[Gnso-epdp-team] Notes and action items - EPDP Phase 2 Meeting #18 - 5 September 2019
Sarah Wyld
swyld at tucows.com
Fri Sep 6 18:09:30 UTC 2019
Please find attached the RrSG input on the BC-3 use case, our text is
in-line with white background.
Thank you,
--
Sarah Wyld
Domains Product Team
Tucows
+1.416 535 0123 Ext. 1392
On 9/5/2019 1:23 PM, Caitlin Tubergen wrote:
>
> Dear EPDP Team,
>
>
>
> Please find notes and action items from today’s EPDP meeting below.
>
>
>
> As a reminder, our next EPDP meeting will be on Monday, 9 September at
> 15:30 UTC (08:30 local time). Safe travels to Los Angeles!
>
>
>
> Best regards,
>
>
>
> Marika, Berry, and Caitlin
>
>
>
> --
>
> *EPDP Phase 2 - Meeting #18*
>
> *Thursday, 5 September 2019*at 14.00 UTC
>
>
>
> *_Action Items_*
>
>
>
> 1. EPDP Leadership to distribute an initial draft F2F agenda by
> Saturday, 5 September (morning, European time).
> 2. EPDP Team to provide feedback on the initial proposal of the
> agenda by 15:00 UTC on Sunday, 8 September in order for feedback
> to be considered during the EPDP Leadership Team’s further
> refinement of the F2F agenda.
> 3. Chris Lewis-Evans to modify agreed-upon changes to LEA-2 use case.
> Following these updates, this use case will be parked.
> 4. EPDP Team Members to provide input to BC-3 in writing by tomorrow,
> 6 September. Margie to edit the use accordingly in advance of the
> F2F meeting. Please find a link to the Google Doc here: Identify
> owner of abusive domains and other related domains involved in
> civil legal claims related to phishing, malware, botnets, and
> other fraudulent activities (BC 3)
> <https://community.icann.org/download/attachments/111386876/BC-3%20Use%20Case%20-%20Investigate%20Abusive%20Domain.docx?version=1&modificationDate=1562486157000&api=v2>.
>
> *_ _*
>
> *_Notes _*__
>
> /These high-level notes are designed to help the EPDP Team navigate
> through the content of the call and are not meant as a substitute for
> the transcript and/or recording. The MP3, transcript, and chat are
> provided separately and are posted on the wiki at:
> https://community.icann.org/x/ZwPVBQ./__
>
>
>
> EPDP Phase 2 - Meeting #18
>
> Thursday, 5 September 2019 at 20.00 UTC
>
>
>
> 1. * Roll Call & SOI Updates* (5 minutes)
>
>
>
> · Attendance will be taken from Zoom
>
> · Remember to mute your microphones upon entry to Zoom.
>
> · Please state your name before speaking for transcription
> purposes.
>
> · Please remember to review your SOIs on a regular basis and
> update as needed. Updates are required to be shared with the EPDP Team.
>
> · Farzaneh Badii noted she has recently changed employers and
> is no longer working at the Internet Governance Project
>
>
>
> 2. *Confirmation of agenda* (Chair)
>
>
>
> · Proposal from Janis to review Item 6 after housekeeping.
>
>
>
> 3. *Welcome and housekeeping issues*(Chair) (5 minutes)
>
>
>
> a) Legal committee update
>
>
>
> · As noted last week, the four questions in Batch 1 were
> transmitted to Bird & Bird last Thursday.
>
> · Bird & Bird estimated that it could provide guidance on the
> four questions by the end of this week so that the Team can have the
> guidance going into its F2F meeting next week.
>
> · After reviewing the questions, Bird & Bird came back with
> two clarification questions, and the Legal Committee agreed to the
> responses during its last call.
>
>
>
> b) Letter to Goran re. questions for input prior
> to F2F meeting
>
> · The EPDP Team’s questions to the Strawberry Team were
> submitted to Goran
>
> · Goran responded noting that he is busy with preparation of
> the Board retreat and is therefore not able to provide answers by
> today; however, he is looking forward to speaking to the Team during
> the F2F meeting.
