[IRT.RegDataPolicy] Concerns that proposed solution does not match 7/19 discussion RE: Review RegData complete draft Re: Good News. Urgent Request. IRT supported solution found!
Kapin, Laureen
LKAPIN at ftc.gov
Tue Aug 1 02:21:32 UTC 2023
Hi Owen,
I appreciate your input and agree with you on several points. I believe that there is good intent in the IRT to find a compromise here. I also agree that our goal is to implement the Phase 1 policy, not develop new policy.
Simply stated, I think that there was a mismatch between the compromise described during the call and the proffered IRT language. I participated in the last call and reviewed the recordings and there was not discussion of a three-business day ceiling. The GAC expressed concerns about lengthy timelines in its public comment in the first place and the proffered IRT language maintains the original ceiling of three business days. However, during our last call we focused on a ceiling of two business days.
I propose the following text to ensure that we implement the compromise discussed on the call which involved the “without undue delay, generally 24 hours” and the opportunity to request extensions of up to two business days:
10.6. For Urgent Requests for Lawful Disclosure, Registrar and Registry Operator
MUST respond, as defined in Section 10.7, without undue delay, generally within
24 hours of receipt.
10.6.1. If Registrar or Registry Operator cannot respond to an Urgent Request for Lawful Disclosure within 24 hours, it MUST notify the requestor within 24 hours of receipt of an Urgent Request for Lawful Disclosure of the need for an extension to respond.
10.6.2 Registrar or Registry Operator’s extension notification to the requestor MUST include (a) confirmation that it has reviewed and considered the Urgent Request for Lawful Disclosure on its merits and determined additional time to respond is needed, (b) rationale for why additional time is needed (including if a request is complex or the Registrar or Registry Operator received a large number of requests), and (c) the time frame it will respond, as required by Section 10.7, which cannot exceed two (2) business days from the time of the initial receipt of the request.
For context, here is what ICANN Org offered after it assessed the public comments:
10.6. For Urgent Requests for Lawful Disclosure, Registrar and Registry Operator
MUST acknowledge and respond without undue delay, but no more than 24
hours from receipt. If responding to an Urgent Request for Lawful Disclosure is
complex, or a large number are received by Registrar or Registry Operator, it
MAY extend the time for response up to an additional one (1) business day from
the date of receipt of the Urgent Request for Lawful Disclosure, provided it gives
notice to the requestor within the initial 24 hour period and explains the need for
an extension of time.
This construct shows that original structure comprised an initial period and one additional opportunity for an extension, not two.
I ask that folks review the recordings and then seriously consider this PSWG revision. We believe it is faithful to the compromise reached during the call.
Kind regards,
Laureen Kapin
Assistant Director for International Consumer Protection
Office of International Affairs
Federal Trade Commission
lkapin at ftc.gov
From: Owen Smigelski <owen.smigelski at namecheap.com>
Sent: Wednesday, July 26, 2023 1:17 PM
To: Kapin, Laureen <LKAPIN at ftc.gov>
Cc: Dennis Chang <dennis.chang at icann.org>; irt.regdatapolicy at icann.org
Subject: Re: [IRT.RegDataPolicy] Concerns that proposed solution does not match 7/19 discussion RE: Review RegData complete draft Re: Good News. Urgent Request. IRT supported solution found!
Hi Laureen,
Although I did not attend the last IRT meeting, I have been in close consultation with my registrar colleagues.
It needs to be made clear that this was a REAL compromise for registrars as it allows taking additional time to respond if necessary. Conducting the balancing test is not as simple as reviewing an abuse complaint (as many have repeatedly explained), and the penalties of improper disclosure are significant. We thus need the flexibility if certain situations require more than 24 hours.
Getting rid of the previously agreed upon text of one business day puts us back in a situation where there is no compromise and the registrars will not be able to accept what was agreed to last week.
On behalf of the RrSG, I would formally like to raise the concern that it appears that the IRT is being used to develop policy rather than implement recommendations. Others have expressed this concern, and the registrars support efforts to ensure that the final policy aligns with the recommendations.
