530
(202) 305-1323
peter.roman at usdoj.gov<mailto:peter.roman at usdoj.gov>
From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Theo Geurts
Sent: Friday, February 9, 2018 11:03 AM
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>; Lindsay Hamilton-Reid <Lindsay.Hamilton-Reid at fasthosts.com<mailto:Lindsay.Hamilton-Reid at fasthosts.com>>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Agree with Lindsay.
Theo
On 9-2-2018 16:42, Lindsay Hamilton-Reid wrote:
+1 Sara with one caveat. I would prefer that it stated ‘Provider shall use reasonable efforts to respond to the request as soon as possible’ as opposed to Provider shall use its best efforts to action the request within 24 hours. Action suggests that the Provider should have physically done something, which may or may not be possible and puts an onerous burden on the Provider.
Many thanks
Lindsay
Lindsay Hamilton-Reid
Senior Legal Counsel
Direct: +44 (0)1452 509145 | Mobile: 07720 091147 | Email: Lindsay.Hamilton-Reid at 1and1.co.uk<mailto:Lindsay.Hamilton-Reid at 1and1.co.uk>
www.fasthosts.co.uk<http://www.fasthosts.co.uk/> www.1and1.co.uk<http://www.1and1.co.uk/>
[fh-1and1]
© 2015 All rights reserved. Fasthosts is the trading name of Fasthosts Internet Limited. Company registration no. 03656438. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 720821857. 1&1 is the trading name of 1&1 Internet Limited. Company registration no. 03953678. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 752539027.
This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify 1&1 on 0844 335 1211 or Fasthosts on 0333 0142 700. Any statements, opinions or information in this message are provided by the author, not on behalf of 1&1 and/or Fasthosts, unless subsequently confirmed by an individual who is authorised to represent 1&1 and/or Fasthosts.
[linkedin]<http://www.linkedin.com/company/fasthosts-internet-ltd>[twitter]<https://twitter.com/Fasthosts>[facebook]<https://www.facebook.com/fasthostsinternet>[gplus]<https://plus.google.com/u/0/b/107582097021398424605/+fasthosts/posts>[blog]<http://blogs.fasthosts.co.uk/>[youtube]<http://www.youtube.com/user/Fasthostsinternet>
From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Sara Bockey
Sent: 09 February 2018 15:38
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Personally, clarifying the word “action” is only marginally helpful. I’m more concerned with the content and the fact that the LEA framework as currently written creates a presumption of disclosure.
To answer Peter’s question, I’m not saying “Providers get to choose whether to respond to law enforcement requests at all”, but the Provider DOES get to follow due process and doesn’t have to volunteer information just because LEA asks for it.
That said, perhaps we can use the following as a starting point for our conversation regarding High Priority on Tuesday. I will be the first to say this language needs work and input from others:
Where a disclosure request is categorized as High Priority, LEA will make every effort to contact the Provider directly to discuss the matter, and should it be determined that Provider has useful information, Provider shall use its best efforts to action the request within 24 hours, noting that a court order/subpoena may still be required prior to release of any information. Registrar will not be required to take any action in contravention of applicable law.
Regards,
Sara
sara bockey
sr. policy manager | GoDaddy™
sbockey at godaddy.com<mailto:sbockey at godaddy.com> 480-366-3616
skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org<mailto:gdd-gnso-ppsai-impl-bounces at icann.org>> on behalf of Michele Neylon <michele at blacknight.com<mailto:michele at blacknight.com>>
Reply-To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>
Date: Thursday, February 8, 2018 at 8:36 AM
To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Steve
That might help, though I’ll defer to Sara and Co
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org<mailto:gdd-gnso-ppsai-impl-bounces at icann.org>> on behalf of Steven Metalitz <met at msk.com<mailto:met at msk.com>>
Reply-To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>
Date: Thursday 8 February 2018 at 15:12
To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
I wonder whether part of the problem here is the use of “action” as a verb. I certainly don’t read that as establishing a “presumption of disclosure.” I read it as saying that the provider will take action on the request within 24 hours (or whatever the time frame is, for non-priority requests). That action could be (1) disclosure; (2) refusal to disclose, based on one of the grounds listed in the specification; or (3) refusal to disclose for the time being, based on the LEA not having provided all the needed information, as spelled out in the specification. ( I guess (3) is really a subset of (2), since 4.2.2.1 provides this ground for non-disclosure.)
