[Gnso-epdp-team] NCSG comments on the final report

Mueller, Milton L milton at gatech.edu
Sat Feb 16 04:16:46 UTC 2019


NCSG has reviewed the 11 Feb final report and attached are our comments. I've also attached them as text below.



15 February 2019

NCSG Comments for the annex of the final EPDP report


The comments that follow pertain only to recommendations where the NCSG strongly disagrees or has important warnings or qualifications. Additional objections to other elements appearing in the report have been withheld due to our desire to reach a consensus policy.

Recommendation #1:

Purposes:

  *   Purpose 2: Disclosure of data to third parties. NCSG continues to maintain that disclosure to third parties is not a valid ICANN purpose for processing domain name registrants’ data. Further, defining disclosure as a purpose is not necessary to disclose redacted data to law enforcement and other third parties with legitimate interests. To achieve consensus on this report, we have accepted this as a “purpose,” but warn that it could be overruled by law.

     *   Consensus guidance: NCSG would like to record its concern. It does not object to this purpose.

  *   Purpose 7: Purpose 7 is not acceptable to NCSG because it would needlessly increase the number of data registration elements in the RDDS or Whois. Some of these data elements could  be very sensitive and personally identifiable. Registries can validate eligibility independently, without use of ICANN’s RDDS/Whois. We were assured by registry operators that such data elements would not go into the RDDS, but since this proceeding concerns RDDS/Whois we believe it is inevitable that the data will go into it.

     *   Consensus guidance: NCSG dissents on this purpose.

Recommendation #2: Research and OCTO

  *   Recommendation 2 states that Phase 2 will consider whether additional purposes should be defined to facilitate carrying out the mission of ICANN’s Office of the Chief Technology Officer (OCTO). Yet OCTO has clearly stated on multiple occasions that it does not need access to personal information of domain name registrants. While we favor seeking legal guidance on ICANN’s ability to use Whois data for research, Rec 2 is too ambiguous and broad and could open the door to bulk access for many third parties (and is actually intended to do so)

     *   Consensus guidance: NCSG dissents on this recommendation.

Recommendation #7: Transfer of registration data elements

  *   Recommendation 7 states “the specifically-identified data elements under “[t]ransmission of registration data from Registrar to Registry” … must be transferred from registrar to registry provided an appropriate legal basis exists and data processing agreement is in place."

     *   Consensus guidance: NCSG can accept this but wishes to emphasize that there may be no valid legal justification for transferring all of these data elements from registrars to registries and inclusion of this recommendation does not imply that there is one.

Recommendation #8:  Transfer to Escrow

  *   As noted in our objection to Purpose 7, additional data elements identified by registries should not be added to escrow.

     *   Consensus guidance: NCSG dissents from Purpose 7

Recommendation #16: Geographic differentiation

  *   The Recommendation says that Registrars and Registry Operators are permitted to differentiate between registrants on a geographic basis, but are not obligated to do so.

  *   NCSG does not recall the group settling on this position. NCSG believes that ICANN’s rules should be uniformly applicable, therefore registries and registrars should be obliged NOT to differentiate.

Recommendation #18: Reasonable access, Timeline, and Criteria

NCSG accepts the recommendation and particularly emphasizes the importance of re-naming this to “Reasonable Requests for Lawful Disclosure of Non-Public Registration Data.” We have the following observations:

  *   Logs of requests: Logs of requests should be provided only to ICANN upon request, on a case by case basis, as stated in purpose 13. The audit function, which has been added to the recommendation 18, is not acceptable.

  *   Logs of the request should only contain information about “confirmation that a relay of the communication between the requestor and the Registered Name Holder has occurred, not including the origin, recipient, or content of the message.”

  *   The distinction between urgent and non-urgent requests and obliging contracted parties to treat requests differently is not acceptable.

  *   We recommend deleting recommendation 18 provisions about logs and responding to urgent requests


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190216/f6298f5f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NCSG comment on the final report.pdf
Type: application/pdf
Size: 77604 bytes
Desc: NCSG comment on the final report.pdf
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190216/f6298f5f/NCSGcommentonthefinalreport-0001.pdf>


More information about the Gnso-epdp-team mailing list