[gnso-rds-pdp-wg] Notes from RDS PDP WG Meetings at ICANN58 (reformatted)
Gomes, Chuck
cgomes at verisign.com
Tue Mar 21 18:05:47 UTC 2017
Thanks for the comments Farell. Sometimes I prefer email and other times attachments depending on what device I am using and the length of the message or attachments. Sometimes I do both to allow recipients the choice.
Chuck
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Farell Folly
Sent: Tuesday, March 21, 2017 5:49 AM
To: Lisa Phifer <lisa at corecom.com>
Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Notes from RDS PDP WG Meetings at ICANN58 (reformatted)
Dear all,
Thanks (Lisa) for this comprehensive report, well done. I wish I was at ICANN58.
Following the conclusion and as per action item #1 I would suggest that such report be broadcast out in an attached file instead. My feeling is that putting everything inside an e-mail like this make it long and then too difficult to comment and reply. In a well structured file report, we can have sections and chapters and make it easier for navigation, so whenever we want to comment something we just recall the section and paragraph accordingly.
Maybe It as an accepted way (agreed) way to send the full report in an email within this WG, or maybe my siggestion is already taken into account, If so I apologise and will update. Otherwise, I am sure that comments (even inline) won't always be easy and is not an usable option for long e-mails.
Best Regards
@__f_f__
about.me/farell<http://about.me/farell>
________________________________.
Mail sent from my mobile phone. Excuse for brievety.
Le 21 mars 2017 05:45, "Lisa Phifer" <lisa at corecom.com<mailto:lisa at corecom.com>> a écrit :
Dear all – (Apologies, this reformatted email replaces previous Outlook-mangled message)
Below please find notes from the two RDS PDP WG F2F meetings at ICANN58.
To recap action items:
Action Item #1: Staff to investigate additional techniques to draw WG member attention to Action Items and Poll Invitations.
Action Item #2: WG members assigned to ask questions of data commissioners on Monday.
Action Item #3: Test by polling the three above-proposed updates to the draft Statement of Purpose. Staff to launch the poll after the conclusion of RDS PDP WG F2F meetings.
Action Item #4: All WG members to participate in the poll before COB Saturday 26 March. Poll results to be reviewed during the 28 March WG meeting.
Action Item #5: Peter Kimpian to gather answers to the 19 WG questions from the panelists and provide them (if possible) prior to the next WG call on 28 March 2017.
This week’s poll link: https://www.surveymonkey.com/r/D6SP37R (closes COB 26 March)
Best regards,
Lisa
Notes - RDS PDP WG Meetings at ICANN58
These high-level notes are designed to help PDP WG members navigate through the content of these meetings and are not meant as a substitute for the transcripts and/or recordings. The MP3, transcript, and Adobe Connect recording are provided separately and are posted on the wiki here:
Saturday 11 March: http://sched.co/9npN and https://community.icann.org/x/GbLRAw
Wednesday 15 March: http://sched.co/9npc and https://community.icann.org/x/HbLRAw
Many WG members also attended a cross-community discussion with Data Commissioners. The MP3, transcript, and Adobe Connect recording of that session can be found here: http://sched.co/9nnl
Notes - RDS PDP WG Meeting – Saturday 11 March, 2017
1. Introductions
* Please state your name before speaking and remember to mute your microphones when not speaking
* WG members in attendance introduced themselves
2. PDP Work Plan, Progress, and Status
* Briefly introduced work plan (https://community.icann.org/x/oIxlAw), recent progress, and current task:
o Task 12.a: Deliberate on Possible Fundamental Requirements for these charter questions:
* Users/Purposes: Who should have access to gTLD registration data and why?
* Data Elements: What data should be collected, stored, and disclosed?
* Privacy: What steps are needed to protect data and privacy?
