[Gnso-epdp-team] Notes and action items - EPDP Phase 2 Meeting #51
Caitlin Tubergen
caitlin.tubergen at icann.org
Thu Apr 2 17:11:16 UTC 2020
Dear All,
Please find below the notes and action items from today’s EPDP Team meeting.
As a reminder, the next meeting will be Thursday, 9 April at 14:00 UTC for three hours.
Best regards,
Marika, Berry, and Caitlin
High-level Notes and Action Items
Public comment review
It is the responsibility of all EPDP Members to read the Public Comment Review Tools (PCRT) in their entirety to ensure all comments are considered.
The discussion tables are a tool to aid the Team’s review, but are not meant to replace the PCRTs.
As the Team reads through the PCRTs, please consider: Based on the comments / concerns flagged, what changes should be considered to this specific section?
Following the group’s review of the PCRTs, please provide input on what changes should be considered (if any) in the discussion table google docs using suggestion mode.
Recommendation 9 – SLAs:
Support Staff to consider the discussion for Priority 1 and Priority 2 requests and formulate an update, considering the Team’s discussion by Thursday, 7 April.
Mark Sv. to review Priority 3 concerns and propose an update, factoring in today’s discussion, by Thursday, 7 April.
Mark Sv. and Volker to review the clarifications in the Recommendation 9 Discussion table and provide additional guidance by Thursday, 7 April.
EPDP Team to review the remaining items in the Recommendation 9 Discussion table, e.g., Mean Response Times and Review of Targets and provide feedback into the Discussion Table by Thursday, 7 April.
Recommendation 1 - Accreditation – all groups to review the PCRT, considering what changes should be made based on comments received, and input suggestions into the Discussion Table, by COB Tuesday, 7 April.
Recommendation 2 – Accreditation of Governmental Entities – GAC representatives to review the PCRT, considering what changes should be made based on comments received, and input suggestions into the Discussion Table by COB Tuesday, 7 April.
EPDP Phase 2 - Meeting #51
Proposed Agenda
Thursday 2 April 2020 at 14.00 UTC
1. Roll Call & SOI Updates (5 minutes)
2. Confirmation of agenda (Chair)
3. Welcome and housekeeping issues (Chair) (5 minutes)
4. Recommendation #9 - Determining Variable SLAs for response times for SSAD (45 minutes)
Consider EPDP Team Input on Discussion Table
Urgent Requests
Concern a has already been discussed at length
Threshold question: if several groups have already expressed the concern, does that mean that it cannot be changed?
Answer: Focus should be on new information that would change the group's view - has anyone changed their opinion as a result of the input provided?
Concern b – observe if we decide to go down this path, but not advocating that we do, we should be mindful that law enforcement is typically acting under an expedited scenario.
Concern e – business days being calculated by the CP would result in a fragmented system.
Concern a - Believe we did provide comments that were not discussed. For urgent requests, these do not stop on the weekend. Bodily injury does not take a break over the weekend.
Concern about the review process – we may not be working from the same assumptions
Disagree that the purpose of comments is to find out if critical mass should change the recommendations. Comments are used to solicit input, perspectives, and data that was not available to the working group during its deliberations. What we are looking for here: something we have not seen before or heard before
Issues with respect to the priority and who sets the priority – this is very unclear.
How can this be resolved? This is a hard question b/c we are up against a tough deadline.
In the age of COVID-19, cybercriminals have used this pandemic to abuse the DNS. Two days has not been an acceptable time – this needs to be changed
When comments come in, you have to look at them and think about them. There may be situations where public comments can and should influence the team to change its mind
Concern b – this should be assessed and standardized by the central gateway
General point on urgent requests and timing – if fast SLAs are a challenge, that is all the more reasoning to have centralization and automation
A number of comments have indicated concern with 1 business day, others have concern with how an urgent request can be confirmed as truly urgent - how can those two concerns be brought together and addressed through updates to the recommendation.
There needs to be a common body – the CGM where there is a standardized definition of what urgent will be – there needs to be a centralized decider
Priority 2
These should be automated, and two business days is not automated
With regard to a, no opinion at this time.
