Logo

GNSO Council & ICANN Board Consultation on SSAD ODP - Shared screen with speaker view
Gopal Tadepalli
01:03:34
Greetings. - Dr. T V Gopal, Professor, Department of Computer Science and Engineering, College of Engineering, Guindy Campus, Anna University , Chennai, INDIA.
Maxim Alzoba
01:03:37
hello all
Maxim Alzoba
01:03:54
still not a panelist
Paul Tattersfield
01:04:11
Hello Maxim :)
Nathalie Peregrine
01:04:33
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en.
Maxim Alzoba
01:04:55
thanks, switching to everyone
Nathalie Peregrine
01:06:30
ALL please remember to set your chat to EVERYONE for the content to be accessed by all, and captured in the Zoom recording, thank you!
Philippe Fouquart, GNSO Council Chair
01:07:01
my apologies seems i was kicked out of the zoom session...
Hadia Elminiawi
01:08:56
Glad to be able to listen to the consultation
Stephanie Perrin, GNSO Council
01:12:38
Where would the money to subsidize come from?
Tomslin Samme-Nlar, GNSO Council
01:15:35
The RNH should not be made to pay for the subsidized costs, so like @Stephanie, I am also keen to know where the money would come from.
XAVIER CALVEZ
01:17:46
@John: the range of costs for the scenarios is driven by the range of requests volumes for each of the scenarios. Low scenario: 100,000 requests High scenario: 12,000,000. This is a ratio of volume of 1 to 120. The costs follow the same ratio because the costs are mainly proportional to the number of requests.
John McElwaine, GNSO Council
01:17:47
Point on natural versus legal is that if it would cost $10M to figure out how we can make such a determination but save ICANN org $50M in developing the SSAD, that might be a worthwhile option to explore.
Nathalie Peregrine
01:18:13
ALL please remember to set your chat to EVERYONE for the content to be accessed by all, and captured in the Zoom recording, thank you!
Mark Datysgeld GNSO Council
01:19:00
Considering the importance of this system, it should be a prioritary expenditure one way or another.
Harald Alvestrand
01:19:39
priority expenditure for whom?
Stephanie Perrin, GNSO Council
01:19:45
Accreditation is hard, and carrier liability. It is one of the most useful parts of the proposed system.
Stephanie Perrin, GNSO Council
01:20:07
Carries not carrier, sorry
John McElwaine, GNSO Council
01:21:39
Point on natural versus legal is that if it would cost $10M to figure out how we can make such a determination but save ICANN org $50M in developing the SSAD, that might be a worthwhile option to explore. [posting again to Everyone]
Sivasubramanian M
01:21:41
Is there a way of synchronizing or merging the separate processes of Requestor declaration verification and Accreditations Identification verification to streamline the process, and possible to minimise costs?
Mark Datysgeld GNSO Council
01:21:44
@Herald this seems like a worthwhile investment of ICANN's limited resources if the process is carried out correctly.
Maxim Alzoba(RySG), GNSO Council
01:24:00
legal vs natural is not simple even in legal terms (sometimes it is both, sometimes CEO is a person with PI), technical system will not resolve it
Owen Smigelski
01:24:50
@Maxim: plus, how many people who register domain names for nefarious purposes have created their own legal entity?
Goran Marby
01:24:54
The mere fact that registrant is a legal person does not necessarily justify unlimited publication of personal data relating to natural persons who work for or represent that organization, such as natural persons who manage administrative or technical issues on behalf of the registran
Goran Marby
01:25:37
If a person can be identified, it is private data.
Goran Marby
01:25:52
This comes from the Data Protection Authorities
Rick Lane
01:27:17
+1 @Owen
Michael Palage
01:28:13
+1 on all of the points raised by Thomas
Sivasubramanian M
01:28:27
There are multiple authrorities, a Central Accreditation Authority, Central Gateway Authority system, ICANN Org Support (involving design and implementation costs). Is the Accreditation / Gateway Authorities conceived to be totally external to ICANN Org and Community thereby necessiating a separate layer for ICANN Org support? Why couldn't it be a singular authority with a sufficient presence of ICANN, structurally separating ICANN from the process? (thinking aloud, not necessarily a definite way to go)
Thomas Rickert, GNSO Council
01:30:10
On the CoC, it will be difficult, but I am sure the authorities will be supportive if we come up with a good quality proposal.
Goran Marby
01:31:08
Despite what many thoughts we got guidance from them. So I might be wrong.
