[gnso-rds-pdp-wg] Notes from RDS PDP WG Meetings at ICANN58 (reformatted)
Farell Folly
farellfolly at gmail.com
Tue Mar 21 09:49:10 UTC 2017
Dear all,
Thanks (Lisa) for this comprehensive report, well done. I wish I was at
ICANN58.
Following the conclusion and as per action item #1 I would suggest that
such report be broadcast out in an attached file instead. My feeling is
that putting everything inside an e-mail like this make it long and then
too difficult to comment and reply. In a well structured file report, we
can have sections and chapters and make it easier for navigation, so
whenever we want to comment something we just recall the section and
paragraph accordingly.
Maybe It as an accepted way (agreed) way to send the full report in an
email within this WG, or maybe my siggestion is already taken into account,
If so I apologise and will update. Otherwise, I am sure that comments (even
inline) won't always be easy and is not an usable option for long e-mails.
Best Regards
@__f_f__
about.me/farell
________________________________.
Mail sent from my mobile phone. Excuse for brievety.
Le 21 mars 2017 05:45, "Lisa Phifer" <lisa at corecom.com> a écrit :
> Dear all – (Apologies, this reformatted email replaces previous
> Outlook-mangled message)
>
>
>
> Below please find notes from the two RDS PDP WG F2F meetings at ICANN58.
>
>
>
> To recap action items:
>
> *Action Item #1: *Staff to investigate additional techniques to draw WG
> member attention to Action Items and Poll Invitations.
>
> *Action Item #2: *WG members assigned to ask questions of data
> commissioners on Monday.
>
> *Action Item #3: *Test by polling the three above-proposed updates to the
> draft Statement of Purpose. Staff to launch the poll after the conclusion
> of RDS PDP WG F2F meetings.
> *Action Item #4: *All WG members to participate in the poll before COB
> Saturday 26 March. Poll results to be reviewed during the 28 March WG
> meeting.
>
> *Action Item #5: *Peter Kimpian to gather answers to the 19 WG questions
> from the panelists and provide them (if possible) prior to the next WG call
> on 28 March 2017.
>
>
>
> *This week’s poll link:* *https://www.surveymonkey.com/r/D6SP37R
> <https://www.surveymonkey.com/r/D6SP37R> (closes COB 26 March)*
>
>
>
> Best regards,
>
> Lisa
>
>
>
> *Notes - RDS PDP WG Meetings at ICANN58*
>
> *These high-level notes are designed to help PDP WG members navigate
> through the content of these meetings and are not meant as a substitute for
> the transcripts and/or recordings. The MP3, transcript, and Adobe Connect
> recording are provided separately and are posted on the wiki here:*
>
> *Saturday 11 March: **http://sched.co/9npN* <http://sched.co/9npN>* and *
> *https://community.icann.org/x/GbLRAw*
> <https://community.icann.org/x/GbLRAw>
> *Wednesday 15 March: **http://sched.co/9npc* <http://sched.co/9npc>* and *
> *https://community.icann.org/x/HbLRAw*
> <https://community.icann.org/x/HbLRAw>
>
> *Many WG members also attended a cross-community discussion with Data
> Commissioners. The MP3, transcript, and Adobe Connect recording of that
> session can be found here: **http://sched.co/9nnl* <http://sched.co/9nnl>
>
> *Notes - RDS PDP WG Meeting – Saturday 11 March, 2017*
>
> 1. Introductions
>
> - Please state your name before speaking and remember to mute your
> microphones when not speaking
> - WG members in attendance introduced themselves
>
> 2. PDP Work Plan, Progress, and Status
>
> - Briefly introduced work plan (*https://community.icann.org/x/oIxlAw*
> <https://community.icann.org/x/oIxlAw>), recent progress, and current
> task:
>
> o Task 12.a: Deliberate on Possible Fundamental Requirements for these
> charter questions:
>
> - Users/Purposes: Who should have access to gTLD registration data and
> why?
> - Data Elements: What data should be collected, stored, and
> disclosed?
> - Privacy: What steps are needed to protect data and privacy?
