[Gnso-epdp-team] Questions for clarification

Mueller, Milton L milton at gatech.edu
Thu May 21 20:51:01 UTC 2020


Janis,
This is a surprising message, to put it mildly. This expression of concern about the consistency of ICANN’s mission with its proposed role in the SSAD is a sudden and rather suspicious departure from nearly two years of ICANN Org statements and activities.

Here is a quote from an Oct 2019 report issued by ICANN (not us), about a proposed UAM (https://www.icann.org/en/system/files/files/unified-access-model-gtld-registration-data-25oct19-en.pdf):
“The purpose of this document is to describe a possible model for access to non-public domain name registration data in gTLDs... In this proposed Unified Access Model (UAM), ICANN org would take on the responsibilities associated with the operation of a central gateway through which requests for access to non-public registration data would be accepted and processed. (emphasis added)
There are other statements in that report which explicitly mention a role for ICANN in accrediting requestors.

Continuing, how many times have we been told by ICANN Org that WP29 and other European authorities expected “ICANN to develop and implement a model that will enable legitimate uses by relevant stakeholders, such as law enforcement, of personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of those data.” The quote there is from a June 2019 letter from Goran Marby to Richard Green, head of the G7 High Tech Crime subgroup. I do not recall any questions about straying from mission being raised at that time.

Here is an Aug 2018 blog post from Mr Marby with much the same message: https://www.icann.org/news/blog/possible-unified-access-model-published-for-community-input

Are we now expected to believe that after two years of actively pushing for a centralized UAM/SSAD, that ICANN org has suddenly become deeply concerned about the possibility that the functions required to implement it are not within its mission? Are we really supposed to take these concerns seriously and spend time on them?

Perhaps there is something I am missing. I would be happy to be enlightened as to what it is.

Until I hear evidence to the contrary, my conclusion is that we do not need to reevaluate our assumptions, and we certainly do not need to give ICANN org the unearned authority to challenge or validate them. ICANN itself is the source of those assumptions. I think we need to ask ICANN for an honest explanation of why it is raising these concerns now, and what it hopes to accomplish by doing so.

Dr. Milton L Mueller
Georgia Institute of Technology
School of Public Policy
[IGP_logo_gold block]



From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of Janis Karklins
Sent: Thursday, May 21, 2020 2:22 PM
To: Goran Marby <goran.marby at icann.org>; EPDP <gnso-epdp-team at icann.org>
Cc: gnso-epdp-lead at icann.org
Subject: [Gnso-epdp-team] Questions for clarification

Dear Goran,

During recent meetings the EPDP Team has been examining public comments received on its Initial Report. Recommendations in the Initial Report are based on certain assumptions. For instance, the EPDP Team has been working under the assumption that ICANN Org (or its designee) would be the Accreditation Authority, and, accordingly, would be responsible for enforcing accredited SSAD users’ compliance with the Accreditation Policy, Acceptable Use Policy, etc. In addition, it is assumed that ICANN Org would perform the Central Gateway function.

Today’s discussion revealed that the Team’s assumptions may not be entirely correct. It was suggested that ICANN Org may have concerns regarding, for example, how this enforcement responsibility fits within its Mission and Bylaws as it is not yet clear how the contractual relationships would be structured between the Central Gateway Manager and accredited users, noting ICANN Org enforcement currently only occurs between ICANN Org and Contracted Parties where a direct contractual relationship exists.

It was also suggested that communication with ICANN Org would be useful to confirm all assumptions the Final report will be based on. In light of this, could ICANN Org please provide clarifications on the following questions:
If SSAD becomes an adopted consensus policy, would ICANN Org will perform the Accreditation Authority function?
If SSAD becomes an adopted consensus policy, would ICANN Org will perform the central Gateway function?
If SSAD becomes an adopted consensus policy, would ICANN Org enforces compliance of SSAD users and involved parties with its consensus policy?

Additionally, could ICANN Org please confirm the EPDP Team’s assumption that ICANN Org and Contracted Parties are joint controllers regarding disclosure of registration data through the SSAD?

As the EPDP Team needs further information to prepare its final recommendations, we would appreciate answers, if possible, by Friday, May 29. Thank you in advance.

Best regards
JK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20200521/0b16476b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18822 bytes
Desc: image001.png
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20200521/0b16476b/image001-0001.png>


More information about the Gnso-epdp-team mailing list