Brian King
01:31:47
Code of Conduct has always seemed like a good way forward. Ironically I recall it was rejected initially as it was thought that it might take too long, yet might have been approved by now had we started then. The best time to plant a tree is 10 years ago, and the second best time is today.
John McCormac
01:32:02
The legal person/natural person issue is a problem with some jurisdictions as a natural person can be a sole trader and trading as a business name. The domain name may be registered to the business name but that's the natural person rather than a legal person like an company. It is not a simple binary solution.
Thomas Rickert, GNSO Council
01:32:12
Well stated, John!
Goran Marby
01:32:22
We have as you know suggested since many years that ICANN org should be legally responsible for the disclosure
Paul Tattersfield
01:33:00
hehe :)
Goran Marby
01:33:35
That is an alternative to your proposal Thomas
Chris Disspain
01:33:52
re code of conduct - If we are genuine in wanting to ‘solve’ this problem then we should embrace any ideas that are workable and run them in parallel including the CoC
Sivasubramanian M
01:33:57
Perhpas make it compellingly attractive for Governments to go along with ICANN on this, by solving certain other problems in the process of solving the Registration Data access problem?
Goran Marby
01:34:30
Chris, do you all agree what the problem is?
Chris Disspain
01:34:43
Göran - great question!
Rubens Kuhl
01:35:02
Only an incorporated entity can propose a conduct, IMHO. ICANN community is not, ICANN Org is.
Chris Disspain
01:35:14
But, respectfully, ‘we all’ not ‘you all’
Goran Marby
01:35:35
Chris, with respect…community make policy
Thomas Rickert, GNSO Council
01:35:36
The CoC would serve all parties and entirely remove the legal risk, Göran. That’s the beauty of it and yes, I do remember that ICANN has proposed to take responsibility. However, I am pessimistic that ICANN can take the risk away form other parties involved.
Chris Disspain
01:35:49
stay in chat
Thomas Rickert, GNSO Council
01:35:50
But, we should discuss all this and look for the best option
Mark Datysgeld GNSO Council
01:35:51
@Rubens We can build it together with the org. though.
Ruminul Islam
01:36:02
Just tuned in and have missed a large portion. Will the recording be shared post-webinar?
Goran Marby
01:36:23
Thomas, I am not saying it is a bad idea. Just saying that it is a new thing and not coming from the PDP.
Hadia Elminiawi
01:36:40
The number of years required to build the system is a real concern as pointed out. The system could become obsolete before being operationalized
Stephanie Perrin, GNSO Council
01:36:40
One of the benefits of a CoC is that it can be an iterative process.
Thomas Rickert, GNSO Council
01:36:55
All good, Göran. I did not assume you did say that :-)
Stephanie Perrin, GNSO Council
01:37:01
Building the entire system at once appears challenging.
Chris Disspain
01:37:09
Yes, Göran, but we are all on the same team…As we all often say, it is a triumvirate- board, community, org
Maxim Alzoba(RySG), GNSO Council
01:37:47
email seems to be bit cheaper
Chris Disspain
01:37:48
And, I endorse your point that CoC does not arise from the PDP
Maxim Alzoba(RySG), GNSO Council
01:37:58
email seems to be bit cheaper
Jeffrey Neuman, GNSO Liaison to the GAC
01:38:07
It would be great if we could hear from some Board members as well on this call as to what they are thinking.
Becky Burr
01:38:15
But aren’t CPs free to say you must use SSAD? (I understand exception for law enforcement)
Chris Disspain
01:38:54
Becky - free to say to inform requestors?
Chris Disspain
01:38:59
To say to
Maxim Alzoba(RySG), GNSO Council
01:39:08
@Becky, not necessarily true, in our jurisdiction we can not force third party to use paid services
Jeffrey Neuman, GNSO Liaison to the GAC
01:39:10
It seems like the GNSO Councilors are doing all the talking today. Can we hear some initial thoughts from the Board members as well?
Nathalie Peregrine
01:39:55
@ Ruminul Islam, the recording of this session will be posted shortly on the GNSO Master Calendar: https://gnso.icann.org/en/group-activities/calendar
Susan Payne
01:40:10
@Becky the policy recomemendation was that use of the SSAD be optional
Becky Burr
01:41:04
Thanks @susan. Seems to exacerbate the volume issue
John McCormac
01:41:45
NIS2 also has a bit of a landmine with the requirements about DNS operators needing to be identifiable. There did not seem to be any quantification of the number of DNSes handling domain names either ccTLD or gTLD.