Regards,
Owen
On Jul 25, 2023, at 11:34, Kapin, Laureen via IRT.RegDataPolicy <irt.regdatapolicy at icann.org> wrote:
CAUTION: This email originated from outside the organization. Do not click links unless you can confirm the sender and know the content is safe.
Dear Dennis and colleagues,
We appreciate the effort the IRT members and staff have taken to get us to this point. I was very grateful for thoughtfulness and flexibility demonstrated during the call. Nevertheless, the Public Safety Working Group colleagues on the 7/19/23 call (myself, Chris, and Gabe) don’t think the current draft has accurately captured the agreement reached during our discussion because it identifies two separate timelines for extensions of time to respond to urgent requests. I understood our discussion as creating a unified timeline for most requests (“without undue delay, generally within 24 hours”) and then a single opportunity to for an up-to-2 business day extension. The circulated version creates two opportunities and timelines for an extension and creates the potential for a longer total timeline to respond (now 3 business days).
I reviewed the recording (most relevant part starts at minute 50) and believe it supports my understanding, particularly Thomas’s distillation of the key components of our agreement toward the end of the discussion.
I note that part of the misunderstanding seems to have arisen because the current version, for the first time, separates out the timeline for urgent requests into three separate subsections. The public comment version for urgent requests was set forth in its entirety in10.6. Org’s changes to this provision after the public comment period were also set forth in their entirety in 10.6. These were never broken out or considered as stand-alone components of the urgent request timeline. They were only broken out and separated in the version circulated yesterday.
Our 7/19 discussion was focused on the entirety of the timeline to respond and setting a ceiling or limit on the response time. The PSWG participants did not view the discussion as just focusing on a partial ceiling that could be extended not one but two times for a total of three business days. Regarding a ceiling for response times, such a result would put us in a worse position than what Dennis had recently proposed (3 calendar days).
For clarity, I think 10.6. and 10.6.1 accurately sets forth our discussion:
10.6. For Urgent Requests for Lawful Disclosure, Registrar and Registry Operator
MUST respond, as defined in Section 10.7, without undue delay, generally within
24 hours of receipt.
10.6.1. If Registrar or Registry Operator cannot respond to an Urgent Request for
Lawful Disclosure within 24 hours, it MUST notify the requestor within 24
hours of receipt of an Urgent Request for Lawful Disclosure of the need
for an extension to respond. Registrar or Registry Operator’s extension
notification to the requestor MUST include (a) confirmation that it has
reviewed and considered the Urgent Request for Lawful Disclosure on its
merits and determined additional time to respond is needed, (b) rationale
for why additional time is needed, and (c) the time frame it will respond,
as required by Section 10.7, which cannot exceed two (2) business days
from the time of the initial receipt of the request.
However, I don’t recall that we discussed an additional amount of time beyond the two-business day total response time. Indeed, I thought the whole goal of our discussion was to create a single ceiling beyond the “without undue delay,” generally w/in 24 hours, which we ultimately agreed would expire at 2 business days from receipt. So, I was surprised to see 10.6.2:
10.6.2. In addition to the extension provided for in Section 10.6.1, if responding to
an Urgent Request for Lawful Disclosure is complex, or a large number of
requests are received by Registrar or Registry Operator, it MAY extend
the time for response up to an additional one (1) business day provided it
notifies the requestor within (2) business days from the time of the initial
receipt of the request of the updated time frame to respond explaining the
need for an additional extension of time.
The reason that I’m concerned is that we’re now back to a scenario where urgent requests could take three business days to respond to which is what the GAC objected to in its public comment as inconsistent with the nature of an “urgent” request.
I think this needs further discussion because I don’t think the current draft accurately reflects what we discussed on 7/19. My suggestion would be to either:
1. Delete 10.6.2 or
2. Add the concepts of “complex” and “large number” to 10.6.1 as part of the rationale that may be shared to justify an extension of time to respond to an urgent request.
I suggest that we need an additional call unless this can be resolved via email.