C – do not agree with this – this is an implementation issue
E – do not think this is relevant
G – this only applies to providers, not complainants
H – this should be handled by the IRT
Concern c – regarding automation from Day 1 – the capability of automation is one thing, and having a policy that requires automation is different
It will be hard to provide deadlines in the final report
If there are specific deadlines, this will be problematic – need a gradient that takes into account the various factors that are in play
6(1)(b) may not be relevant – encourage the team to read through these guidelines: https://edpb.europa.eu/our-work-tools/our-documents/smernice/guidelines-22019-processing-personal-data-under-article-61b_en - paragraphs 27 - 34
There is a policy decision to automate these types of requests – is the team now rethinking this?
All policies of ICANN are still under the requirements with local laws that we also have to follow – still need to go through a balancing test, depending on who the UDRP is filed by
Might recommend that the GNSO Council could send this to the RPMs PDP
Bewildered by this conversation, since the Team agreed to automate these in the automation section of the report – if there are legal concerns, we have asked a question to outside counsel, so maybe we should wait for the legal advice to help inform our decision
When you start talking about categories of requests – people are underestimating the broad range of quality within a request – some of the requests, even if nominally fitting into a category, are not legal
We do not know as to when the timing starts – just b/c an automated review says that box A-D are complete, does not mean that is a complete request – it will still need to be looked at. Running of the SLAs is already problematic.
Feedback from EPDP Team
Confirm next steps
Priority 3
First three points – very clear position of no – that is not what is discussed and agreed to – the tech-related comments – we are still dealing with registration data. If there is higher fraud on the weekend, knowing the registration data will not completely eliminate the fraud
Do not agree with G – this is not an error.
F – agree with this comment – if a request in a language the registrar does not support, this is a concern – this should be addressed in the IRT.
In reference to longer term research, the team has not had enough time to debate the research.
Concerns C & D – raise a good point about requests that do not fall into the urgent category but should still have a higher priority – phishing, malware, fraud – consumer protection related to the DNS. Proposal – create a separate category that prioritized phishing, malware, and fraud above the 5-day SLA response time
The numbers are more or less arbitrary – there is one year before any of this goes into effect – we have more time to determine what the numbers will be. That should be kept in mind when this is reviewed.
The reason we’re talking about a hybrid model and not a centralized model – since we received that letter, the Belgian DPA clarified its preference for a centralized decision maker – invite CPH colleagues to rejoin this conversation – if the CP is not making the decisions, it doesn’t need to worry about the SLA. A longer number of days will not work for the entities that need to process this data.
A very substantial part of the EPDP team does not and will not support a centralized model. In concern d, no one thinks that any major category of request will be priority 3 – everyone wants priority 1 and wants data immediately if they can get it – that is not viable. Most WHOIS queries will be Priority 3 – if we keep things that way, Priority 3 will be responded to relatively quickly
There is always a concern that everything will become Priority 1 and Priority 3 will become an empty set – reading the public comments does not mean that everything should be priority 1, it just means that the proposed SLA is too long.
5. Recommendation #1 - Accreditation & Recommendation #2 – Accreditation of Governmental entities (30 minutes)
Overview / run through of recommendation #1 discussion table and recommendation #2 discussion table
Feedback from EPDP Team
Confirm next steps
Recommendation 1 - Accreditation – all groups to review the PCRT, considering what changes should be made based on comments received, and input suggestions into the Discussion Table, by COB Tuesday, 7 April.
Recommendation 2 – Accreditation of Governmental Entities – GAC representatives to review the PCRT, considering what changes should be made based on comments received, and input suggestions into the Discussion Table by COB Tuesday, 7 April.
6. Wrap and confirm next EPDP Team meeting (5 minutes):
Thursday 9 April at 14.00 UTC. Topic to be addressed: Accreditation
Confirm action items
Confirm questions for ICANN Org, if any
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20200402/1bbfdf3f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20200402/1bbfdf3f/smime-0001.p7s>
More information about the Gnso-epdp-team
mailing list