> - Review of work plan and overview of progress to date/current
> status including:
> - Focus on “thin” data
> - Deliberation on possible fundamental requirements regarding
> users/purposes
> - What data elements should be collected, stored and disclosed
> - Privacy and data protection considerations
> - Results of polls used to determine rough consensus among WG
> members – interim conclusion reached with no final decisions yet made
>
> · As per the work plan, initial report on phase 1 of the PDP will
> use rough consensus to determine 5 fundamental requirements
>
> · Noted that we are starting with Key Concepts – latest version of
> this working document is always posted at
> *https://community.icann.org/x/p4xlAw*
> <https://community.icann.org/x/p4xlAw>
>
> *· *Highlighted initial points of rough consensus reached since
> ICANN57, reflected in that working document. Refer to
> *ICANN58-RDS-PDP-WG-Slides-Final.pdf*
> <https://community.icann.org/download/attachments/64074265/ICANN58-RDS-PDP-WG-Slides-FinalRev.pdf?version=1&modificationDate=1489227048000&api=v2>*
> (slides 4-8)*
>
> · Regarding agreement #14, on what basis did the group conclude
> that existing policies do NOT sufficiently address compliance with laws
> about purpose? What jurisdiction was assumed? No jurisdiction was assumed,
> but we know that in some jurisdictions, policy is not compliant, so
> therefore we need to do more (that is, current policy is not sufficient for
> all jurisdictions).
>
> · When was agreement #14 discussed? In the February 14 call,
> followed by a poll in which 86% agreed with this statement. However, note
> that some WG members missed that call due to conflicting meetings.
>
> · Request to highlight action items and poll invitations to help
> WG members notice them amongst all the long email threads (e.g., separate
> mailing list, actions at top of meeting notes)
>
>
>
> *Action Item #1: *Staff to investigate additional techniques to draw WG
> member attention to Action Items and Poll Invitations, such as including
> them at the top of emails containing WG meeting notes.
>
>
>
> · Has the WG developed criteria for what makes a purpose
> legitimate yet? No. So far we have discussed only legitimate purposes for
> COLLECTION of THIN DATA. However, we still need to get to KEY CONCEPTS
> around what makes a purpose legitimate (criteria, etc.)
>
> · It is difficult to reach agreement on purposes without a better
> feeling for the consequences of identifying purposes as legitimate,
> primary/secondary, etc. Is this putting the cart before the horse? Hoping
> to get answers to these questions from data commissioners panel.
>
> · International Association of Chiefs of Police (IACP)
> <http://www.theiacp.org/Portals/0/documents/pdfs/2016%20FINAL%20Resolutions.pdf>
> member introduced the IACP’s recent resolution on WHOIS
> <http://www.theiacp.org/Portals/0/documents/pdfs/2016%20FINAL%20Resolutions.pdf>
> – was an update to the IACP’s last resolution, issued 5 years ago. The WG
> chair encouraged the IACP to join the WG and participate in this PDP.
>
> 3. PDP Working Session
>
> a. Finalize WG preparations for Cross-Community session with Data
> Commissioners
> RDSPDP-QuestionsForDataCommissioners-7March2017.pdf
> <https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2>
>
>
>
>
> · Overview of 19 questions developed to present during
> cross-community session with data commissioners (Monday, 13 March)
>
> · Questions sent to Becky Burr who will be moderating the
> cross-community session
>
> · Working group members assigned to questions for data
> commissioners – monitor whether or not questions were asked and answered
> during the session (or perhaps answered without being directly asked)
>
> · Discussion with data commissioners will continue during session
> on Wednesday, 15 March
>
> *Action Item #2: WG members assigned to ask questions of data
> commissioners on Monday:*
>
> · Tim Chen: Purpose
>
> · Rod Rasmussen: Registration Data Elements
>
> · Alex Deacon: Access to Registration Data for Criminal and Abuse
> Investigations
>
> · Vicky Sheckler: Personal Privacy/Human Rights
>
> · Kiran Malancharuval: Jurisdiction
>
> · Susan Kawaguchi: Compliance with Applicable Laws
>
> · Ayden Ferdeline: Consumer Protection
>
> b. Continue deliberation on Purpose:
>
> *Question 2.3: What should the over-arching purpose be of collecting,
> maintaining, and providing access to gTLD registration (thin) data?*
>
> - Review results of 7 March Poll on Purpose:
> SummaryResults-Poll-on-Purpose-from-7MarchCall.pdf
> <https://community.icann.org/download/attachments/64074265/SummaryResults-Poll-on-Purpose-from-7MarchCall.pdf?version=1&modificationDate=1489222898000&api=v2>
> - Q2: primary point of disagreement is about whether data is
> authoritative or RDS is authoritative source of data
>
> · “Authoritative” has a technical meaning – access to the real
> database, not a copy of it
>
> · Does authoritative imply a requirement to validate the data? No,
> there are separate 2013 RAA requirements on validation.
