[RDS-WHOIS2-RT-Leadership_Staff] FW: [RDS-WHOIS2-RT] FW: ICANN org input

[Alan Greenberg]

At 01/02/2019 11:30 AM, Jean-Baptiste Deroulez wrote:
Dear Alan,

See the email below for your reference and review of sections.

Jean-Baptiste

From: RDS-WHOIS2-RT <rds-whois2-rt-bounces at icann.org> on behalf of Jean-Baptiste Deroulez <jean-baptiste.deroulez at icann.org>
Date: Wednesday, January 30, 2019 at 11:57 AM
To: RDS WHOIS2-RT List <rds-whois2-rt at icann.org>
Subject: [RDS-WHOIS2-RT] FW: ICANN org input

Dear review team members,

Following up on your plenary call #47 discussion on draft report updates, please find below the ICANN org input shared on your draft report recommendations and the action items that resulted from the email below and discussion at the face-to-face meeting.

In preparation for the call for consensus, please review asap the following action items identified at the last face-to-face meeting and confirm that each recommendation addressed these:

Recommendations (All)
Action item: Instead of trying to assign a high, medium or low priority, describe when this recommendation should be implemented and what the target completion date should be. Include a description of an ideal completion date recognizing some of the ongoing dependencies, and consideration should be given to resources (costs, community resources) that would be needed.

Discuss Monday (11 Feb)


R1.1 | R1.2 (Cathrin)
Action item: Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations.
Action item: Recommendation refers to reports covering all the ongoing legislative initiatives, but in fact, should also identify previous legislative efforts across the globe.

General footnote inserted (or replace with above instead of priority).


R1.3 (Cathrin)
Action item: Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations.

Same.


R4.2 (Susan)
Action item: Remove “Sanctions should be applied if significant deficiencies in RDS (WHOIS) data validation or verification are identified.” Or make it clear that we are talking about sanctions that are on the books.

Done.


Law Enforcement Needs Section (Cathrin)
Action item: Clarify what regular refers to in the recommendations, and potentially refine the scope of the envisioned survey so that its purpose is well defined.

Done.


LE.1 (Cathrin)
Action item: Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations.

As above.

Action item: Review this recommendation and specify what we mean by regular, by perhaps clarifying recommendation itself and also adding a little rationale to explain the two reasons that review team see for conducting such surveys and studies, which are, A, to do an ex-ante impact assessment of projected new policies or prepare a review team, or B, to evaluate new policies once they are in place.

Done.


Action item: Bring the above and survey questions to the EPDP (Alan) and GAC (Cathrin)

AG: Done
CBB: ?

LE.2 (Cathrin)
Action item: Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations. and to consider he review team’s recommendations.

As above.


SG.1 (Alan)
Action item: Alan to add clarification as well as a reference to the RAA 2013 section 3.2.

Done.


CM.1 (Susan)
Action item: Rephrase the recommendation so that the board decide how to best implement this recommendation.

Done.


CM.3 (Susan)
Action item: Review team to use the GAC term, which is underserved regions, as there are some conflicting views on Global South.

Added to R3.2


CM.5 (Susan)
Action item: Clarify in recommendation what a “risk base approach is”. Stephanie provided: “A risk-based approach simply means that you do a risk assessment before you take an action to determine whether it’s really necessary.”

Added to rationale of CC.4

Alan


Kind regards,

Jean-Baptiste

From: RDS-WHOIS2-RT <rds-whois2-rt-bounces at icann.org> on behalf of Jean-Baptiste Deroulez <jean-baptiste.deroulez at icann.org>
Date: Wednesday, December 12, 2018 at 8:32 AM
To: RDS WHOIS2-RT List <RDS-WHOIS2-RT at icann.org>
Subject: [RDS-WHOIS2-RT] ICANN org input

Dear RDS-WHOIS2,

ICANN Org has reviewed the 23 recommendations in the draft report and would like to highlight areas that would benefit from clarification, as you work toward finalizing the recommendations. The input you will find below is not intended to discuss the merit of recommendations, but rather identifies elements for your consideration as you process public comment and shape your final recommendations.

We note that you have assigned priority levels to each recommendation. In absence of a definition of what these entail, we would recommend factoring the impact of EPDP, GDPR, and need for community input etc. into the establishment of priority levels.