* Review of work plan and overview of progress to date/current status including:
* Focus on “thin” data
* Deliberation on possible fundamental requirements regarding users/purposes
* What data elements should be collected, stored and disclosed
* Privacy and data protection considerations
* Results of polls used to determine rough consensus among WG members – interim conclusion reached with no final decisions yet made
• As per the work plan, initial report on phase 1 of the PDP will use rough consensus to determine 5 fundamental requirements
• Noted that we are starting with Key Concepts – latest version of this working document is always posted at https://community.icann.org/x/p4xlAw
• Highlighted initial points of rough consensus reached since ICANN57, reflected in that working document. Refer to ICANN58-RDS-PDP-WG-Slides-Final.pdf<https://community.icann.org/download/attachments/64074265/ICANN58-RDS-PDP-WG-Slides-FinalRev.pdf?version=1&modificationDate=1489227048000&api=v2> (slides 4-8)
• Regarding agreement #14, on what basis did the group conclude that existing policies do NOT sufficiently address compliance with laws about purpose? What jurisdiction was assumed? No jurisdiction was assumed, but we know that in some jurisdictions, policy is not compliant, so therefore we need to do more (that is, current policy is not sufficient for all jurisdictions).
• When was agreement #14 discussed? In the February 14 call, followed by a poll in which 86% agreed with this statement. However, note that some WG members missed that call due to conflicting meetings.
• Request to highlight action items and poll invitations to help WG members notice them amongst all the long email threads (e.g., separate mailing list, actions at top of meeting notes)
Action Item #1: Staff to investigate additional techniques to draw WG member attention to Action Items and Poll Invitations, such as including them at the top of emails containing WG meeting notes.
• Has the WG developed criteria for what makes a purpose legitimate yet? No. So far we have discussed only legitimate purposes for COLLECTION of THIN DATA. However, we still need to get to KEY CONCEPTS around what makes a purpose legitimate (criteria, etc.)
• It is difficult to reach agreement on purposes without a better feeling for the consequences of identifying purposes as legitimate, primary/secondary, etc. Is this putting the cart before the horse? Hoping to get answers to these questions from data commissioners panel.
• International Association of Chiefs of Police (IACP)<http://www.theiacp.org/Portals/0/documents/pdfs/2016%20FINAL%20Resolutions.pdf> member introduced the IACP’s recent resolution on WHOIS<http://www.theiacp.org/Portals/0/documents/pdfs/2016%20FINAL%20Resolutions.pdf> – was an update to the IACP’s last resolution, issued 5 years ago. The WG chair encouraged the IACP to join the WG and participate in this PDP.
3. PDP Working Session
a. Finalize WG preparations for Cross-Community session with Data Commissioners
RDSPDP-QuestionsForDataCommissioners-7March2017.pdf<https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2>
• Overview of 19 questions developed to present during cross-community session with data commissioners (Monday, 13 March)
• Questions sent to Becky Burr who will be moderating the cross-community session
• Working group members assigned to questions for data commissioners – monitor whether or not questions were asked and answered during the session (or perhaps answered without being directly asked)
• Discussion with data commissioners will continue during session on Wednesday, 15 March
Action Item #2: WG members assigned to ask questions of data commissioners on Monday:
• Tim Chen: Purpose
• Rod Rasmussen: Registration Data Elements
• Alex Deacon: Access to Registration Data for Criminal and Abuse Investigations
• Vicky Sheckler: Personal Privacy/Human Rights
• Kiran Malancharuval: Jurisdiction
• Susan Kawaguchi: Compliance with Applicable Laws
• Ayden Ferdeline: Consumer Protection
b. Continue deliberation on Purpose:
Question 2.3: What should the over-arching purpose be of collecting, maintaining, and providing access to gTLD registration (thin) data?
* Review results of 7 March Poll on Purpose:
SummaryResults-Poll-on-Purpose-from-7MarchCall.pdf<https://community.icann.org/download/attachments/64074265/SummaryResults-Poll-on-Purpose-from-7MarchCall.pdf?version=1&modificationDate=1489222898000&api=v2>
* Q2: primary point of disagreement is about whether data is authoritative or RDS is authoritative source of data
• “Authoritative” has a technical meaning – access to the real database, not a copy of it
• Does authoritative imply a requirement to validate the data? No, there are separate 2013 RAA requirements on validation.