Goran Marby
01:41:55
Also pointing out that we get very few complaints to Compliance
Mark Datysgeld GNSO Council
01:43:28
It seems reasonable to assume that a working system will see widespread interest/uage.
Ruminul Islam
01:44:24
@Nathalie Peregrine - thank you! much appreciated :)
Sivasubramanian M
01:44:32
(a rather critical comment and question, apologies) The present status is that of a SSAD design proposal that is not a one stop shop for anydata access, not a guaranteed process, is not embraced by all Registry/Registrars (which in some sense makes SSAD superfluous or sub-optimal), does not anticipate participation from all countries in the process, does not reduce costs for the contracted parties, does not pay attention to the accuracy of Registration data and is not even visualized as a process useful enough to be a guaranteed success, aren't there several gaps to be filled in?
Rubens Kuhl
01:44:57
Working system is in the eye of the beholder. If most requests are rejected, the system is working but will be perceived as not.
Jeffrey Neuman, GNSO Liaison to the GAC
01:45:04
Personally, I am trying (unsuccessfully) to find which specific recommendations are leading to the enormous complexities. In other words, which are the recommendations that if we modified would dramatically reduce the complexities and then the costs?
Becky Burr
01:45:12
@Rubens, exactly
Susan Payne
01:45:29
@Goran, there is no point making a complaint to Compliance when you and that team are very clear that you cannot compel disclosure - so why would you be sent a complaint?
Marc Trachtenberg
01:45:52
+1 to Susan
Mark Datysgeld GNSO Council
01:46:06
@Rubens fair enough. That is where the balancing act of what is doable needs to come in. Unfortunately that point does not seem to be agreed upon,
Becky Burr
01:46:21
@Jeff, the verification/authentication piece is complex. Maybe not so complex in the US and a handful of other countries, but complex globally
Franck Journoud
01:46:24
@Mark Datysgeld: I disagree. If the system works but participation (accreditation + ongoing costs) is more expensive to requestors than the value of the WHOIS data then the system will face a death spiral.
Paul Tattersfield
01:46:50
GDPR has a lot of negative impacts and less than ideal complications in other areas too
Goran Marby
01:46:52
Susan, that is a little bit unfair…the law makes this an obligation for the contracted parties
Ashley Heineman
01:47:07
I think the fact that ICANN can't compel disclosure is a reflection of the legal realities we are dealing with
John McCormac
01:47:14
It isn't so much that GDPR is the problem as the reaction to GDPR. Some registrars have gone completely dark on data (even company names and countries).
Maxim Alzoba(RySG), GNSO Council
01:47:16
first request is 10M and each next is cheaper;)
Michael Palage
01:47:19
@Goran - Join the Accuracy Scoping Working Group calls on Thu with Becky and you can hear both side on while there has been a decline in complaints
Rubens Kuhl
01:47:51
@Sivasubramanian, participant in SSAD for registries and registrars is mandatory. But SSAD won't be the only way to request registration data.
avri doria
01:48:11
I believe it was touched on in the ODA. Raises the overall end costs to do a partial first.
Sivasubramanian M
01:48:29
Whether or not the anticipated fee structure includes a process of sharing the fee with the Ry/Rr, does the system anticipate scenarios where the Ry/Rr would also charge a fee at least in some cases, and in that case is that cost to the Requestor factored in i, in assessing the affordability of the Requesters?
Laureen Kapin
01:48:30
Re: lack of complaints to ICANN Compliance-- it's not clear that those wanting access to non-public domain name registration data 1) know how to make requests and 2) what entity to complain to if they think they've been wrongfully denied access.
Sivasubramanian M
01:48:40
... for the Requesters...
Susan Payne
01:48:48
@Goran, I wasn't blaming. I was saying why would someone complain to Compliance if Compliance cannot deliver a solution
Rubens Kuhl
01:48:51
@John, country is to be shown for every request. If it's not, file a complaint with ICANN Compliance on it.
Becky Burr
01:49:09
I hear you re changing the law. But this morning the EC rep said (in accuracy scoping) that we are all wrong to blame GDPR because it does not prevent data disclosure…
Goran Marby
01:49:26
Susan, then the problem is not ICANN..it is GDPR
John McCormac
01:49:34
@Rubens It would take too long to do it for every domain name checked.
Jeffrey Neuman, GNSO Liaison to the GAC
01:49:37
And my question is what elements if eliminated would (a) achieve the overall goals, but (b) reduce the complexities and costs?
