[Gnso-epdp-team] Purpose O - preparations for Thursday's EPDP Team meeting

Tue Dec 4 22:50:22 UTC 2018

Dear All,

As per the action items, please find attached the proposed Purpose O - Research and publish reports on threats to the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS, as circulated to the mailing list by Benedict on 15 November (see https://mm.icann.org/pipermail/gnso-epdp-team/2018-November/000897.html).

Note that in relation to registration data used by ICANN departments, ICANN Org also responded to a number of questions from the EPDP Team (see below).

In order to facilitate Thursday’s discussion on this topic, please share any clarifying questions and/or comments you may have in advance of the meeting.

Best regards,

Caitlin, Berry and Marika

Responses from ICANN Org to EPDP Team Question re. use of registration data by other ICANN Departments (see https://community.icann.org/x/ahppBQ):

2. Apart from ICANN Org Compliance, do any other ICANN departments require access to registration data and, as such, might require a specific purpose? If so, please describe in detail sufficient to provide a legal basis for such data processing.

This question seems to be asking about any use by ICANN Org of registration data that is now masked pursuant to the Temporary Specification. One example of an ICANN Org activity that previously used WHOIS data elements that may now be redacted pursuant to the Temporary Specification is the WHOIS Accuracy Reporting System, which is currently under review as discussed with the EPDP Team on 26 September 2018. If additional information is needed it would be helpful if the EPDP Team could please clarify if the question is for information related to such past uses of now-masked registration data, or to any current ICANN Org (apart from Contractual Compliance) uses of non-public data, or to any future uses of non-public registration data that may be needed in order to implement GNSO-recommended policies.

Also, in discussions that the EPDP Team has had regarding purposes, ICANN Office of the CTO (OCTO) has been mentioned. To inform the EPDP Team’s continued discussion on this topic, ICANN Org would like to clarify that ICANN OCTO does not require personal data in domain name registration data for its work. For example, OCTO’s Domain Abuse Activity Reporting (DAAR) project <https://www.icann.org/octo-ssr/daar> uses only the registrar and nameserver information.

3.  Further input is requested to explore how WHOIS was used before the Temp Spec was adopted, in OCTO's activities.  The original Org response does not address that issue. For example, did OCTO use WHOIS in its law enforcement training and outreach activities, or engagement with the cybersecurity community, or to facilitate or respond to large scale botnet attacks, such as Conficker or Avalanche? Individual members may follow up with the CTO for follow up questions, if available at ICANN63.

Regarding the EPDP Team’s follow-up question on how OCTO used WHOIS data for training and outreach activities, prior to the effective date of the Temporary Specification, use of WhOIS data to identify the registrant and the technical data related to a domain name was part of the training materials. The training showed how one could use WHOIS data to attempt to contact a registrant or the hosting provider in cases of compromised machines, etc. Since the Temporary Specification became effective, the training no longer shows one how to use public WHOIS data to contact a registrant, instead as part of the training, a brief overview of where the policy discussions are and how people can get involved in the discussion is provided.

The EPDP Team’s follow-up question also asks how OCTO used WHOIS data for engagement with cybersecurity community, or to facilitate or respond to large scale botnet attacks, such as Conficker or Avalanche. Conficker, Andromeda and other large-scale actions are typically managed by the Law Enforcement agencies, not OCTO. OCTO’s role in those activities does not involve the use of personal data in WHOIS. Those Law Enforcement agencies would be better placed to discuss their operational procedures and the effect of the Temporary Specification on their operations.

Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>

Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181204/5139afc3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Purpose O - Data_Elements_Processing_Workbook - 5 November 2018_clean.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 45187 bytes
Desc: Purpose O - Data_Elements_Processing_Workbook - 5 November 2018_clean.docx
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181204/5139afc3/PurposeO-Data_Elements_Processing_Workbook-5November2018_clean-0001.docx>