In the context of your strategic priority related recommendation 1.1, we would like to call your attention to an initiative ICANN launched in April 2018 – see https://www.icann.org/news/blog/improving-our-planning-and-preparation [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_news_blog_improving-2Dour-2Dplanning-2Dand-2Dpreparation&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=a5VfrQZP4r0Kte2xBJT17IgRyRBHECC3vHSuFP_QBqD22G4dgkHhRZBEhshbjycD&m=ni3vMu4w8gikInSADUiIKmtgzsKi4ZT6SDerqx-xmw4&s=kTFLy9YVw-_S_7_EP96HlX1cKzpANs-HVmTjmrU1Ffk&e=> that seeks to “identify legislative efforts across the globe early-on to raise awareness within ICANN and consider potential impacts, including how these legislative initiatives may have unintended consequences, which may be avoided”. The reports issued to date can be found at: https://www.icann.org/legislative-report [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_legislative-2Dreport&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=a5VfrQZP4r0Kte2xBJT17IgRyRBHECC3vHSuFP_QBqD22G4dgkHhRZBEhshbjycD&m=ni3vMu4w8gikInSADUiIKmtgzsKi4ZT6SDerqx-xmw4&s=kfqgsy6nO0xdEbWL7AZy9IifG5sz9fqxjs4zl3SNNzc&e=>. Additional context can be found at: https://www.icann.org/news/announcement-2018-08-30-en [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_news_announcement-2D2018-2D08-2D30-2Den&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=a5VfrQZP4r0Kte2xBJT17IgRyRBHECC3vHSuFP_QBqD22G4dgkHhRZBEhshbjycD&m=ni3vMu4w8gikInSADUiIKmtgzsKi4ZT6SDerqx-xmw4&s=JnGK7JtU_vL8tHvhfmaTgL24alfUpSz9zzj90jvqWCo&e=>. We believe this may be in alignment with the improvements you suggested.

On recommendation 3.1 (outreach), a clarification from the review team on whether it has insights into the user requirements for web documentation and what these are would be a great addition to the report to help determine specific needs. A review and feedback of current compliance related webpages would also be useful to evaluate any potential improvements needed.

On recommendation 11.1 (common interface), based on the review team’s suggested implementation, it appears that the metrics and SLAs asked for in the recommendation are intended for use by ICANN org as mechanisms to proactively identify compliance issues. ICANN org would like to note that there are multiple reasons queries could return blank fields, or no results. It is not possible programmatically to determine the causes of these results. Additionally, per the Temporary Specification, gTLD registration data results could differ between registry and registrar outputs. Therefore, inconsistencies in registrar and registry gTLD registration data outputs are not necessarily compliance issues. ICANN org would also like to inform the RDS-WHOIS2 review team that the existing WHOIS look-up tool at whois.icann.org will be updated in the coming months with a new tool built on RDAP. It is possible and intended that the new tool would function in such a way that no data would be collected by ICANN org.

On law enforcement recommendations (LE.1 – LE.2), indication froom the review team on what “regular” refers to would constitute helpful guidance on timing of data gathering efforts. In addition, we would encourage the review team to refine the scope of the surveys to bring additional clarity to their purpose.

On safeguarding registrant data (SG.1), we would recommend clarifying how the recommended action would differ from Principle 1(f) of Article 5 of the GDPR, and whether the review team meant to refer to baseline requirements (vs. uniform requirements). ICANN Org notes that section 3.2 of the 2013 RAA currently requires Registrars to notify ICANN within 7 days of any unauthorized access to or disclosure of registrant account information or registration data.

With respect to compliance related recommendations, we would remind the review team for 4.1 and 4.2 that actions to mitigate are contracted parties’ prerogative and sanctions are unfeasible based on the current policies/contracts. On CM.1 we also wish to flag that the WHOIS Accuracy Program Specification of the 2013 RAA states that if Registrar does not receive an affirmative response from the Registered Name Holder, the Registrar shall either verify the applicable contact information manually or suspend the registration, until such time as Registrar has verified the applicable contact information. On CM.3, we would also would recommend using the GAC terms of  “underserved regions” instead of “global south”, as some stakeholders may view global south as not representative of their region and there are conflicting views on the use of the term Global South outside of ICANN. In addition, we believe clarifications on the following would be helpful to provide further detail and context:
·         On CM.1, How would the review team expect the determination of the best path forward to be made?
·         On CM.3, What does “regions” refer to – i.e. registered domain name holder,, registrar/record, or reporter? How is it anticipated that the review of registration data for a sample of names will yield insight into awareness of reporting tools in each of the regions?
·         On CM.5, what would be the envisioned timeline, form (e.g. initiated PDP), and topic a potential PDP would be expected to address? Could the review team clarify what a “risk-based approach” refers to? What new RDS policies is the review team referring to? How would the GNSO be expected to incorporate these requirements for measurement, auditing, tracking, reporting and enforcement in all new RDS policies?
Per Section 4.6  [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_pages_governance_bylaws-2Den-23article4.6&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=a5VfrQZP4r0Kte2xBJT17IgRyRBHECC3vHSuFP_QBqD22G4dgkHhRZBEhshbjycD&m=ni3vMu4w8gikInSADUiIKmtgzsKi4ZT6SDerqx-xmw4&s=DMOiqkqrZmwlE3MZmzVzzw8wvA1R7qM1LEmjKyJNUTE&e=>of ICANN Bylaws, the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations. We would suggest factoring this into implementation details you include in your recommendations (see 1.1 – 1.2 – 1.3 – 15.1 – LE.1 – LE.2).

We hope you find this feedback helpful and welcome any follow-up questions or comments you may have. We thank you for all of your efforts in finalizing your recommendations and in supplementing them with additional detail.
Thank you,
Best regards

ICANN org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rds-whois2-rt-leadership_staff/attachments/20190210/a3832cc2/attachment-0001.html>