[gnso-rds-pdp-wg] Notes, action items and WG agreements from today's meeting
Gomes, Chuck
cgomes at verisign.com
Wed Mar 1 12:37:58 UTC 2017
Thank you very much Greg for your detailed review of the questions and constructive suggestions. I added some of my personal observations and questions below including some comments on questions that Greg did not comment on.
I encourage others to insert their comments in this thread. If it is easier to send input separately that is okay. But remember to do it by Friday.
Chuck
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Greg Aaron
Sent: Tuesday, February 28, 2017 3:44 PM
To: Lisa Phifer <lisa at corecom.com>; gnso-rds-pdp-wg at icann.org
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Notes, action items and WG agreements from today's meeting
My comments regarding the draft questions are as follows. There are good questions, but need some work to crystallize what they are asking about.
[Gomes, Chuck] I wonder if TB-1 & SP-1 are essentially the same and could be combined. Also, to me TB-3 seems overly broad and hard to answer.
TG-4 is recursive. The regulations state that data may be collected for specified, explicit and legitimate purposes. If the purposes are specified, explicit and legitimate, then there is no violation of Article 6(1)(b). I think what Theo is trying to ask is: under what circumstances may the publication of personal registration data be allowable?
TB-4 , TG-4 , and TG-2 all seem to be asking the same underlying thing and could be consolidated.
VS-1: the question is obscured – can it be clarified? Here’s what I think is being asked: An EU directive requires service providers such as registrars to post contact data for their businesses. If registrars have to do that, does that mean that businesses in the EU could be required to have their contact data displayed in a registration data service?
NC-3: Needs to be re-written, because private cybersecurity firms do not have the ability to obtain court orders in order to obtain evidence. Only law enforcement bodies and prosecutors can obtain court orders in criminal cases.
Also, what about civil cases? They require information as well.
Please note that court orders and subpoenas generally come after a court case is underway. They are not options beforehand, which is when much investigation takes place.
SP-4: This question seems irrelevant or tangential. The 2014 issue was about registrars retaining data for two years after a domain was deleted. In contrast, our WG is talking about displaying data about currently registered domain names. And as far as the 2014 letter to ICANN, its reasoning speaks for itself and I don't see why we would ask them to explain what it says.
[Gomes, Chuck] I believe that SP-6 has already been answered via another PDP so I don’t think we should revisit it. Are the DCs capable of answering the questions in NC-6, i.e., are they the right ones to whom the questions should be directed?
NC-8: I can't follow this one; seems down in the weeds.
TG-5: this one also seems recursive. If the contractual provisions are in keeping with the allowed cases, then there is no problem. What is this question really seeking?
[Gomes, Chuck] I also think that this question is hard to answer without describing what the legitimate grounds are.
[Gomes, Chuck] Without minimizing the value of many of the other questions, I think that the questions in SP-3 & SP-2 are very useful.
[Gomes, Chuck] It seems to me that the question in TB-2 may be very hard for the DCs to answer. I think that they are questions the WG needs to answer once we have a good understanding of the issues.
The parked questions are very hard to understand.
[Gomes, Chuck] Which may be a good reason to not use them unless we can make them clear and useful.
All best,
--Greg
**********************************
Greg Aaron
Vice-President, Product Management
iThreat Cyber Group / Cybertoolbelt.com
mobile: +1.215.858.2257
**********************************
The information contained in this message is privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Lisa Phifer
Sent: Tuesday, February 28, 2017 1:46 PM
To: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Notes, action items and WG agreements from today's meeting
Dear all,
Calling your attention to Action item #1:
WG members requested to provide input on proposed questions to this mailing list by Friday 3 March at the latest.
Attached please find the set of proposed questions introduced during today's WG call. This draft was developed by a small group of WG volunteers as explained in the document itself, in preparation for both the RDS PDP WG's Wednesday F2F session at ICANN58 and the Monday cross-community session with data protection experts.
To make the best use of limited session time, we need to further narrow this draft list down. Feedback on prioritization is especially welcome to help the WG focus on those questions most likely to yield answers that will aid the WG in moving forward.
Best, Lisa
At 11:20 AM 2/28/2017, Marika Konings wrote:
Dear All,
Please find below the notes, action items and WG agreements from today’s meeting. Note that the upcoming WG meetings are scheduled as follows:
* RDS PDP WG Call -- Tuesday 7 March 2017 at 17.00 UTC
* RDS PDP WG F2F -- Saturday 11 March 2017 1:45-4:45 pm - See http://sched.co/9npN for further details.
* RDS PDP WG Wrap-Up -- Wednesday 15 March 2017 1:45-3:00 pm. See http://sched.co/9npc for further details.
Best regards,
Marika
Notes RDS PDP WG meeting 28 February 2017
These high-level notes are designed to help PDP WG members navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at https://community.icann.org/x/HIzRAw
1. Roll call / SOI
· Roll call will be taken from Adobe Connect
· Please state name for transcription purposes and remember to mute your microphone when not speaking
· Call will be chaired by Michele Neylon today
2. Review draft questions to discuss with Data Commissioners in Copenhagen
a. Note WG plans to meet with DCs and Interpol's Caroline Goemans on Wednesday in Copenhagen
· To take advantage of their presence in Copenhagen as well as the relevance to the current WG discussion
b. Susan to introduce draft list developed by small group: Questions for Data Commissioners v5.pdf
· See draft questions shared - more questions suggested than can possibly be asked. Leadership team went through the proposed questions and has re-organised / categorized the questions. A number of questions have been parked for now as may not be a priority or not directly relevant to WG deliberations.