>
> · Technically it's impossible for the authoritative data to be
> inaccurate with respect to the underlying repository (unless it is
> inaccurate on purpose -- e.g. anonymization)
>
> · From Chat: COMMENT: We debated this at length at the EWG.
> Recreating the wheel here. Also, per Article 29 WP 76 Opinion 2/2003, the
> data needs to be accurate, which during the EWG, we deferred to THICK data.
>
> · The Thick WHOIS WG used this working definition: "Authoritative,
> with respect to provision of Whois services, shall be interpreted as to
> signify the single database within a hierarchical database structure
> holding the data that is assumed to be the final authority regarding the
> question of which record shall be considered accurate and reliable in case
> of conflicting records; administered by a single administrative [agent] and
> consisting of data provided by the registrants of record through their
> registrars."
>
> · Should we be distinguishing between an 'authoritative source of
> the gTLD registration data' and 'authoritative gTLD registration data'?
>
> · Statement of purpose should not imply a particular model for
> storage of data or movement of data between storage locations
>
> · Registration data disseminated through the RDS should be
> authoritative (in the technical sense). That is, the data should be
> obtained from the source considered to be authoritative.
>
>
>
> *Proposed WG Agreement #1:* Replace purpose 2) "*A purpose of RDS is to
> provide an authoritative source of information about, for example, domain
> contacts, domain names and name servers for gTLDs, [based on approved
> policy]" *with "*A purpose of RDS is to* *facilitate dissemination of
> authoritatively-sourced* *gTLD registration data, such as domain names
> and their domain contacts and name servers,* *in accordance with
> applicable policy**."*
>
>
>
> · Q3: Anything that needs to be added to the statement of purpose?
>
> · Somewhere along the line we seem to have lost the point that the
> RDS provides the information about the registry's view of the
> technically-required data for domain name resolution.
>
>
>
> *Proposed WG Agreement #2:* Replace purpose 1) "*A purpose of gTLD
> registration data is to provide information about the lifecycle of a domain
> name" *with "*A purpose of gTLD registration data is to provide
> information about the lifecycle of a domain name* *and its resolution on
> the Internet**."*
>
>
>
> · Regarding comment "d" - The RDS is a directory service.
> Protecting privacy would be a potential feature available.
>
> · Chat proposal to add the following: Purpose of RDS is to support
> domain name registration and maintenance by providing appropriate access to
> registration data to enable a reliable mechanism for identifying,
> establishing and maintaining the ability to contact Registrants.
>
> · For specific purpose 5, we are conflating issues of purpose and
> requirements to fulfill a purpose.
>
>
>
> *Proposed WG Agreement #3:* Replace purpose 5) "*A purpose of RDS policy
> is to facilitate the accuracy of gTLD registration data." w*ith "*A purpose
> of RDS policy is to facilitate* *fulfilling requirements* *for the
> accuracy of gTLD registration data."*
>
>
>
> *Action Item #3: *Test by polling the three above-proposed updates to the
> draft Statement of Purpose. Staff to launch the poll after the conclusion
> of RDS PDP WG F2F meetings.
>
>
>
> *Action Item #4: *All WG members to participate in the poll before COB
> Saturday 26 March. Poll results to be reviewed during the 28 March WG
> meeting.
>
> · The following agenda items were deferred to next meeting (28
> March)
>
> · Finalize Statement of Purpose
>
> · Move on to next topic of deliberation by expanding our focus
> from “thin data” collection to “thin data” access: *Question 2.2: For
> what specific (legitimate) purposes should gTLD registration thin data
> elements be made accessible?*
>
> 4. Confirm action items and proposed decision points
>
> *Action Item #1: *Staff to investigate additional techniques to draw WG
> member attention to Action Items and Poll Invitations.
>
> *Action Item #2: *WG members assigned to ask questions of data
> commissioners on Monday.
>
> *Action Item #3: *Test by polling the three above-proposed updates to the
> draft Statement of Purpose. Staff to launch the poll after the conclusion
> of RDS PDP WG F2F meetings.
> *Action Item #4: *All WG members to participate in the poll before COB
> Saturday 26 March. Poll results to be reviewed during the 28 March WG
> meeting.
>
> *Action Item #5: *Peter Kimpian to gather answers to the 19 WG questions
> from the panelists and provide them (if possible) prior to the next WG call
> on 28 March 2017.