Pam Little
01:49:52
@Susan, the SSAD won’t change the fact that ICANN Compliance cannot compel disclosure.
Sivasubramanian M
01:49:54
@Rubens That could be a flawed model, if it is a design that has the participation of some Ry/Rrs while others opt out
Susan Payne
01:50:10
@Goran but you keep referring to the lack of complaints to ICANN as if it's a reflection of a lack of an issue. The point is that this is not a relevant metric
Sivasubramanian M
01:50:32
@Rubens and even if it is beyond scope, SSAD design needs the participation of ccTLDs
Rubens Kuhl
01:50:36
There is no opt out on SSAD.
Goran Marby
01:50:56
Susan, it is a datapoint for us. As a SSAD would not solve that problem.
Susan Payne
01:50:56
@Pam, completely aware of that
Rubens Kuhl
01:51:01
And ccTLDs won't go nowhere near SSAD, GNSO makes gTLD policy only.
Amr Elsadr
01:51:45
Yes, a ticketing system would be far simpler to implement, but what actual value would it add? How does it solve anything?
Jeffrey Neuman, GNSO Liaison to the GAC
01:52:16
The accreditation part though was key for (a) ensuring the accuracy of the information about the requestors, and (b) useful for contracted parties to ensure that the requestors have a right to ask (and receive) the data they are requesting.
Chris Disspain
01:52:32
that is an important question Amr - don’t know the answer but important to ask
Jeffrey Neuman, GNSO Liaison to the GAC
01:52:40
If there is no accreditation, then the Contracted parties will each have to do that diligence anyway.
Jeffrey Neuman, GNSO Liaison to the GAC
01:52:51
So that just passes the costs on to the contracted parties, right?
Alan Greenberg
01:53:00
But contracted parties were under no obligation to pay any attention to the accreditation and assurances it included.
Chris Disspain
01:53:17
Good point Alan
Chris Disspain
01:53:33
Accreditation = what?
Amr Elsadr
01:53:33
@Jeff: and (c) sparing requestors from the need to replicate their ID verification every time they seek disclosure from a different registry/registrar.
Jeffrey Neuman, GNSO Liaison to the GAC
01:53:49
True Alan - but if contracted parties did rely on that, they likely would be seen as acting in good faith by doing so
Goran Marby
01:53:58
Jeff, how does it work today? With few complaints it is hard to understand the problem
Becky Burr
01:54:02
@amr, that’s the question. It would provide data about volume, rate and rapidity of response, etc. but with or without accreditation, it isn’t necessarily going to change the rate at which folks get data that they have requested.
John McCormac
01:54:08
Approximately 25% of the gTLD market compose of resellers. The domain name market is rapidly becoming more complex.
Sivasubramanian M
01:54:18
The cost estimation range is already wide, but was there an upper limit imagined in the cost estimates, for example, costs as a subset of ICANN's financial size? for example, ICANN's annual budget is 100 M, so SSAD must be a sub 100 M program?
Amr Elsadr
01:54:45
@Becky: That sounds about right, but don’t believe it was anyone’s actual objective during the EPDP.
Jeffrey Neuman, GNSO Liaison to the GAC
01:55:11
@Goran - it is not a one size fits all model. Each contracted party has their own process for dealing with requests. but a lot of comes down to trust, credibility, and evidence.
Amr Elsadr
01:55:19
i.e.: was never envisioned as the purpose of the SSAD.
John McCormac
01:55:28
ccTLD registrars are no longer opting to become ICANN accredited registrars so the chances of that reseller data request (resellers being unaware of requirements) problem is increasing.
Sivasubramanian M
01:55:37
Pilots would lengthen the time span of design and implementation from 6 years to 10 or more years
Rick Lane
01:55:37
Agree with @Goran. Some of us said four years ago that ICANN could not solve the GDPR-Whois problem. That it would take a legislative/regulatory fix. There is an ever growing group of entities working on that.
Danko Jevtovic
01:55:48
If an (unverified) requestor goes to CP how will he be accredited/verified, and who will bear the cost of that verification?
Goran Marby
01:55:56
Jeff, so basically it seems to be working todaY?
Jeffrey Neuman, GNSO Liaison to the GAC
01:56:19
@Goran - that depends on who you ask
Sivasubramanian M
01:56:21
SSAD can be done right, by a thorough design, in a fool proof manner. In this exercise, even Market Research and other typical management tools would not help.
Kurt Pritz, GNSO Council
01:56:54
I think Harald’s recommendation is spot on. Does the Board need something from the Council to do that sort of pilot? I don’t think so - it is part of the Board evaluation of the recommendations.