• Technically it's impossible for the authoritative data to be inaccurate with respect to the underlying repository (unless it is inaccurate on purpose -- e.g. anonymization)
• From Chat: COMMENT: We debated this at length at the EWG. Recreating the wheel here. Also, per Article 29 WP 76 Opinion 2/2003, the data needs to be accurate, which during the EWG, we deferred to THICK data.
• The Thick WHOIS WG used this working definition: "Authoritative, with respect to provision of Whois services, shall be interpreted as to signify the single database within a hierarchical database structure holding the data that is assumed to be the final authority regarding the question of which record shall be considered accurate and reliable in case of conflicting records; administered by a single administrative [agent] and consisting of data provided by the registrants of record through their registrars."
• Should we be distinguishing between an 'authoritative source of the gTLD registration data' and 'authoritative gTLD registration data'?
• Statement of purpose should not imply a particular model for storage of data or movement of data between storage locations
• Registration data disseminated through the RDS should be authoritative (in the technical sense). That is, the data should be obtained from the source considered to be authoritative.
Proposed WG Agreement #1: Replace purpose 2) "A purpose of RDS is to provide an authoritative source of information about, for example, domain contacts, domain names and name servers for gTLDs, [based on approved policy]" with "A purpose of RDS is to facilitate dissemination of authoritatively-sourced gTLD registration data, such as domain names and their domain contacts and name servers, in accordance with applicable policy."
• Q3: Anything that needs to be added to the statement of purpose?
• Somewhere along the line we seem to have lost the point that the RDS provides the information about the registry's view of the technically-required data for domain name resolution.
Proposed WG Agreement #2: Replace purpose 1) "A purpose of gTLD registration data is to provide information about the lifecycle of a domain name" with "A purpose of gTLD registration data is to provide information about the lifecycle of a domain name and its resolution on the Internet."
• Regarding comment "d" - The RDS is a directory service. Protecting privacy would be a potential feature available.
• Chat proposal to add the following: Purpose of RDS is to support domain name registration and maintenance by providing appropriate access to registration data to enable a reliable mechanism for identifying, establishing and maintaining the ability to contact Registrants.
• For specific purpose 5, we are conflating issues of purpose and requirements to fulfill a purpose.
Proposed WG Agreement #3: Replace purpose 5) "A purpose of RDS policy is to facilitate the accuracy of gTLD registration data." with "A purpose of RDS policy is to facilitate fulfilling requirements for the accuracy of gTLD registration data."
Action Item #3: Test by polling the three above-proposed updates to the draft Statement of Purpose. Staff to launch the poll after the conclusion of RDS PDP WG F2F meetings.
Action Item #4: All WG members to participate in the poll before COB Saturday 26 March. Poll results to be reviewed during the 28 March WG meeting.
• The following agenda items were deferred to next meeting (28 March)
• Finalize Statement of Purpose
• Move on to next topic of deliberation by expanding our focus from “thin data” collection to “thin data” access: Question 2.2: For what specific (legitimate) purposes should gTLD registration thin data elements be made accessible?
4. Confirm action items and proposed decision points
Action Item #1: Staff to investigate additional techniques to draw WG member attention to Action Items and Poll Invitations.
Action Item #2: WG members assigned to ask questions of data commissioners on Monday.
Action Item #3: Test by polling the three above-proposed updates to the draft Statement of Purpose. Staff to launch the poll after the conclusion of RDS PDP WG F2F meetings.
Action Item #4: All WG members to participate in the poll before COB Saturday 26 March. Poll results to be reviewed during the 28 March WG meeting.
Action Item #5: Peter Kimpian to gather answers to the 19 WG questions from the panelists and provide them (if possible) prior to the next WG call on 28 March 2017.