>
>
>
> *Proposed WG Agreement #1:* Replace purpose 2) "*A purpose of RDS is to
> provide an authoritative source of information about, for example, domain
> contacts, domain names and name servers for gTLDs, [based on approved
> policy]" *with "*A purpose of RDS is to facilitate dissemination of
> authoritatively-sourced gTLD registration data, such as domain names and
> their domain contacts and name servers, in accordance with applicable
> policy."*
>
> *Proposed WG Agreement #2:* Replace purpose 1) "*A purpose of gTLD
> registration data is to provide information about the lifecycle of a domain
> name" *with "*A purpose of gTLD registration data is to provide
> information about the lifecycle of a domain name and its resolution on the
> Internet."*
>
> *Proposed WG Agreement #3:* Replace purpose 5) "*A purpose of RDS policy
> is to facilitate the accuracy of gTLD registration data." w*ith "*A purpose
> of RDS policy is to facilitate fulfilling requirements for the accuracy of
> gTLD registration data."*
>
>
>
> *Meeting Materials:* https://community.icann.org/x/GbLRAw
>
> · RDSPDP-QuestionsForDataCommissioners-7March2017.pdf
> <https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2>
> and
> RDSPDP-QuestionsForDataCommissioners-7March2017.docx
> <https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.docx?version=1&modificationDate=1488916450802&api=v2>
>
> · *11MarchMeeting-Handout: *ICANN58-RDS-PDP-WG-Slides-Final.pdf
> <https://community.icann.org/download/attachments/64074265/ICANN58-RDS-PDP-WG-Slides-FinalRev.pdf?version=1&modificationDate=1489227048000&api=v2>
> and *ppt*
> <https://community.icann.org/download/attachments/64074265/ICANN58-RDS-PDP-WG-Slides-FinalRev.pptx?version=1&modificationDate=1489227119000&api=v2>
>
> · KeyConceptsDeliberation-WorkingDraft-7March2017.pdf
> <https://community.icann.org/download/attachments/56986791/KeyConceptsDeliberation-WorkingDraft-7March2017.pdf?version=3&modificationDate=1489036968927&api=v2>
> and doc
> <https://community.icann.org/download/attachments/56986791/KeyConceptsDeliberation-WorkingDraft-7March2017.docx?version=3&modificationDate=1489036982656&api=v2>
>
> · *7 March Call Poll on Purpose -*
>
> · Link to participate: *https://www.surveymonkey.com/r/WLMXDJG*
> <https://www.surveymonkey.com/r/WLMXDJG>
>
> · PDF of Poll Questions: Poll-on-Purpose-from-7MarchCall.pdf
> <https://community.icann.org/download/attachments/64072843/Poll-on-Purpose-from-7MarchCall.pdf?version=1&modificationDate=1488938315379&api=v2>
>
> · SurveyMonkey PDF Summary Poll Results: SummaryResults-Poll-
> on-Purpose-from-7MarchCall.pdf
> <https://community.icann.org/download/attachments/64074265/SummaryResults-Poll-on-Purpose-from-7MarchCall.pdf?version=1&modificationDate=1489222898000&api=v2>
>
> · SurveyMonkey ZIP of Raw Poll Results: RawResults-Poll-on-
> Purpose-from-7MarchCall.zip
> <https://community.icann.org/download/attachments/64074265/RawResults-Poll-on-Purpose-from-7MarchCall.zip?version=1&modificationDate=1489222956000&api=v2>
>
>
>
> *Notes - RDS PDP WG Meeting – Wednesday 15 March, 2017*
>
> 1. Introductions: Guest presenters were introduced to RDS PDP WG:
>
> · Joe Cannataci, UN Special Rapporteur on the right to privacy
>
> · Peter Kimpian, Data Protection Unit of the Council of Europe
>
> 2. Data Protection Expert – Q&A session
>
> · The WG chair briefly introduced our charter and current areas of
> deliberation
>
> · Preface from Joe Cannataci: With regard to future interaction,
> we need to consider sustainability; may wish to set up a group to invite
> experts to join WG discussion formally
>
> · Guest presenters discussed the WG’s list of questions:
> *RDSPDP-QuestionsForDataCommissioners-7March2017.pdf*
> <https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2>
>
> · Discussion with Joe Cannataci on purpose of a next generation
> RDS, including:
>
> · What specifying purpose entails
>
> · Where purpose of data will and will not apply in the RDS
>
> · Criteria that apply to legitimate purposes
>
> · Publication of data elements in the RDS
>
> · Feedback on the WG’s specific purpose #1:
> “A purpose of gTLD registration data is to provide information about the
> lifecycle of a domain name and its resolution on the Internet.”
