[Gnso-epdp-team] Questions regarding disclosure risks

Greg Aaron greg at illumintel.com
Thu Sep 19 18:52:25 UTC 2019

Let’s let Sarah say what Sarah meant.  I want to understand the terms she’s using.

Sarah, by “responding party” do you mean “the decision-maker about disclosure”?




From: Mueller, Milton L <milton at gatech.edu> 
Sent: Thursday, September 19, 2019 2:12 PM
To: Greg Aaron <greg at illumintel.com>; 'Sarah Wyld' <swyld at tucows.com>; gnso-epdp-team at icann.org
Subject: RE: [Gnso-epdp-team] Questions regarding disclosure risks


I think it was pretty clear that Sarah was referring to the debate over who makes the actual disclosure decision. As you surely recall, we had debated whether it would be ICANN or registrars. Given that choice, I think Sarah’s two scenarios define the decision space very well. 




From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org <mailto:gnso-epdp-team-bounces at icann.org> > On Behalf Of Greg Aaron
Sent: Thursday, September 19, 2019 10:13 AM
To: 'Sarah Wyld' <swyld at tucows.com <mailto:swyld at tucows.com> >; gnso-epdp-team at icann.org <mailto:gnso-epdp-team at icann.org> 
Subject: Re: [Gnso-epdp-team] Questions regarding disclosure risks


Sarah, what do you mean by “responding party”?  For example so your scenarios assume that ICANN is acting in a specific legal capacity?


I ask because depending on what you mean, there may be other scenarios.


All best,




From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org <mailto:gnso-epdp-team-bounces at icann.org> > On Behalf Of Sarah Wyld
Sent: Wednesday, September 18, 2019 3:18 PM
To: gnso-epdp-team at icann.org <mailto:gnso-epdp-team at icann.org> 
Subject: [Gnso-epdp-team] Questions regarding disclosure risks


Hello all,

During the recent EPDP face-to-face meetings in Los Angeles, several members of the working group expressed a desire to position ICANN as the responding party to requests for disclosure of non-public registration data. 

In order to fulfill this request, one of two things must be true. Either:

1.	ICANN Org maintains a current (<24 hours) copy of the entire RDS database; or
2.	ICANN has some mechanism (contract clause) to compel the Contracted Party to disclose the data to ICANN or the requestor 

These potential scenarios raise the following questions:

1.	In the first scenario, does ICANN accept the legal risks and operational costs of maintaining its own replica of all RDS data for gTLDs? If not, how would those risks and costs be addressed? 
2.	In the second scenario, will ICANN “relay” disclosed data between the requestor and the Registry/Registrar?
3.	What should be done in situations where ICANN instructs the Registry/Registrar to disclose data (either to ICANN or the requestor), but the contracted party has determined that the request is not legitimate and refuses? Is this matter referred to ICANN compliance? 

Thank you, 

Sarah Wyld
Domains Product Team
+1.416 535 0123 Ext. 1392
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190919/d409f27c/attachment.html>

More information about the Gnso-epdp-team mailing list