· Need to further narrow list down. Priority should be given to those questions that will aid the WG in moving forward.
· Need to make sure that the questions are laid out in clear simple terms as not all may be familiar with WHOIS or some of the technical terms.
· Some of these questions may be addressed in cross-community sessions, but as it is an open session, there may be many others asking questions. Make sure that in the Wednesday session any questions are covered that are of particular importance to WG's work.
· Wednesday RDS PDP WG session will include guests to help answer these questions: - Joe Cannataci, UN Special Rapporteur on the right to privacy- Caroline Goemans, Interpol Data Protection Officer- TBD, from the European Data Protection Supervisor- Peter Kimpian, Data Protection Unit of the Council of Europe.
Action item #1: WG members requested to provide input on proposed questions by Friday 3 March at the latest. Leadership team to review input and finalise questions for submission to data protection commissioners in advance of Wednesday's WG meeting.
c. Action for WG members to provide feedback on-list by end of the week
3. Continue deliberation on the Purpose charter question:
Question 2.3: What should the over-arching purpose be of collecting, maintaining, and providing access to gTLD registration (thin) data?
a. Review & discuss 22 February poll results: SummaryResults-Poll-on-Purpose-from-22FebCall.pdf
Q2 - should consistency with ICANN's mission be a goal for each RDS Purpose
· In relation to question on not being able to find mission, please see briefing materials from previous session ( https://community.icann.org/download/attachments/64071050/28FebMeeting-Handout.pdf?version=1&modificationDate=1488216756000 )
· Nearly 85% agreed that "Consistency with ICANN's mission" should be a goal for each RDS purpose
· Is it within domain to decide for which secondary purposes data is used? First need to decide what is going to be within RDS. Whether law enforcement is a purpose for collection or access is within the scope of this WG to recommend. Nothing is being foreclosed for now but will need to be further discussed.
Q3 - should consistency with other consensus policies that pertain to gTLDs be a goal for each RDS purpose?
· Just over 70% agreed that "Consistency with other consensus policies that pertain to gTLDs" should be a goal for each RDS purpose.
· End result should definitely be consistency, but this shouldn't unnecessarily constrain the WG.
· Leadership team observations: This WG's policy recommendations may require updates to aspects of other policies that relate directly to WHOIS/RDDS. If this WG's recommendations introduce inconsistencies with other policies, the IRT would be given direction to identify any updates that need to be made to other policies for consistency (e.g., new terminology), superseding other requirements that relate directly to RDDS. Consider possible goal rephrasing to acknowledge this?
Q4 - Should "to provide a framework that enables compliance with applicable laws" be a goal for each RDS purpose?
· Over 85% agreed that "Providing a framework that enables compliance with applicable laws" should be a goal for each RDS purpose.
· Those who disagreed noted that: Not all purposes are related to applicable laws and General laws applicable to a subject matter might not apply in certain cases.
· May wish to suggest adding this as a footnote to the statement of purpose?
b. Action item to capture confirmed agreements in Section 2.3.2 of working draft
· All rough agreements are being added to our working document to help us track points that have been covered. See https://community.icann.org/download/attachments/56986791/KeyConceptsDeliberation-WorkingDraft-22February2017.pdf
c. Resume deliberation on this WG's draft statement of purpose -- see 28FebMeeting-Handout.pdf
· Review draft in light of discussions to date, in particular in relation to the data protection concepts / requirements discussed. Does the draft statement align with those concepts / requirements or should updates be considered?
· #3 - "facilitate" does not necessarily equate to open access
· Concept of accurate data is not a problem from the perspective of data protection legislation. Actually a high level requirement.
· If there is a poll on this statement of purpose, would you be in support or if not, what objections would you be raising?
· Nothing necessarily causing concern but there may be elements missing? WG may need a little bit more time to review.
· Might be issues with how specific these purposes are from a EU data protection perspective? Combination of purposes for RDS and the collection of data may have complicated matters? May need a closer review from a data protection perspective. Possibly ask data protection commissioner's for guidance on how specific purposes must be? Unlikely that they will give specific input on the statement, but more likely to describe purpose in a more general way.
Action item #2: Staff to develop and circulate poll on statement of purpose
4. Confirm action items and proposed decision points
Action item #1: WG members requested to provide input on proposed questions by Friday 3 March at the latest. Leadership team to review input and finalise questions for submission to data protection commissioners in advance of Wednesday's WG meeting.
Action item #2: Staff to develop and circulate poll on statement of purpose
WG Agreement #1: "Consistency with ICANN's mission" should be a goal for each RDS purpose
WG Agreement #2: "Consistency with other consensus policies that pertain to gTLDs" should be a goal for each RDS purpose.
WG Agreement #3: "Providing a framework that enables compliance with applicable laws" should be a goal for each RDS purpose.
5. Confirm next meeting dates:
· RDS PDP WG Call -- Tuesday 7 March 2017 at 17.00 UTC
· Saturday session will be continuation of deliberation, Wednesday session will be devoted to data protection Q&A
· RDS PDP WG F2F -- Saturday 11 March 2017 1:45-4:45 pm - aim to detail agenda with timings so that those that are in other sessions are able to join for the items of main importance. See http://sched.co/9npN for further details.
· RDS PDP WG Wrap-Up -- Wednesday 15 March 2017 1:45-3:00 pm. See http://sched.co/9npc for further details.
Marika Konings
Vice President, Policy Development Support – GNSO,, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<http://learn.icann.org/courses/gnso> and visiting the GNSO Newcomer pages<http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-efforts.htm#newcomers>.
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170301/e83d29fe/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list