So would it clarify to define the word “action” where it appears in 4.1.1 as follows (or something similar): “As used in this subsection, “action” means (i) to disclose to the LEA requestor, or (ii) to refuse to disclose to the LEA requestor, citing one or more of the reasons listed in 4.2.2”?
Another way to draft this is to append to “action” the parenthetical “in accordance with subsection 4.2,” which includes both the options listed (as well as the option of extending the deadline, “in exceptional circumstances,” see 4.2.4).
Could Sara or others give some examples of reasons beyond those listed in 4.2.2 on which a Provider might validly rely for non-disclosure?
Steve Metalitz
[image001]
Steven J. Metalitz | Partner, through his professional corporation
T: 202.355.7902 | met at msk.com<mailto:met at msk.com>
Mitchell Silberberg & Knupp LLP | www.msk.com<http://www.msk.com/>
1818 N Street NW, 8th Floor, Washington, DC 20036
THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.
From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Amy Bivins
Sent: Thursday, February 08, 2018 9:25 AM
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Thank you, Sara, for this very specific proposed change. What do others think of this language?
From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of Sara Bockey
Sent: Thursday, February 8, 2018 9:22 AM
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Dear Amy,
I will reiterate my concern that the LEA framework, as currently written, creates a presumption of disclosure if LEAs check all the right boxes. Because this decision ultimately resides with the provider, based on due process, this must be reflected in the framework. Therefore, the following is problematic:
You wrote:
“the Provider must review the request and confirm to the LEA requester that it has been received and contains the relevant information required to meet the minimum standard for acceptance (See 3.2.1 of Specification 4). (2) The Provider must then action the request in accordance with the priority level (within 24 hours for “high priority” requests (4.1.2); or within the timeline requested by LEA, if possible, for other requests (See 4.1.3).”
At the very minimum, I believe we need to add “without limitations” back to section 4.2.2. (Forgive me, I can’t recall where we landed on this and fear if I wait to see the revised document it will be deemed “too late” to discuss.) What’s listed under 4.2.2 should be non-limiting examples for when disclosure can be reasonably refused.
Regarding high priority requests, Volker has proposed:
"Where a disclosure request has been categorized as High Priority, Provider shall use its best efforts towards actioning the request within 24 hours on business days or as close as possible to this."
Another option could be something like “actioning the request within 24 hours for up to 90% (or some other level determined acceptable by Providers) of incidences.”
Your proposed language, namely, “Where a disclosure request has been categorized as High Priority, this must be actioned within 24 hours of completion of the receipt process outlined in Section 3.2.” The LEA Requestor will detail the threat type and justification for a request with a Priority Level of High Priority”, remains overly strict, uses language that creates a presumption of disclosure, and is not acceptable.
Thanks,
Sara
sara bockey
sr. policy manager | GoDaddy™
sbockey at godaddy.com<mailto:sbockey at godaddy.com> 480-366-3616
skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org<mailto:gdd-gnso-ppsai-impl-bounces at icann.org>> on behalf of Amy Bivins <amy.bivins at icann.org<mailto:amy.bivins at icann.org>>
Reply-To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>
Date: Monday, February 5, 2018 at 11:58 AM
To: "gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>" <gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Hi, All,
Thanks so much for your contribution to this discussion thus far, and I encourage the IRT to continue this discussion between now and our next meeting on the 13th.
As a reminder of how we arrived at this point, the Final Report contained a few guidelines for any future LEA disclosure framework (see p. 16), “In the event that a Disclosure Framework is eventually developed for LEA requests, the WG recommends that the Framework expressly include requirements under which at a minimum: (a) the Requester agrees to comply with all applicable data protection laws and to use any information disclosed to it solely for the purpose to determine whether further action on the issue is warranted, to contact the customer, or in a legal proceeding concerning the issue for which the request was made; and (b) exempts Disclosure where the customer has provided, or the P/P service provider has found, specific information, facts, and/or circumstances showing that Disclosure will endanger the safety of the customer.”