Proposed WG Agreement #1: Replace purpose 2) "A purpose of RDS is to provide an authoritative source of information about, for example, domain contacts, domain names and name servers for gTLDs, [based on approved policy]" with "A purpose of RDS is to facilitate dissemination of authoritatively-sourced gTLD registration data, such as domain names and their domain contacts and name servers, in accordance with applicable policy."
Proposed WG Agreement #2: Replace purpose 1) "A purpose of gTLD registration data is to provide information about the lifecycle of a domain name" with "A purpose of gTLD registration data is to provide information about the lifecycle of a domain name and its resolution on the Internet."
Proposed WG Agreement #3: Replace purpose 5) "A purpose of RDS policy is to facilitate the accuracy of gTLD registration data." with "A purpose of RDS policy is to facilitate fulfilling requirements for the accuracy of gTLD registration data."
Meeting Materials: https://community.icann.org/x/GbLRAw
• RDSPDP-QuestionsForDataCommissioners-7March2017.pdf<https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2> and
RDSPDP-QuestionsForDataCommissioners-7March2017.docx<https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.docx?version=1&modificationDate=1488916450802&api=v2>
• 11MarchMeeting-Handout: ICANN58-RDS-PDP-WG-Slides-Final.pdf<https://community.icann.org/download/attachments/64074265/ICANN58-RDS-PDP-WG-Slides-FinalRev.pdf?version=1&modificationDate=1489227048000&api=v2> and ppt <https://community.icann.org/download/attachments/64074265/ICANN58-RDS-PDP-WG-Slides-FinalRev.pptx?version=1&modificationDate=1489227119000&api=v2>
• KeyConceptsDeliberation-WorkingDraft-7March2017.pdf<https://community.icann.org/download/attachments/56986791/KeyConceptsDeliberation-WorkingDraft-7March2017.pdf?version=3&modificationDate=1489036968927&api=v2> and doc<https://community.icann.org/download/attachments/56986791/KeyConceptsDeliberation-WorkingDraft-7March2017.docx?version=3&modificationDate=1489036982656&api=v2>
• 7 March Call Poll on Purpose -
• Link to participate: https://www.surveymonkey.com/r/WLMXDJG
• PDF of Poll Questions: Poll-on-Purpose-from-7MarchCall.pdf<https://community.icann.org/download/attachments/64072843/Poll-on-Purpose-from-7MarchCall.pdf?version=1&modificationDate=1488938315379&api=v2>
• SurveyMonkey PDF Summary Poll Results: SummaryResults-Poll-on-Purpose-from-7MarchCall.pdf<https://community.icann.org/download/attachments/64074265/SummaryResults-Poll-on-Purpose-from-7MarchCall.pdf?version=1&modificationDate=1489222898000&api=v2>
• SurveyMonkey ZIP of Raw Poll Results: RawResults-Poll-on-Purpose-from-7MarchCall.zip<https://community.icann.org/download/attachments/64074265/RawResults-Poll-on-Purpose-from-7MarchCall.zip?version=1&modificationDate=1489222956000&api=v2>
Notes - RDS PDP WG Meeting – Wednesday 15 March, 2017
1. Introductions: Guest presenters were introduced to RDS PDP WG:
• Joe Cannataci, UN Special Rapporteur on the right to privacy
• Peter Kimpian, Data Protection Unit of the Council of Europe
2. Data Protection Expert – Q&A session
• The WG chair briefly introduced our charter and current areas of deliberation
• Preface from Joe Cannataci: With regard to future interaction, we need to consider sustainability; may wish to set up a group to invite experts to join WG discussion formally
• Guest presenters discussed the WG’s list of questions:
RDSPDP-QuestionsForDataCommissioners-7March2017.pdf<https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2>
• Discussion with Joe Cannataci on purpose of a next generation RDS, including:
• What specifying purpose entails
• Where purpose of data will and will not apply in the RDS
• Criteria that apply to legitimate purposes
• Publication of data elements in the RDS
• Feedback on the WG’s specific purpose #1:
“A purpose of gTLD registration data is to provide information about the lifecycle of a domain name and its resolution on the Internet.”
