[Gnso-epdp-team] Section 4.4.8

Amr Elsadr aelsadr at icannpolicy.ninja
Thu Sep 13 11:44:47 UTC 2018

Hi Alan,

The intention here was to state a principle on which further work down the road may be developed when we eventually get to deliberation on an access model. The principle is meant to provide guidance on a set of specific circumstances, that if met, should allow specific portions of non-public gTLD Registration Data to be shared with specific third-parties, to address specific issues. The objective is to allow this while maintaining compliance with GDPR, or possibly other privacy laws/regulations.

This is not to say that a third-party requires the kind of legal rights or mandate I believe you are describing, as in your comparison between LEAs and independent cybersecurity workers. So yes, ICANN’s Mission does come into play here. In fact, I believe it to be a key factor of consideration. At some point, we’re going to have to deliberate on how that Mission does or does not allow third-parties access non-public Registration Data.

I hope this was helpful.



> On Sep 13, 2018, at 4:55 AM, Alan Greenberg <alan.greenberg at mcgill.ca> wrote:
> I am generally in support of this, but I question the term "grounded in legal bases". It this the legal basis in reference to GDPR  (ie that there needs to be a legitimate demonstrable need to access otherwise private information). Or a legal basis as in reference to law enforcement having a right to demand certain information.
> I can accept the former (if it is made clear), but not the latter. ICANN's Mission-defined interest in ensuring that security and stability of the DNS (and by implication, the trusted nature of the DNS) may create a need for cybersecurity workers to have access to certain data, but there is no LAW that gives them that right.
> Alan
> At 11/09/2018 04:33 PM, Alex Deacon wrote:
>> Hi All,
>> As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.
>> While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.
>> 4.4.8  Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
>> The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.
>> Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.
>> Alex
>> --
>> ___________
>> Alex Deacon
>> Cole Valley Consulting
>> alex at colevalleyconsulting.com
>> +1.415.488.6009
>> _______________________________________________
>> Gnso-epdp-team mailing list
>> Gnso-epdp-team at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180913/20086b0c/attachment.html>

More information about the Gnso-epdp-team mailing list