>
>
>
> 4. * Use case – second/final reading*: Investigation of
> criminal activity against a victim in the jurisdiction of the
> investigating EU LEA requesting data from a local data
> controller[docs.google.com]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com_document_d_1bm8sdjrNHvNgftMK4f8s-2DU81FlNSIe2TVNlQKCXZy5k_edit&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=_mVL-GaXnYh6zYbiXgemvPuXwKwPhCr8HhOWxjPlzqE&s=dCgrGyK9nAfgXiv1pnMsp51wM1sNobHTybLo8U3_TFw&e=>.
> (LEA 2) (15 minutes)
>
>
>
> a. Overview of updates made in response
> to input received (GAC)
>
> b.Feedback from EPDP
> Team (subsection by subsection)
>
> · Subsection B
>
> · 6(1)(c) and 6(1)(f) are listed here, but later in the
> document (in Subsection G) a balancing test is referenced, but there
> is no balancing test required for 6(1)(c)
>
> · Note in subsection G, a reference to 6(1)(f) will be added.
>
> · Subsection E
>
> · Section 2.2d - this supporting lawful basis appears to be
> mistaken
>
> · This just refers to the processing the LEA is carrying out.
>
> · Subsection J
>
> · Could the Team make a note here to start with a national
> authority here, and have the gov’t perhaps through their GAC rep say
> this is or is not a real law enforcement in a jx?
>
> · A national body could exist to authenticate others, but this
> does not exist currently.
>
> · Subsection O
>
> · In a situation like this, a CP may need to contact external
> counsel, which could take longer than two business days, so there is
> now a reference to an agreed time scale.
>
> · Is there a common understanding of automated substantive
> response? If not, perhaps replace “yes” with “maybe”.
>
> · Answer: no.
>
> c. Confirm next steps
>
> Action item: Chris Lewis-Evans to modify agreed-upon items during this
> call, and this use case will be parked.
>
>
>
> 5. *Use case – first reading*: Identify owner
> of abusive domains and other related domains involved in civil legal
> claims related to phishing, malware, botnets, and other fraudulent
> activities (BC 3)
> <https://community.icann.org/download/attachments/111386876/BC-3%20Use%20Case%20-%20Investigate%20Abusive%20Domain.docx?version=1&modificationDate=1562486157000&api=v2>(30
> minutes)
>
>
>
> a) Intro to use case and overview of how/where
> this use case is different from SSAC 3 (BC)
>
>
>
> · The purpose of this use case relates to investigation,
> detection, and bringing civil claims regarding abusive domain names.
>
> · The SSAC use case, instead, deals with investigation and
> mitigation - it does not include bringing civil cases.
>
> · The SSAC use case deals mostly with criminal-related
> investigations, and this use case deals with civil claims.
>
> · Data elements - all data is used to identify other malicious
> domain names.
>
> · Lawful basis - still waiting for legal advice related to
> some of these legal bases. Establishment of legal claims is referred
> to as an exception under GDPR to certain types of processing.
>
> · There needs to be a trust accreditation that has been
> verified; this is not something that is open to anyone.
>
> · Subsection J - for accreditation, individuals and entities
> seeking accreditation should agree that data will be used only for
> legitimate and lawful purposes, terms related to use of data. There
> may be enhanced accreditation fees.
>
>
>
> b) Feedback from EPDP Team
>
>
>
> General Comments:
>
> · This use case could be divided b/w the first SSAC use case
> and a law enforcement use case.
>
> · This use case deserves discussion in Los Angeles b/c it
> takes a different spin. It does not seem to be accreditation-based and
> there is monetary compensation referenced. This use case creates more
> questions than answers.
>
> · This use case is dealing with companies trying to protect
> their own networks.
>
> · This use case seems to be proposing an access fee for large
> players that would give them access to data similar to the old WHOIS
> system.
>
> · This would involve queries that are specific to a known
> abusive domain name, not unlimited access to the database.
>
> · One job of the EPDP Team is to understand what options are
> allowable under the law. Figuring out what is allowable under the law
> is not the same as reverting to the old WHOIS system.
>
> · This use case is not asking for new functionality - this is
> something that is considered in the new gTLD program
>
> · Subsection C
>
> · For tech contact, the postal address will not be used for
> Tech Contact anymore.
>
> · Third bullet point (other domain names linked to
> registrant’s contact fields) - this gets into reverse WHOIS look-ups,
> which is problematic
>
> · May need legal advice here - if you obtain contact info for
> a domain name engaged in bad activity - receiving names based on
> identical contact information seems to be OK. This may be ripe for
> legal advice.
