[NCAP-Discuss] Remaining Public Comments to Discuss
Michael Puckett
michael.puckett at icann.org
Mon Mar 4 20:40:07 UTC 2024
Hey everyone,
I’m starting a thread for topics from public comments that need to be discussed by the DG. Please see the three main topics below. Regarding ICANN Legal’s brief, the guidance can be integrated within the report either within Section 3.6 Benefits, Potential Harms, and Privacy Considerations of Proposed Methods or as an addendum. The report does not specifically prescribe data collection methods for the TRT but does offer guidance on some available methods. Based on the legal brief, it seems that the DG may be able to meet the legal basis. Data minimization, transparency, and security would be requirements of ICANN org and the TRT. I’ve summarized key sections from the brief, but the link is below as well. Please provide your thoughts and feedback on these comments so we can properly respond to them and make any necessary changes to the report.
Thanks!
Michael Puckett
1. IPV6 support to CI:
* (Rubens Kuhl): The dichotomy suggested in the report between IPv6 and Controlled Interruption is not based on fact-based finding, but on lack of testing. ::1 (meaning ::1/128 as in IPv6 there is no localhost subnet, only a localhost) is a perfectly good solution to add IPv6 support to Controlled Interruption, targeting IPv6-only hosts. I support doing a study with a few key operating systems to confirm its usefulness and lack of side effects before the final report is published, so it gets quicker to a name collision framework without reconvening NCAP DG.
2. Level of specificity on guidance to ICANN Board/org re: TRT operationalization and risk assessment framework implementation:
* Has ICANN org risk management been addressed? Should it be? Are there any community groups or partners that should be called out to aid in providing guidance?
3. Legal/privacy concerns for VI/VIN (Brief<https://itp.cdn.icann.org/public-comment/proceeding/Draft%20NCAP%20Study%202%20Report%20and%20Responses%20to%20Questions%20Regarding%20Name%20Collisions-19-01-2024/submissions/ICANN%20org/Visible%20Interruption%20(VI)%20and%20Visible%20Interruption%20and%20Notification%20(VIN)%20-%20Privacy%20and%20data%20protection%20review-26-02-2024.pdf> from ICANN Legal):
* “Entities conducting VI/VIN could mitigate these risks by implementing appropriate steps such as identifying a suitable legal basis for the processing of personal data, applying data minimization measures, ensuring transparency about their practices (including, clearly formulated notices), implementing appropriate security measures and conducting a data protection impact assessment, as might be required under applicable data protection laws such as the GDPR. Generally, compliance with the relevant data protection laws will be key to mitigate privacy and liability risks.
However, due to the unpredictable nature of the data collected and the potentially high residual risks associated with data collection and further processing, implementing these privacy safeguards appears to be challenging, if not impossible. This situation may lead to potential legal and reputational consequences for the entities conducting VI/VIN.” (p. 3)
* 4 issues at hand:
i. Legal basis – Legitimate interest and balancing test (of risks/benefits) is “the most likely legal basis for processing personal data in the context of VI/VIN.”
ii. Data minimization – May be a mitigating factor by “reducing the risk of data breaches and privacy violations,” but this may be challenging with VI/VIN because these techniques require “collecting and processing data that may not be strictly necessary for the intended purpose.” Viable steps include: (1) “implementing appropriate data protection measures to limit access to personal data,” (2) “regularly reviewing and deleting personal data that is no longer necessary” or (3) “processing the data without retaining it in the first place [the data is deleted immediately after it has been written in the system memory]”
* Implementation difficulty is rated as medium to high since “While it might be possible to conduct VI/VIN without retaining the personal data that might be processed, it remains that an unpredictable amount of personal data would be processed.” Additionally, “Implementing the other safeguards to limit the amount of personal data processed would require knowing in advance what data would be collected when conducting VI/VIN, which is impossible.”
iii. Transparency – “If the entity conducting the assessment is not transparent about their data collection practices, this could be seen as invasive and raise concerns about data privacy.” Since “the VIN sinkhole server will listen on the appropriate TCP port for HTTP requests so that it can respond with a human-readable message” and “HTTP requests often include parameters, and some of these parameters could include sensitive information,” “there is a risk of disclosure of sensitive/confidential information.” Regarding transparent data practices by entities, “Entities conducting VI/VIN should be transparent about their data collection practices, how the data will be used, and who will have access to it. They should also clearly communicate their privacy notices and policies to end-users to avoid confusion or concern.”
* The implementation difficulty is high since “It seems impossible to provide sufficiently clear, detailed and informed transparency notices to all any/all individuals that may get their data processed in the context of VI/VIN.”
iv. Data security: While “Processing the data without retaining it (the data is deleted immediately after it has been written in the system memory) would already mitigate the risk of a breach,” the data collected must be properly secured.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20240304/d9604870/attachment.html>
More information about the NCAP-Discuss
mailing list