Kind regards,
Laureen Kapin
Assistant Director for International Consumer Protection
Office of International Affairs
Federal Trade Commission
lkapin at ftc.gov
From: IRT.RegDataPolicy <irt.regdatapolicy-bounces at icann.org> On Behalf Of Dennis Chang via IRT.RegDataPolicy
Sent: Monday, July 24, 2023 5:24 PM
To: irt.regdatapolicy at icann.org
Subject: [IRT.RegDataPolicy] Review RegData complete draft Re: Good News. Urgent Request. IRT supported solution found!
Dear IRT,
Attached is a completed draft of the Registration Data Policy including the last two outstanding sections.
Section 4.0: Policy Effective Date reflecting the 6+12 plan for the 18-month implementation timeline.
Section 10.6: Urgent Request reflecting the solution supported at the IRT meeting last week. (see email below)
I believe we now have a good policy that is aligned with all 34 recommendations we will work together to implement.
EPDP Phase 1 recommendations (29) May 2019
EPDP Phase 2 Priority 2 Recommendations (4) June 2021
Supplemental Recommendation (1) March 2022
As we discussed at our last IRT meeting, we don’t plan on more IRT meetings before we publish our policy in August 2023.
We’ll notify you of the publication date after we have coordinated with our publication team. We may have more IRT meetings after we publish to coordinate and collaborate our implementation, but that decision will come later. For now, we will focus on getting this policy published.
If you have questions or comments, I request they be submitted in separate emails with Subject line defining the topic.
It will help us to collect the information as we address them together.
Thank you all once again and I hope you all support the attached policy language for publication and implementation.
Gratefully your,
Dennis Chang
From: "IRT.RegDataPolicy" <irt.regdatapolicy-bounces at icann.org> on behalf of "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy at icann.org>
Reply-To: Dennis Chang <dennis.chang at icann.org>
Date: Friday, July 21, 2023 at 8:40 AM
To: "irt.regdatapolicy at icann.org" <irt.regdatapolicy at icann.org>
Subject: Re: [IRT.RegDataPolicy] RegData IRT Good News. Urgent Request requirement. IRT supported solution found!
Dear IRT,
If you haven’t heard already, we did it!
We found a solution to Urgent Request supported by IRT at our 90 minutes focused working session this week.
Thank you so much for not giving up and working as a team to find this solution. It was impressive to see people still listening to one another, appreciating the different views, and truly collaborating to build on ideas to find the compromised solution. A great demonstration of One Team against the problem.
What was that solution?
* 24 hours. Respond in 24 hours with the info or an explanation for more time needed.
* 2 Business Days. No more than 2 Business Days to Respond.
How did this happen?
First, thanks to Roger and RrSG for the planting the seed with using both 24 hours and 2 business days in the solution.
Instead of outright rejecting it, Laureen and others suggested that we build on it.
Thomas came in with a key ingredient – the explanation.
Initially, we discussed all the options but created this new one listening to the “interest” behind the positions.
Business Days was important because of the business realities in various regions around the world.
While Calendar Days sets global time consistency, the team agreed that cultural sensitivity to regions was more important.
The dread of “silence” with undetermined timeline using “Business Days” was solved with the promise of a response in 24 hours with an explanation. Thanks to Gabriel expressing the “dread” so eloquently. Overall, it was an exciting finale overcoming the toughest challenge for us.
As promised, we’ll draft the policy language using the IRT supported requirements and comeback to you, but I wanted to send you this quick note to express my sincere gratitude for wonderfully responding.
I thank those guests that joined to support us too. I noted Ashley, RrSG Chair and Becky, ICANN Board and others supporting us behind the scenes. Please convey our sincere appreciation to your team back home too.
THANK YOU!
Dennis S. Chang
GDD Programs Director
Phone: +1 213 293 7889
Sykpe: dennisSchang
www.icann.org<http://www.icann.org/> One World – One Internet
********************
CAUTION:
This email originated from outside the organization. Do not click
links unless you can confirm the sender and know the content is safe.
********************
_______________________________________________
IRT.RegDataPolicy mailing list
IRT.RegDataPolicy at icann.org
https://mm.icann.org/mailman/listinfo/irt.regdatapolicy
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20230801/03164bf6/attachment-0001.html>
More information about the IRT.RegDataPolicy
mailing list