>
> · Applicability to “thin” versus “thick” data elements
>
> · Differentiation between primary and secondary purposes
>
> · Notes below provide a brief overview of points raised during
> discussion; refer to the *Transcript*
> <http://schd.ws/hosted_files/icann58copenhagen2017/d0/Transcript%20RDS%2015%20March%20Copenhagen.pdf>
> for a complete recap of this Q&A session
>
> Q1. What do you mean when you tell ICANN to specify the purpose of WHOIS?
>
> · Test for purpose should be based on use studies or case studies.
>
> · Whenever you have someone stipulate they want to collect data,
> you must ask why.
>
> · Example of applying for a bank loan or insurance policy to
> assess risk.
>
> · Each bit of information must be in line with purpose.
>
> · Purpose cannot be general or just in case.
>
> · Can only keep records for as long as needed for purpose.
>
> · Purpose questions (and answers) will change over time.
>
> · If you are a bank or telecom developing a new service you must
> define your primary purpose.
>
> · A secondary purpose might be a different service marketed to the
> same client later on.
>
> · It would be good to get definitions for “primary purpose” and
> “secondary purpose.”
>
> · From chat: Australian Privacy Act 1988: "Use or disclosure of
> personal information for a purpose other than the primary purpose of
> collection (being a 'secondary purpose') is permitted under specific
> exceptions where that secondary use or disclosure is ... in the conduct of
> surveillance activities, intelligence gathering activities or monitoring
> activities, by a law enforcement agency"
>
> · The purpose must be clear – for example “in order to enable
> enforcement of specific law”
>
> · If a purpose is provided for by law then a purpose is legitimate.
>
> · For example, the purpose of collection of registrant data might
> be to ensure that the DNS works. There is a belief by some that there
> should be access to that data by others (e.g., those investigating
> cybercrime). Are those secondary purposes? The WG must decide.
>
> · Do you need separate purposes for collection, access, and
> display? Absolutely yes.
>
>
>
> Q2. Under what circumstances might the publication of registration data
> elements that are personal data be allowable?
>
> · Why do you want to publish information? What is the public
> interest in publishing that data?
>
> · For example, why is information about the lifecycle of domain in
> the public interest?
>
> · If data is easily linked to an individual, then it is personal
> data.
>
> · Just because it is personal data doesn’t mean it cannot be in a
> WHOIS record
>
> · No data protection law prohibits publication of personal data
> for legitimate purposes
>
>
>
> Q5. Do you believe that any of the following THIN data elements are
> considered personal information under the General Data Protection
> Directive, and why?
>
> · In this case (thin data example in #5) the data is not personal
> data, but in other cases it might be
>
> · If an individual registers their own name as a domain name, is
> the domain name personal data? WG view: In this case, the individual has
> chosen to publish their name in the DNS. A domain name is required for DNS
> resolution and as the key to the WHOIS record.
>
> · Why is expiration date published in a directory service? Isn’t
> that just of interest to the subscriber? Why is it of legitimate interest
> to others?
>
> · Analogy with telephone directory – in most countries,
> subscribers can opt out of being in the phone directory; why doesn’t that
> apply here?
>
> · There may be other analogies that are more appropriate than a
> telephone directory
>
>
>
> 3. Deferred: *Continuation of Saturday F2F session deliberation, time
> permitting*
>
>
>
> 4. Conclusions and Adjourn
>
> · Plan is to collect answers to the WG’s questions (all 19) from
> the data protection experts who participated in the Monday cross-community
> session.
>
> · In principle, there is broad agreement amongst panelists on the
> answers to the WG’s questions. Responses from data commissioners may be
> published on the WG’s wiki, if helpful.
>
> · Reminder for all WG members to participate in this week’s poll
> no later than COB 26 March.
>
> *Action Item #5: *Peter Kimpian to gather answers to the 19 WG questions
> from the panelists and provide them (if possible) prior to the next WG call
> on 28 March 2017.
>
>
>
> *Meeting Materials:* https://community.icann.org/x/HbLRAw
>
> · RDSPDP-QuestionsForDataCommissioners-7March2017.pdf
> <https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2>
> and
> RDSPDP-QuestionsForDataCommissioners-7March2017.docx
> <https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.docx?version=1&modificationDate=1488916450802&api=v2>
>
> · *11MarchMeeting-Handout (primarily slides 28-37):*
>
> <https://community.icann.org/download/attachments/64074269/ICANN58-RDS-PDP-WG-Slides-FinalRev2.pdf?version=1&modificationDate=1489578526000&api=v2>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170321/b7fc8db0/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list