* Jan 2016 Final Report: Guidelines re: any future LEA framework
* June 2016 GAC Helsinki Communique: advising ICANN Board to ensure that GAC concerns are effectively addressed in the implementation phase of the Privacy/Proxy Service Provider Accreditation Program to the greatest extent possible. The GAC advised that its input and feedback should be sought out as necessary in developing a proposed implementation plan, including through participation of the GAC Public Safety Working Group (PSWG) on the Implementation Review Team (IRT).
* December 2016: ICANN Board directs ICANN Org to continue to encourage dialogue between the IRT and the PSWG to address GAC concerns during implementation, to the extent that so doing is consistent with Policy Recommendations.
* Jan 2017: IRT invites PSWG to share strawman proposal, http://mm.icann.org/pipermail/gdd_pp_irt_lea/2017-January/000003.html.
* June 2017: PSWG shares strawman proposal with IRT
* Jun-Sept 2017: IRT discussions re: LEA framework (among other topics)
* Jan/Feb 2018: Continued IRT discussions re: lingering open items in LEA FW
Following over six months of discussions on this draft framework, the only remaining item appears to be how to handle “high priority” requests in terms of timing. In the last request to the IRT on this topic, sent to the IRT on 23 Jan, http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/2018-January/000525.html, we requested any final feedback on this topic with a deadline of 28 Jan. No responses were sent to the list.
This proposed language was distributed today for discussion as a proposed solution to resolve potential ambiguity in the Final Draft prior to going to public comment. This proposal is an attempt to reflect all IRT member input received on the topic to date.
Please share any comments on the list with the goal of reaching a resolution to this issue prior to our next meeting.
Best,
Amy
From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] On Behalf Of theo geurts
Sent: Monday, February 5, 2018 12:32 PM
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>; Sara Bockey <sbockey at godaddy.com<mailto:sbockey at godaddy.com>>
Subject: Re: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Agreed Sara,
It seems, or at least, we create a suggestion that if process X is followed, disclosure will happen, that is not the case, and never has been the case, providers must follow due process, always.
If we create a set of LEA procedures, they need to realistic and clear and never put a provider in a position where contractual agreements put pressure on a provider to comply with applicable law. But the first step in this process is to figure out if we are not out of scope as an IRT to create such procedures.
Theo
On 5-2-2018 18:05, Sara Bockey wrote:
A few items.
Again, I’m concerned that we are creating policy, not implementing it. Granted, the framework outlined in the Final Report is not as robust as what is detailed for IPC, but then again LEA did not participate in the PDP process. The IRT is not the place to be creating policy for LEAs.
That said, the problem with a strict 24-hour period is that it doesn’t acknowledge certain situations/matters may require additional time, falling outside a 24-hour period despite a Provider’s best efforts. Language such as “Where a disclosure request has been categorized as High Priority, this must be actioned within 24 hours” are overly strict and sets the Provider up for failure/being out of compliance due to circumstances beyond its control.
Finally, I fear the LEA framework as currently written creates unrealistic expectations/SLAs. There seems to be a presumption of disclosure – if LEAs check all the right boxes, the information will be disclosed. However, this decision should reside with the provider, who does not have to bypass due process just to please LEAs.
sara bockey
sr. policy manager | GoDaddy™
sbockey at godaddy.com<mailto:sbockey at godaddy.com> 480-366-3616
skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org><mailto:gdd-gnso-ppsai-impl-bounces at icann.org> on behalf of Amy Bivins <amy.bivins at icann.org><mailto:amy.bivins at icann.org>
Reply-To: "gdd-gnso-ppsai-impl at icann.org"<mailto:gdd-gnso-ppsai-impl at icann.org> <gdd-gnso-ppsai-impl at icann.org><mailto:gdd-gnso-ppsai-impl at icann.org>
Date: Monday, February 5, 2018 at 7:51 AM
To: "gdd-gnso-ppsai-impl at icann.org"<mailto:gdd-gnso-ppsai-impl at icann.org> <gdd-gnso-ppsai-impl at icann.org><mailto:gdd-gnso-ppsai-impl at icann.org>
Subject: [Gdd-gnso-ppsai-impl] Request for IRT Feedback: LEA Framework Specification, Receipt Process's Application to High Priority Requests
Dear Colleagues,
As mentioned on the list a couple of weeks ago, the current draft PPAA is still a bit ambiguous regarding how the review process outlined in Section 3.2.1 applies to high priority requests. We need ensure that the draft is clear about this requirement when we go out for public comment (and if there is opposition to the proposed requirement by any members of the IRT, this will be flagged in the call for comments).
