[Gnso-epdp-team] SSAD as a means of publishing non-personal data

Alan Greenberg alan.greenberg at mcgill.ca
Thu Apr 22 14:02:50 UTC 2021

At 2021-04-22 09:10 AM, Volker Greimann wrote:
>1. SSAD was approved by the PDPD consensus, by the GNSO council with 
>sufficient votes and by the board. It will exist. If it does not, we 
>will be forced back to the drawing board for another couple of years 
>and the status quo will persist. If you prefer that over SSAD, go 
>ahead and kill SSAD.

This is not about my trying to kill the SSAD. At this point, the 
Board needs to make a decision, and presumably it will not just 
blindly rubber-stamp the GNSO recommendations. And iyou are not 
addressing proposing a solution that is at best several years out to

>2. This would be questions for the implementation phase, but maybe 
>some guidance would be helpful to put people here at ease. I do not 
>think there needs to be authentication for basic SSAD access. The 
>terms currently in place for domain name registration are fully 
>sufficient for that access level: Validation of format of the data, 
>verification of email address, valid payment method. This would be 
>my personal view.
>3. As this access level would require significantly lower barriers 
>than full access, fees for this type of requests could be lower as 
>well. For comparison, requests for data from the German trade 
>register cost medium one-digit EUR amounts per request. The added 
>benefit is that this common type of request could carry a base cost 
>load for the system, allowing lower overall costs for all requests. 
>Only leaving SSAD for personal data would on the other hand drive up 
>costs. The more we include in SSAD, the better the price structure should be.

OK, so you are proposing a fee-based system for such requests.

>4. If we do need another PDP (not convinced that we do) this could 
>be pre-determined and targeted. If we all agree now that we want 
>this to happen, debate the specifics before the PDP is launched, the 
>time needed for the actual PDP could be minimal.

Fine. Adding several more years...

>5. To the contrary, there are a myrad of advantages: Use of existing 
>infrastructure, lower overall SSAD fees, better protection of 
>registrants, access controls, prevention of harvesting for illicit 
>purposes (SPAM, phishing, etc) , requestor ID, reduced risk for CPs, 
>no need to build out yet another system for a sub-category of domain 
>names, no data transfer liability issues, etc. The list goes on and on...
>Volker A. Greimann
>General Counsel and Policy Manager
>T: +49 6894 9396901
>M: +49 6894 9396851
>F: +49 6894 9396851
>W: <http://www.key-systems.net/>www.key-systems.net
>Key-Systems GmbH is a company registered at the local court of 
>Saarbruecken, Germany with the registration no. HR B 18835
>CEO: Oliver Fries and Robert Birkner
>Part of the CentralNic Group PLC (LON: CNIC) a company registered in 
>England and Wales with company number 8576358.
>This email and any files transmitted are confidential and intended 
>only for the person(s) directly addressed. If you are not the 
>intended recipient, any use, copying, transmission, distribution, or 
>other forms of dissemination is strictly prohibited. If you have 
>received this email in error, please notify the sender immediately 
>and permanently delete this email with any files that may be attached.
>On Thu, Apr 22, 2021 at 8:02 AM Alan Greenberg via Gnso-epdp-team 
><<mailto:gnso-epdp-team at icann.org>gnso-epdp-team at icann.org> wrote:
>There continues to be discussion regarding using the SSAD as a means
>of "publishing" non-personal data.
>I believe that this discussion is a distraction that takes focus from
>what we should be working on. I say this for the following reason.
>1. The SSAD does not exist, it may never exist, and if the Board does
>approve it, it will likely take several years to implement (remember
>we are 2 years into the implementation of Phase 1, and there is no
>centralized hardware/software to design and implement for that).
>2. Although we specified that anyone may be accredited, it is not at
>all clear the amount of time it will take, nor what fee might be
>charged. And unless the system allows accreditation without
>authenticating the identity, this precludes anonymous queries.
>3. We specified that the SSAD must be self-funding and that the users
>must pay for its operating costs. Are those in favour of using the
>SSAD for public data publishing proposing fees for such requests, or
>no fees, and if the latter, who will pay for this usage?
>4. There are multiple details of Phase 2 Recommendation 8 for
>Contracted Party Authorization that simply make no sense in this
>case, yet are part of the approved policy. And changing that policy
>requires a PDP.
>5. There does not seem to be any benefit of routing public-data
>requests through the SSAD with its myriad rules, regulations and
>processes when a vanilla RDAP server will suffice.
>Gnso-epdp-team mailing list
><mailto:Gnso-epdp-team at icann.org>Gnso-epdp-team at icann.org
>By submitting your personal data, you consent to the processing of 
>your personal data for purposes of subscribing to this mailing list 
>accordance with the ICANN Privacy Policy 
>and the website Terms of Service 
>You can visit the Mailman link above to change your membership 
>status or configuration, including unsubscribing, setting 
>digest-style delivery or disabling delivery altogether (e.g., for a 
>vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20210422/cfd445e4/attachment.html>

More information about the Gnso-epdp-team mailing list