[Gnso-epdp-team] Pro-forma Triage Report

Kurt Pritz kurt at kjpritz.com
Tue Aug 21 01:40:24 UTC 2018


Hi Margie: 

Thanks for your point. I don’t think we need to talk about this tomorrow as we will be definitely talking about this as we formulate the contents of the initial report. In my point #2 I was suggesting how an argument for eliminating some of the data redactions might be approached. But I was not requiring that sort of approach. 

What we do need to talk about tomorrow and in the next couple days is releasing the Triage report. For that, my point #1 recommends an approach that I hope can be accepted given that this report is essentially a summation of comments by the Team and not an attempt at consensus. The triage report does not mention an approach on the data redaction issue of anything I raised in point #2.

So I am for a complete discussion on data redaction as you describe but it is not on the critical path for the triage report. 

Thanks and regards,

Kurt



> On Aug 20, 2018, at 6:22 PM, Margie Milam <margiemilam at fb.com> wrote:
> 
> Hi Kurt-
>  
> I think it’s a mistake to take this approach with regard to redaction.   In our view, the appropriate standard needs to be rooted in GDPR.  If GDPR does not require redaction, this is something that should be on the table for discussion in the EPDP (as in data elements for legal persons).
>  
> I propose we talk about this tomorrow.
>  
> All the best,
> Margie
>  
> From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of Kurt Pritz <kurt at kjpritz.com>
> Date: Monday, August 20, 2018 at 4:15 PM
> To: "Mueller, Milton L" <milton at gatech.edu>
> Cc: "gnso-epdp-team at icann.org" <gnso-epdp-team at icann.org>
> Subject: Re: [Gnso-epdp-team] Pro-forma Triage Report
>  
> Hi Everyone: 
>  
> Here is where I am on this.
>  
>  
> 1) Milton made a recommendation that we indicate in the Triage report that, despite the red ink and multiple comments, there are several areas of general agreement on basic principles and in detail. I think this would be helpful for the reader to understand. He included data redaction details as an example of this. 
>  
> Alex pointed out that IPC does not agree with data redaction details; that IPC will seek to have certain data, currently redacted in the temporary specification, to be made publicly available in the successor specification. 
>  
> So we’ll include the sentiment of Milton’s statement but not make a specific reference to data redaction details. The Triage document is to indicate areas of full consensus and not intended to reflect compromise or substantive discussion so, I don’t think inclusion or exclusion of a reference to data redaction will affect the future outcome of our work one way or another.. 
>  
>  
> 2) For our future discussion, I think the argument to take a datum off the redaction list must be carefully made. The reason for taking data off of the redaction list and making it publicly available is that such a publication must be useful in some way. Otherwise, why make the argument? But if it is useful, must it not lead to personal information, i.e., must it not be the very data sought to be barred from publication by GDRP?
>  
> I think the argument to make data publicly available that is currently redacted in the Temporary Specification must be that: 1) it  is useful but 2) will not lead to personal information. If the availability does lead to personal information, discussion of it should be left for the “access” discussion. 
>  
>  
> I hope this is helpful and this is not intended to cut off discussion. 
>  
> Best regards,
>  
> Kurt
>  
>  
>  
>  
> 
> 
> On Aug 20, 2018, at 11:42 AM, Mueller, Milton L <milton at gatech.edu <mailto:milton at gatech.edu>> wrote:
>  
> Alex
> If you group the redactions with 5 or 6 other things you will see some opposition, but if you actually read the comments there was little opposition to the redactions. As I said in the comment I made on 8/14:
>  
> Registrars support redaction “but questions whether this data should continue to be collected as they are not necessary, and do not comply with data minimization principle.” So the registrars are conflating the collection issue with the public display issue here. They do support redaction of the data elements listed in the temp spec.
>  
> So do the Registries. Ry SG comments call attention to the litigation around collection of the redacted data and has some other comments unrelated to the question whether the temp spec’s redaction requirements are acceptable. So again we have a debate about collection rather than display.
>  
> Even the GAC comments do not dispute that the data should be redacted. They call for changing “redacted for privacy” to “redacted for data protection” in the display, and call for additional text with instructions about how to get access to redacted data.
>  
> Both SSAC and IPC also do not question that redaction is required for GDPR compliance but question the scope of the redaction, saying that it may not be necessary in cases where GDPR does not apply (however they overlook or ignore the existence of similar data protection laws in other jurisdictions). 
>  
> [end quote]
>  
> IPC’s initial comments did call for publishing the email address, but it was a lone voice, clearly in the rough, and its position is subject to serious legal challenge. An email address is perhaps the most sensitive data from a security and privacy standpoint. If you don’t redact that, what would you redact, since an email address could be easily used as a search term to gather all the other missing information?  
>  
> You say, “the Temp Spec has over-redacted a number of data elements” but your comments only specify the email address. Please tell us what information you DO support redacting. I am curious to know where we can find agreement. 
>  
> --MM
>  
> From: Alex Deacon [mailto:alex at colevalleyconsulting.com <mailto:alex at colevalleyconsulting.com>] 
> Sent: Sunday, August 19, 2018 12:42 PM
