[Gdd-gnso-ppsai-impl] Summary of today's privacy/proxy IRT call, IRT action items
Theo Geurts
gtheo at xs4all.nl
Thu Jan 18 18:52:20 UTC 2018
Agreed with Sara,
If we are creating new policy, we should move that to the GNSO Council;
this is not within the scope of an IRT to create policy.
Regarding WG recommendations.
The recommendations are usually a result of a very long deliberation
process, so we need to be careful.
Flagging it for the comment period is not sufficient.
If for whatever reason a recommendation is no longer deemed adequate,
then it should be moved to the GNSO Council, we should not overstep our
mandate as an IRT.
Thanks,
Theo
On 18-1-2018 18:17, Sara Bockey wrote:
>
> Please see my comments in green below.
>
> Sara
>
> *sara bockey*
>
> *sr. policy manager | **Go**Daddy^™ *
>
> *sbockey at godaddy.com 480-366-3616*
>
> *skype: sbockey*
>
> /This email message and any attachments hereto is intended for use
> only by the addressee(s) named herein and may contain confidential
> information. If you have received this email in error, please
> immediately notify the sender and permanently delete the original and
> any copy of this message and its attachments./
>
> *From: *Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org> on
> behalf of Amy Bivins <amy.bivins at icann.org>
> *Reply-To: *"gdd-gnso-ppsai-impl at icann.org"
> <gdd-gnso-ppsai-impl at icann.org>
> *Date: *Tuesday, January 16, 2018 at 11:15 AM
> *To: *"gdd-gnso-ppsai-impl at icann.org" <gdd-gnso-ppsai-impl at icann.org>
> *Subject: *[Gdd-gnso-ppsai-impl] Summary of today's privacy/proxy IRT
> call, IRT action items
>
> Dear Colleagues,
>
> Thanks so much for your active participation on today’s privacy/proxy
> IRT call. If you were unable to attend, I encourage you to listen to
> the recording, which is available on the wiki,
> https://participate.icann.org/p8nkvqvkvyr/
>
> Today we began reviewing the most recent round of IRT member comments
> on the PPAA specifications. Some high-level notes regarding our
> discussions are below. *Please send any additional input you have on
> the topics discussed today to the list no later than the end of this
> week. *Next week, we will pick up where we left off today on the LEA
> disclosure framework specification.
>
> *Specification 1: Customer Data Accuracy Specification*
>
> Issue 1: Re: IRT member comment—this specification needs to be
> revisited, confusing as to how this is impacted by Affiliate/TPP status
>
> _Proposed Solution:_ Move Section 3 to the beginning of this
> specification.
>
> It is not necessarily that Section 3 needs to be moved to the
> beginning, but that it should be asserted in the first paragraph that
> if you are an Affiliated Provider and therefore your Affiliated
> Registrar is performing or has already preformed this task, the entire
> Specification does not apply to you. To me, this Specification is for
> Non-Affiliated Providers.
>
> Issue 2: Should Section 1 be edited to add an additional trigger—when
> the privacy and/or proxy service is enabled?
>
> _Rationale:_ PP Service could be turned on in response to a WHOIS
> accuracy complaint, resulting in the shielding of potentially
> inaccurate information instead of validation/verification.
>
> _IRT Feedback on this proposal was mixed. Additional feedback is
> requested._
>
> __
>
> I’m concerned that this creates new policy, at least as related to
> non-affiliated providers. This issue would need to be sent to the GNSO
> for consideration.
>
> Issue 3: In Section 5, IRT member recommended that all references to
> registrars to terminate or suspend should be removed.
>
> _Rationale: _Registrars are not bound by this contract.
>
> _IRT Feedback:_ At a minimum, registrars should be notified if PP
> service is suspended or terminated due to inaccurate customer contact
> information. This will trigger registrar obligations under the RAA to
> validate/verify.
>
> Issue 4: In Section 6, does addition of “by Registrar” solve issue
> (to clarify that PP provider cannot place names on clientHold or
> TransferProhibited status)?
>
> _IRT Feedback seemed to support this change._
>
> *Specification 2: Registration Data Directory Service Labeling
> Specification*
>
> Issue 1: Is this specification attempting to require retention of this
> data, or to simply identify what information should appear in WHOIS
> for PP registrations? Assuming the latter, this specification should
> be updated (perhaps in introductory language in Section 1, and
> potentially moving up section 3) to clearly note this purpose. In
> addition, labeling requirements for “registrant organization” field
> should be added as an example in Section 1.