Upon reviewing the IRT’s input to date, I am proposing an edit that I believe reflects the IRT discussion on this point. Please review and provide your comments on this proposed language no later than this Friday, 9 February.
To summarize, the current draft contains a two-step process for Providers upon receipt of a request from LEA. (1) Within two business days, the Provider must review the request and confirm to the LEA requester that it has been received and contains the relevant information required to meet the minimum standard for acceptance (See 3.2.1 of Specification 4). (2) The Provider must then action the request in accordance with the priority level (within 24 hours for “high priority” requests (4.1.2); or within the timeline requested by LEA, if possible, for other requests (See 4.1.3).
The current language may be a bit ambiguous as to whether the two business day “review period” applies before the 24-hour period for responding to high priority requests (as explained in more detail in the attached message). The view of registrar IRT members appears to be that requiring action within 24 hours of receipt of an LEA request, even if it is a high priority request, is unacceptable. PSWG members of the IRT disagree. Other IRT members appear to have mixed views on this (some referenced the RAA requirement that “Well-founded reports of Illegal Activity submitted to these [dedicated LEA] contacts must be reviewed within 24 hours by an individual who is empowered by Registrar to take necessary and appropriate actions in response to the report.” Registrar members of the IRT said that the RAA-required review is less intensive than the PPAA review due to the specific requirements in the PPAA draft).
Based on the views expressed within the IRT, it appears that one potential solution to this ambiguity would be to update Section 4.1.2 to state that (proposed edit in red), “Where a disclosure request has been categorized as High Priority, this must be actioned within 24 hours of completion of the receipt process outlined in Section 3.2.” The LEA Requestor will detail the threat type and justification for a request with a Priority Level of High Priority.”
The practical impact of this proposed change would be that the provider must action a high priority request within 24 hours of determining that the request meets the minimum standard for acceptance. If the provider completes the receipt process sooner than 2 business days after receipt of the request, this would start the 24-hour clock for actioning the request. Thus, this could shorten the response window a bit, partially addressing the PSWG concerns of a “two business days plus 24 hours” requirement, while also addressing registrar concerns by not starting the clock until the provider has time to review the request, if the full time of the receipt process is required to conduct that review.
Please provide your feedback on this proposed change no later than this Friday, 9 Feb. And if you have further comments on this, please share those as well.
Best,
Amy
Amy E. Bivins
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax: +1 (202) 789-0104
Email: amy.bivins at icann.org<mailto:amy.bivins at icann.org>
www.icann.org<http://www.icann.org>
_______________________________________________
Gdd-gnso-ppsai-impl mailing list
Gdd-gnso-ppsai-impl at icann.org<mailto:Gdd-gnso-ppsai-impl at icann.org>
https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
_______________________________________________
Gdd-gnso-ppsai-impl mailing list
Gdd-gnso-ppsai-impl at icann.org<mailto:Gdd-gnso-ppsai-impl at icann.org>
https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 13684 bytes
Desc: image001.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image001-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 1905 bytes
Desc: image002.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image002-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 2011 bytes
Desc: image003.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image003-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 2026 bytes
Desc: image004.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image004-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 2028 bytes
Desc: image005.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image005-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 2005 bytes
Desc: image006.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image006-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 2030 bytes
Desc: image007.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image007-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 13685 bytes
Desc: image008.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image008-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.jpg
Type: image/jpeg
Size: 1906 bytes
Desc: image009.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image009-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.jpg
Type: image/jpeg
Size: 2012 bytes
Desc: image010.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image010-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image011.jpg
Type: image/jpeg
Size: 2027 bytes
Desc: image011.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image011-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image012.jpg
Type: image/jpeg
Size: 2029 bytes
Desc: image012.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image012-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.jpg
Type: image/jpeg
Size: 2006 bytes
Desc: image013.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image013-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.jpg
Type: image/jpeg
Size: 2031 bytes
Desc: image014.jpg
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image014-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image015.gif
Type: image/gif
Size: 2775 bytes
Desc: image015.gif
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180213/6fda3585/image015-0001.gif>
More information about the Gdd-gnso-ppsai-impl
mailing list