• Applicability to “thin” versus “thick” data elements
• Differentiation between primary and secondary purposes
• Notes below provide a brief overview of points raised during discussion; refer to the Transcript<http://schd.ws/hosted_files/icann58copenhagen2017/d0/Transcript%20RDS%2015%20March%20Copenhagen.pdf> for a complete recap of this Q&A session
Q1. What do you mean when you tell ICANN to specify the purpose of WHOIS?
• Test for purpose should be based on use studies or case studies.
• Whenever you have someone stipulate they want to collect data, you must ask why.
• Example of applying for a bank loan or insurance policy to assess risk.
• Each bit of information must be in line with purpose.
• Purpose cannot be general or just in case.
• Can only keep records for as long as needed for purpose.
• Purpose questions (and answers) will change over time.
• If you are a bank or telecom developing a new service you must define your primary purpose.
• A secondary purpose might be a different service marketed to the same client later on.
• It would be good to get definitions for “primary purpose” and “secondary purpose.”
• From chat: Australian Privacy Act 1988: "Use or disclosure of personal information for a purpose other than the primary purpose of collection (being a 'secondary purpose') is permitted under specific exceptions where that secondary use or disclosure is ... in the conduct of surveillance activities, intelligence gathering activities or monitoring activities, by a law enforcement agency"
• The purpose must be clear – for example “in order to enable enforcement of specific law”
• If a purpose is provided for by law then a purpose is legitimate.
• For example, the purpose of collection of registrant data might be to ensure that the DNS works. There is a belief by some that there should be access to that data by others (e.g., those investigating cybercrime). Are those secondary purposes? The WG must decide.
• Do you need separate purposes for collection, access, and display? Absolutely yes.
Q2. Under what circumstances might the publication of registration data elements that are personal data be allowable?
• Why do you want to publish information? What is the public interest in publishing that data?
• For example, why is information about the lifecycle of domain in the public interest?
• If data is easily linked to an individual, then it is personal data.
• Just because it is personal data doesn’t mean it cannot be in a WHOIS record
• No data protection law prohibits publication of personal data for legitimate purposes
Q5. Do you believe that any of the following THIN data elements are considered personal information under the General Data Protection Directive, and why?
• In this case (thin data example in #5) the data is not personal data, but in other cases it might be
• If an individual registers their own name as a domain name, is the domain name personal data? WG view: In this case, the individual has chosen to publish their name in the DNS. A domain name is required for DNS resolution and as the key to the WHOIS record.
• Why is expiration date published in a directory service? Isn’t that just of interest to the subscriber? Why is it of legitimate interest to others?
• Analogy with telephone directory – in most countries, subscribers can opt out of being in the phone directory; why doesn’t that apply here?
• There may be other analogies that are more appropriate than a telephone directory
3. Deferred: Continuation of Saturday F2F session deliberation, time permitting
4. Conclusions and Adjourn
• Plan is to collect answers to the WG’s questions (all 19) from the data protection experts who participated in the Monday cross-community session.
• In principle, there is broad agreement amongst panelists on the answers to the WG’s questions. Responses from data commissioners may be published on the WG’s wiki, if helpful.
• Reminder for all WG members to participate in this week’s poll no later than COB 26 March.
Action Item #5: Peter Kimpian to gather answers to the 19 WG questions from the panelists and provide them (if possible) prior to the next WG call on 28 March 2017.
Meeting Materials: https://community.icann.org/x/HbLRAw
• RDSPDP-QuestionsForDataCommissioners-7March2017.pdf<https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.pdf?version=1&modificationDate=1488916433480&api=v2> and
RDSPDP-QuestionsForDataCommissioners-7March2017.docx<https://community.icann.org/download/attachments/64072843/RDSPDP-QuestionsForDataCommissioners-7March2017.docx?version=1&modificationDate=1488916450802&api=v2>
• 11MarchMeeting-Handout (primarily slides 28-37):
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170321/424de030/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list