[Gdd-gnso-ppsai-impl] Summary of today's privacy/proxy IRT call, IRT action items

Amy Bivins amy.bivins at icann.org
Tue Jan 16 18:14:36 UTC 2018 

Dear Colleagues,

Thanks so much for your active participation on today's privacy/proxy IRT call. If you were unable to attend, I encourage you to listen to the recording, which is available on the wiki, https://participate.icann.org/p8nkvqvkvyr/

Today we began reviewing the most recent round of IRT member comments on the PPAA specifications. Some high-level notes regarding our discussions are below. Please send any additional input you have on the topics discussed today to the list no later than the end of this week. Next week, we will pick up where we left off today on the LEA disclosure framework specification.

Specification 1: Customer Data Accuracy Specification
Issue 1: Re: IRT member comment-this specification needs to be revisited, confusing as to how this is impacted by Affiliate/TPP status
Proposed Solution: Move Section 3 to the beginning of this specification.

Issue 2: Should Section 1 be edited to add an additional trigger-when the privacy and/or proxy service is enabled?
Rationale: PP Service could be turned on in response to a WHOIS accuracy complaint, resulting in the shielding of potentially inaccurate information instead of validation/verification.
               IRT Feedback on this proposal was mixed. Additional feedback is requested.

Issue 3: In Section 5, IRT member recommended that all references to registrars to terminate or suspend should be removed.
               Rationale: Registrars are not bound by this contract.
IRT Feedback: At a minimum, registrars should be notified if PP service is suspended or terminated due to inaccurate customer contact information. This will trigger registrar obligations under the RAA to validate/verify.
Issue 4:   In Section 6, does addition of "by Registrar" solve issue (to clarify that PP provider cannot place names on clientHold or TransferProhibited status)?
               IRT Feedback seemed to support this change.

Specification 2: Registration Data Directory Service Labeling Specification
Issue 1: Is this specification attempting to require retention of this data, or to simply identify what information should appear in WHOIS for PP registrations? Assuming the latter, this specification should be updated (perhaps in introductory language in Section 1, and potentially moving up section 3) to clearly note this purpose. In addition, labeling requirements for "registrant organization" field should be added as an example in Section 1.

Sections 3.2.1 and 3.5.3 should also be reviewed to ensure consistency across contract text, data retention specification and this specification.

Specification 3: Consensus Policies and Temporary Policies Specification
Issue 1: Feedback from Theo Geurts (Re: Section 1.2.1)-how does a privacy service endanger the security or stability of the internet?
Comments on today's call: IRT member comment-this should only be included if there is a specific purpose for this; Other IRT members-there are instances where someone acting in a manner that could endanger security/stability may be hiding behind a PP service
Proposed Next Steps: If no further IRT feedback to the contrary, reasons to keep this section appear to have been identified.

Issue 2: IRT member Feedback Re: Section 1.3-I think we can delete all sections in 1.3 as they deal with domain name registrations in general rather than providing a privacy service. We could say privacy providers should not practice warehousing, but that is not what it currently says.
               Comments from today's call: At least some of these sections appear to be relevant to PP services (see, e.g. Sections 1.3.6)
Proposed Next Steps: If IRT members would like to identify any sections that they believe should be deleted, please send specific suggestions to the list this week.

Specification 4: Law Enforcement Authority Disclosure Framework Specification
Issue 1: Proposal to change references to "national or international law" to "applicable law"
               Comments from today's call: No issues raised on call
               Proposed next steps: Update language throughout specification if no contrary input from IRT.

Issue 2: Timeline for processing/responding to "high priority" requests
Current status: PPAA draft provides for two business days for providers to process LEA requests and ensure they meet minimum standards for acceptance (Section 3.2.1). If a request meets criteria for "high priority" request, provider must action the request within 24 hours (Section 4.1.2)
Comments from today's call: Timeline for provider responses to high priority LEA requests was revisited. PSWG representative stated that this is too long. Some Rr representatives on call reiterated prior feedback that receipt process may require legal/outside review, and that 2 business days is appropriate timeframe.
Proposed next steps: This discussion mirrors points raised in prior discussions regarding this framework (summary of most recent discussions in August, including results of IRT poll regarding potential changes from "2 business day" review period, attached). This topic will be continued next week. If there is continued disagreement among IRT stakeholders after Tuesday's call, this item will be specifically flagged for community input in the call for public comments.

Best,
Amy

Amy E. Bivins
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax:  +1 (202) 789-0104
Email: amy.bivins at icann.org<mailto:amy.bivins at icann.org>
www.icann.org<http://www.icann.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180116/0d641112/attachment-0001.html>
-------------- next part --------------
An embedded message was scrubbed...
From: Amy Bivins <amy.bivins at icann.org>
Subject: [Gdd-gnso-ppsai-impl] Notes,	action items from today's Privacy/Proxy IRT call
Date: Tue, 29 Aug 2017 18:12:12 +0000
Size: 3183030
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180116/0d641112/attachment-0001.mht>

More information about the Gdd-gnso-ppsai-impl mailing list