> To: gnso-epdp-team at icann.org <mailto:gnso-epdp-team at icann.org>; Kurt Pritz <kurt at kjpritz.com <mailto:kurt at kjpritz.com>>; Mueller, Milton L <milton at gatech.edu <mailto:milton at gatech.edu>>
> Subject: Re: [Gnso-epdp-team] Pro-forma Triage Report
>  
> Hi Kurt, All, 
>  
> Just catching up on this topic. Its not clear to me how one can come to the conclusion that there was no opposition to redacting the data elements the Temp Spec designates.   
>  
> In Part 2 of the triage, support for Section 5.1, which specifies compliance to Appendix A (where redaction is discussed) resulted in a 66.67% "no" response. ,  In part 1 of the triage, support for Appendix A 2.1-2.3 resulted in 89.98% "no" response,.  Finally, Appendix A 2.4-2.5 received a "no" response rate of 77.78%.     Even if you put aside the response count and look at the responses themselves you will see there is significant disagreement--at least with respect to the IPC (and even BC and GAC although I won't speak for them.)
>  
> As has been our position since the beginning of the these temp spec discussions we believe the Temp Spec has over-redacted a number of data elements. You can read the details for our rational in our response to Question 22 of Part 1 of the triage. However, to summarize:
>  
> First, we believe that it is a misapplication of the GDPR for the Temp Spec to make no distinction between registrants that are legal persons versus natural persons for purposes of data element/field redactions. Second, even for natural person registrants we believe that certain data elements that are designated for redaction should not be redacted. We think at minimum that the registrant's e-mail address, as supplied to and verified by the registrar, should not be redacted. These views have been expressed repeatedly by the IPC, (BC, the GAC and others) over the past months both before and after the Temp Spec was issued.
>  
> Bottom line I respectfully do not agree with this particular takeaway or Milton's suggested modification. We have significant objection to and disagreement with the data elements/fields that the Temp Spec has designated for redaction. 
>  
> For the avoidance of doubt while we do not oppose (and even accept) that some data will be placed "behind a gate" to ensure GDPR compliance we feel continued discussion about which data should be redacted (and when/why) is necessary. 
>  
> Thanks.
>  
> Alex
>  
>  
>  
> On Thu, Aug 16, 2018 at 5:58 AM Kurt Pritz <kurt at kjpritz.com <mailto:kurt at kjpritz.com>> wrote:
> Good amendment, Thanks Milton.
>  
> Kurt
>  
> 
> 
> 
> On Aug 16, 2018, at 5:56 AM, Mueller, Milton L <milton at gatech.edu <mailto:milton at gatech.edu>> wrote:
>  
> Thanks for the draft of the Triage Report, Kurt. Having read only the Exec Summary, I think staff did a very good job of summarizing the "takeaways." I would like for one small amendment to be made, however. In the second paragraph you write:
>  
> "There were several areas of agreement with the underlying principles in several sections of the Temporary Specification (e.g., data redaction)."
>  
> NCSG would like this to be amended to clarify:
>  
> "There were several areas of agreement with the underlying principles in several sections of the Temporary Specification; in particular, there was no opposition to redacting the data elements the temp spec designates."
>  
> Dr. Milton L Mueller
> Professor School of Public Policy
> Georgia Institute of Technology
> <image001.jpg> <https://urldefense.proofpoint.com/v2/url?u=http-3A__internetgovernance.org_&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=5Jj-xpKIHrr7kRx2har48F_kRqbQNTYDbIQJ5L-yK_c&s=Wd1XAokYAut_3fD8o-XiZqyP-KMQ5sWTzn4mq7gya8g&e=>
>  
>  
>  
>   <>
> From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org <mailto:gnso-epdp-team-bounces at icann.org>] On Behalf Of Kurt Pritz
> Sent: Wednesday, August 15, 2018 8:48 PM
> To: GNSO EPDP <gnso-epdp-team at icann.org <mailto:gnso-epdp-team at icann.org>>
> Subject: [Gnso-epdp-team] Pro-forma Triage Report
>  
> Hi Everyone: 
>  
> It was requested that we prepare a “pro forma” Triage Report for review and discussion - a version of the Triage report that might be submitted to the Council when the surveys are completed.
> 
> This represents the work from the first survey, about 30% of the Temporary Specification. So you can see, it will be a fairly long report. 
> 
> The report includes an executive summary, our operating methodology, the summary table of inputs, the issue summaries that were created for each section and an appendix with all written comments. 
> 
> This report hasn’t had sufficient vetting on the leadership-support side yet but I wanted you to see the formatting and level of content as soon as possible.
> 
> I apologize for the font size in the appendix. We will reorganize the table of all comments in some way that is readable in time for the actual publication. 
> 
> We will continue building this report and amending it in accordance with comments and discussion as we go along. Remember that this report is designed to help but not limit, prejudice or restrict our future work. So let’s spend time to make this good, but not perfect. 
> 
> I hope you find this helpful.
> 
> Best regards,
> 
> Kurt
> 
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org <mailto:Gnso-epdp-team at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=5Jj-xpKIHrr7kRx2har48F_kRqbQNTYDbIQJ5L-yK_c&s=tz1v3VokM9GrOwh66xrVcwbiH40OQgU87Qp5_0BC0OM&e=>
>  
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org <mailto:Gnso-epdp-team at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=5Jj-xpKIHrr7kRx2har48F_kRqbQNTYDbIQJ5L-yK_c&s=tz1v3VokM9GrOwh66xrVcwbiH40OQgU87Qp5_0BC0OM&e=>
> 
>  
> -- 
> ___________
> Alex Deacon
> Cole Valley Consulting
> alex at colevalleyconsulting.com <mailto:alex at colevalleyconsulting.com>
> +1.415.488.6009

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180820/3414257d/attachment-0001.html>


More information about the Gnso-epdp-team mailing list