>
> Sections 3.2.1 and 3.5.3 should also be reviewed to ensure consistency
> across contract text, data retention specification and this specification.
>
> *Specification 3: Consensus Policies and Temporary Policies Specification*
>
> Issue 1: Feedback from Theo Geurts (Re: Section 1.2.1)—how does a
> privacy service endanger the security or stability of the internet?
>
> _Comments on today’s call:_**IRT member comment—this should only be
> included if there is a specific purpose for this; Other IRT
> members—there are instances where someone acting in a manner that
> could endanger security/stability may be hiding behind a PP service
>
> _Proposed Next Steps:_ If no further IRT feedback to the contrary,
> reasons to keep this section appear to have been identified.
>
> Issue 2: IRT member Feedback Re: Section 1.3—I think we can delete all
> sections in 1.3 as they deal with domain name registrations in general
> rather than providing a privacy service. We could say privacy
> providers should not practice warehousing, but that is not what it
> currently says.
>
> _Comments from today’s call_: At least some of these sections appear
> to be relevant to PP services (see, e.g. Sections 1.3.6)
>
> _Proposed Next Steps:_ If IRT members would like to identify any
> sections that they believe should be deleted, please send specific
> suggestions to the list this week.
>
> *Specification 4: Law Enforcement Authority Disclosure Framework
> Specification*
>
> Issue 1: Proposal to change references to “national or international
> law” to “applicable law”
>
> _Comments from today’s call:_ No issues raised on call
>
> _Proposed next steps: _Update language throughout specification if no
> contrary input from IRT.
>
> Issue 2: Timeline for processing/responding to “high priority” requests
>
> _Current status:_ PPAA draft provides for two business days for
> providers to process LEA requests and ensure they meet minimum
> standards for acceptance (Section 3.2.1). If a request meets criteria
> for “high priority” request, provider must action the request within
> 24 hours (Section 4.1.2)
>
> _Comments from today’s call: _ Timeline for provider responses to high
> priority LEA requests was revisited. PSWG representative stated that
> this is too long. Some Rr representatives on call reiterated prior
> feedback that receipt process may require legal/outside review, and
> that 2 business days is appropriate timeframe.
>
> _Proposed next steps: _This discussion mirrors points raised in prior
> discussions regarding this framework (summary of most recent
> discussions in August, including results of IRT poll regarding
> potential changes from “2 business day” review period, attached). This
> topic will be continued next week. If there is continued disagreement
> among IRT stakeholders after Tuesday’s call, this item will be
> specifically flagged for community input in the call for public comments.
>
> I am concerned that the processing/responding timeline proposed by
> PSWG is beyond the scope of the WG recommendations and creating new
> policy.
>
> Please see Category F of the Final Report. The WG agreed that a point
> of contact should be “designated” rather than a “dedicated” and that
> none of the WG recommendations should be read as being intended to
> alter (or mandate the alteration of) the prevailing practice among P/P
> service providers to review requests manually or to facilitate direct
> resolution of an issue between a Requester and a customer.
>
> Most, if not all, current Service Providers operate M-F, 9-5. They
> are not 24/7 operations. As the request for response within a 24-hour
> period is beyond the prevailing practice of providers, if PSWG wishes
> for this request to be considered, then we need to send the issue to
> the GNSO for consideration. Flagging it for public comment, as
> suggested by staff, is not sufficient.
>
> Best,
>
> Amy
>
> *Amy E. Bivins*
>
> Registrar Services and Engagement Senior Manager
>
> Registrar Services and Industry Relations
>
> Internet Corporation for Assigned Names and Numbers (ICANN)
>
> Direct: +1 (202) 249-7551
>
> Fax: +1 (202) 789-0104
>
> Email: amy.bivins at icann.org <mailto:amy.bivins at icann.org>
>
> www.icann.org <http://www.icann.org>
>
>
>
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing list
> Gdd-gnso-ppsai-impl at icann.org
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180118/633b1d74/attachment-0001.html>
More information about the Gdd-gnso-ppsai-impl
mailing list