Goran Marby
01:57:19
Kurt, yes the pdp says…all or nothing
J-P Voilleque
01:57:26
Small tangent re: the benefits of centralized accreditation. If I were a practicing IP attorney and I had to separately request "representation accreditation" for each client, then I would not not use SSAD - I would subpoena the registrar if and when I need that data.
Goran Marby
01:57:33
Actually it says all…
Becky Burr
01:57:37
@amr, I understand that was the natural result of switching from UAM to SSAD, and the switch to SSAD was driven by the law, but I’m not sure everyone was on the same page re purpose of SSAD.
Cheryl Langdon-Orr
01:57:46
Very interesting discussion… Thank you for allowing us to observe today...
Kurt Pritz, GNSO Council
01:57:51
Goran - right so use the pilot to determine the all or nothing decision
Rubens Kuhl
01:58:02
@JP, if the court system is a better alternative, then just use it...
Danko Jevtovic
01:58:11
@J-P exactly
Jeffrey Neuman, GNSO Liaison to the GAC
01:59:14
Can we narrow down the issues a little bit more? I know we say that if we got rid of accreditation, it would be cheaper, etc. But what is it about the accreditation that is adding the most cost?
Amr Elsadr
01:59:22
@Becky: Fair enough (truly), but still…, a ticketing system wasn’t what anyone was seeking. ;-)
Alan Greenberg
01:59:24
Maarten said that GDPR limits what can be displayed, but if the EPDP implementation limited what is redacted to JUST what GDPR required, this would be a very different conversation.
John McCormac
01:59:37
+1 Alan
J-P Voilleque
01:59:44
@Rubens thankfully I don't have to :)
Michael Palage
01:59:44
As one of the respondents to the SADD RFI - we would encourage ICANN to take the NASA approach and select multiple pilot participants to build out systems and let the community decide what solution(s) are best in class.
Keith Drazek
01:59:48
Hi all, this has been a constructive discussion and I expect it will be the first of many conversations in an ongoing Board/Council dialogue on next steps for SSAD. Much appreciated, and thanks to ICANN staff for their work on the ODP and ODA.
Becky Burr
01:59:55
@amr, also fair enough
Stephanie Perrin, GNSO Council
02:00:01
As you said earlier, Jeff, getting rid of accreditation merely downloads the biggest burden to the CPs
Chris Disspain
02:00:03
Keith +1
John McCormac
02:00:31
@Michael The danger is that ICANN will end up with so many pilots that it will have its own airforce. :)
Thomas Rickert, GNSO Council
02:00:35
Good discussion. Thanks all!
Amr Elsadr
02:00:46
@John: Ha!!
Sivasubramanian M
02:01:06
If SSAD would cost 27 m to design and 100 m to operate, what would cost the pilot to be designed and what would it cost the pilot to operate? And, pilot for how long? What timelines for the pilot?
Chris Disspain
02:01:19
Jeff +1
Thomas Rickert, GNSO Council
02:01:25
Fair questions, Siva!
Matthew Shears
02:01:39
Yes, this kind of interaction is v helpful
Sivasubramanian M
02:01:44
Thank you Thomas
Michael Palage
02:01:52
Welcome all SSAD pilot participants, let the community select the most viable pilots. Great way to get facts instead of hypothetical fear mongering on potential costs
Desiree Miloshevic Evans, GNSO Council
02:02:21
Agree to continue with more open discussions
Goran Marby
02:02:37
Jeff please read page 23-30
Mark Datysgeld GNSO Council
02:02:44
We will work faster if we manage to keep these conversations going.
Jeffrey Neuman, GNSO Liaison to the GAC
02:02:48
Thanks Goran!
Brian King
02:02:49
+1 Palage
Jeffrey Neuman, GNSO Liaison to the GAC
02:02:50
I will
Cheryl Langdon-Orr
02:02:53
Thanks everyone!
Mark Datysgeld GNSO Council
02:02:54
Valuable insights.
Herb Waye Ombuds
02:02:55
Great informative session, respectful and professional… stay safe everyone and always be kind.
Rubens Kuhl
02:02:55
Would pilot participants willing to work for free during the pilots ?
Keith Drazek
02:02:59
Thanks all!
Goran Marby
02:03:02
And cost section 3.7
Wisdom Donkor, GNSO Council
02:03:04
Thank you everyone
Wisdom Donkor, GNSO Council
02:03:07
bye