[IRT.RegDataPolicy] Input on Section 11.6 and Section 10 of the OneDoc.

Alex Deacon alex at colevalleyconsulting.com
Tue Jul 20 00:13:46 UTC 2021 

Team,

A few thoughts on the One Doc.   I've added these as comments in the OneDoc
as well....

*Section 11.6*

The logic in the IRT Workbook Disclosure Logic tab is flawed as it mirrors
the acknowledgement requirements for non-urgent requests (2 business days)
even though the Policy clearly states that a separate timeline is required
for Urgent requests.

We seem to have conveniently forgotten that Urgent requests have been
defined narrowly in Section 3.10.   (*""Urgent Requests for Lawful
 Disclosure” are limited to circumstances that pose an imminent threat to
life, serious bodily injury, critical infrastructure, or child exploitation
in cases where disclosure of the data is necessary in combatting or
addressing this threat. Critical infrastructure means the physical and
cyber systems that are vital in that their incapacity or destruction would
have a debilitating impact on economic security or public safety.*)

A two business day maximum response time (as currently defined) would mean
that a compliant response could take 3 (or more!) calendar days depending
on weekends and holidays and the like.

If we all agree that Urgent requests will only be used as defined in
Section 3.10, then any maximum response time more than 24 hours renders
useless the concept of an "Urgent Request".  This seems unacceptable (and
dangerous!) to me.

*Section 10*

In my OneDoc comment of June 14 - I suggested new first paragraph at the
end of the section must be removed.   We must not add RDAP technical
implementation details into a policy document - this is a terrible and
unuseful idea.

Here is my original comment as an FYI - "The reason we are debating the use
of these words is because we seem to be assuming a particular "data element
delivery" technology.   The policy, and this doc, should be technology
agnostic.   In terms of this doc the terms "shown" and "displayed" are
appropriate (it describes the policy).   Any detail about how a particular
technology should be used (e.g. "must be blank" or "must be null" or "must
not be included") is inappropriate for this doc and should be included in
the RDAP profile doc.     Based on that the additional text added should be
removed."

Regards,
Alex



___________
*Alex Deacon*
Cole Valley Consulting
alex at colevalleyconsulting.com
+1.415.488.6009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20210719/42f96802/attachment.html>

More information about the IRT.RegDataPolicy mailing list