>
> · Reverse WHOIS look-ups is not a matter of ICANN policy, so
> this is out of scope for this team’s work. This could become a PDP in
> the future but does not warrant getting legal advice.
>
> · Subsection D
>
> · Everything except 6(1)(f) is likely to run afoul of any
> interpretation of the law
>
> · Subsection F
>
> · Concerns - if you are representing that you are using the
> data for a certain purpose and then not following through with that,
> you may be abusing the system. This is something that needs to be
> monitored and part of the safeguards.
>
> · This is an issue but may not be indicative of abuse, but
> monitoring this would be extremely difficult
>
> · If an entity requests data for pursuing a claim and then
> doesn’t pursue it, it should be required to delete the data.
>
> · Remedial action is taken if the data is not used for its
> claimed purpose.
>
> c) Confirm next steps
>
> · Action items: EPDP Team Members to provide input in writing
> by tomorrow, 6 September. Margie to edit the use accordingly in
> advance of the F2F meeting.
>
>
>
> 6. * **LA F2F Meeting*(20 minutes)
>
>
>
> a) Review proposed schedule and priorities identified
>
>
>
> · Support Staff circulated a survey, asking members to
> prioritize topics for F2F
>
> · Support Staff also circulated a list of outstanding issues,
> asking the Team to draft initial write-ups for the outstanding issues
>
> · Thanks to all for their patience as we learn to use a new
> tool (Clicktools)
>
> · The survey results have been posted in the chat.
>
> · In reviewing the document, please refer to the mean results
> and focus on the lowest numbers, which indicates the items voted as
> highest priority.
>
> · There is a clearer indication of preference if you look at
> the building blocks.
>
> · There is a clear priority to discuss authentication and
> accreditation.
>
> · The Leadership Team will also look at open questions and
> issues noted in the comments section when building the agenda.
>
> · Janis’ current thinking, which is subject to change as the
> agenda is built out, is to start with a general overview and if the
> Team views the SSAD in the same way conceptually. The Team would then
> review the building blocks that are seen as the highest priority. The
> Team would then meet with the CEO and Strawberry Team.
>
> · In terms of planning the program, it would be helpful to
> define objectives and things that need to be resolved in sequence as
> opposed to setting arbitrary time blocks for reviewing items on an agenda.
>
> · Janis will distribute an outline of the program by Saturday
> morning, European time.
>
> · Action item: EPDP Team to provide feedback on the initial
> proposal of the agenda by 15:00 UTC on Sunday, 8 September so any
> feedback can be factored in while the EPDP Leadership Team further
> refines the agenda.
>
>
>
> b) Confirm materials to be reviewed / expected
> preparations
>
> c) Confirm next steps
>
> · Action item: EPDP Team to provide feedback on the initial
> proposal of the agenda by 15:00 UTC on Sunday, 8 September so any
> feedback can be factored in while the EPDP Leadership Team further
> refines the agenda.
>
>
>
> 7. *Any other business*(5 minutes)
>
>
>
> · When will the EPDP meetings be held during ICANN66?
>
> · To review the current draft GNSO schedule, please see
> https://docs.google.com/spreadsheets/d/1JimSyz5laTsRNDN4CvyhPTQdCQYxfMrCro7_GjrTWqY/edit#gid=1857571399
>
> · Note this schedule is still a work in progress, but the
> all-day Saturday session is set in stone.
>
> · There is a plenary (high interest topic) session that
> focuses on the EPDP.
>
> · What are the start and end times for each day of the F2F?
>
> · Answer: sessions will start at 08:30 local time and end at
> 17:30 local time for Monday and Tuesday, and 08:00-3:00pm (late lunch
> to be served at 2pm) Wednesday
>
>
>
> 8. *Wrap and confirm next EPDP Team
> meeting*(5 minutes):
>
> a) Welcome reception LA F2F meeting on Sunday 8
> September, 18.00 – 19.30 local time (Doubletree)
>
> b) Confirm action items
>
> c) Confirm questions for ICANN Org, if any
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190906/9e8a3d0f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RRSG Feedback - BC-3 Use Case - Investigate Abusive Domain.pdf
Type: application/pdf
Size: 261697 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190906/9e8a3d0f/RRSGFeedback-BC-3UseCase-InvestigateAbusiveDomain-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190906/9e8a3d0f/signature-0001.asc>
More information about the Gnso-epdp-team
mailing list