Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en

Members, please select all panelists and attendees chat option

https://community.icann.org/display/EOTSFGRD/g.+Draft+Final+Report+-+Phase+2

Rec3: https://docs.google.com/document/d/1Dde62eeOfCvf6qcbnXoLdYFF4Oum0RN2sz2jBuBm6yw/edit#heading=h.gjdgxs

Can you confirm that the versions posted are final?

I collected a few about 3 days ago and it looks like they're slightly updated since then

Thank you Marika

Can do!

saturday belongs to the family. it is not a workday

Thank you Marika, Berry, and Caitlin for this crazy amount of work.

+1 Beth

+1 Beth

+1 Volker

+1 Volker. There needs to be some sort of abuse handling, details can be fleshed out later

oops..

CPs can always refuse disclosure based on clear reasons

+1 Janis

MUST and SHALL mean the same thing , though??

not again!

1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the definition is an absolute requirement of the specification

https://tools.ietf.org/html/rfc2119

So, let's move on :)

Oh -- I wonder if the suggestion is that some should become lower-case 'shall' instead of capitalized meaningful SHALL

Let's pick one and use it consistently

I'd prefer to consistently use

consistently use a single one

Amr - we do. I think this question was if some should move from defined terms to non-defined regular-use 'shall'.

Agree with Marc - seems like we should change that paragraph but not the latter two

they seem more like Policy than guidance

We could move the highlighted portion to implementation guidance

OK by me

so wouldn't that just be two different requests?

if it's two different marks being infringed

or more, if the infringement is different in each

Marika, that is my understanding

If the rationales are different, e.g. one counterfeit and one phishing, then those should be submitted as separate requests.

Bulk requests are those that apply to multiple domain names for which all the disclosure request information is the same.

I thought we had a requirement that the SSAD can divide up th requests by CP as needed

Thank you, Marika. That's how I understood it.

SSAD would determine where the request would need to go and relay accordingly.

Agree with Marika but I didn't think that was what Brian K had described...

Each request would still considered on its own merits - it is purely about avoiding having to duplicate the requests for which the info is identical.

Batch okay. Bulk not okay

Bulk does not appear in the implementation guidance itself, to reassure everyone :-)

That is reassuring, Marika!

@Milton: Yes.

That should probably be in the recommendation itself, as opposed to implementation guidance.

I disagree that batching 100 requests is more expensive than sending 100 individual requests. They still arrive at the CP as 100 individual requests

@Milton, we've been feasting on dinner for 6 weeks. ;-)

If requestors pay per request and submit a request for 100 domains with the same basis/etc, but which are across 5 registrars, do they pay once or 5 times or 100 times?

we don‘t want to incentivise bulk requests

We are violently and incoherently agreeing! The 100 requests are indeed charged at the 100 request rate. But I had to push the Send button fewer times when I sent them

and incoherent

:-P

@AlanG: It’s never free. Someone will always have to pay for it. If the requestor doesn’t cover the cost, the cost will be shifted to other stakeholders, won’t it?

Sorry all, I need to drop off early for (recurring) conflicting meeting. Ben will cover for SSAC. Thanks!

Yes, but as Chris is saying, the accreditation agency may be funded centrally and not use a per-accred fee.

MUST is a suggested change, not "retained" just FYI

@Amr supporting the public good benefits all stakeholders

@James: +1

@Hadia: I’m not arguing for or against that. Just saying, as James just did, that the cost doesn’t go away, and needs to be paid by someone.

If we are going to keep “MAY” then we need to define which users will not be required to cover the costs of their accreditation. And to my knowledge, we haven’t done that yet.

+1 James

If we agree that financial sustainability is based on a cost-recovery basis, that would suggest that the cost needs to be recovered from fees paid by other SSAD users, doesn’t it?

@James moving to must with a disclaimer could solve this issue

Then they can pay through the applicant

Like the bill can go to the applicant and they can ensure someone pays it

Correct Sarah. They still pay, but we don’t decide or limit where they’re being reimbursed

Having a bill go out that the applicant forwards to someone else Is just not practical.

@Alan agree forwarding a bill to someone else does not work

If the applicant doesn't ensure the bill gets paid, what is a practical alternative? In my experience doing customer billing and account management, it's hard to get paid especialy if the actual accountholder/user is not the one doing the payment

I’m not sure forwarding a bill to a 3rd party is something we can practically recommend. How would this be enforced?

but that's not a third-party, then it's either the applicant or the accreditation authoirty

which i'm fine with

but doesn't match what alan g proposed

I agree the current language d/n address the concerns.

That sounds good, Laureen.

Strikes the right balance

It's "waived" not "waved."

Yes

Good edit

+1 Amr

amr+1

+1 amr

Can we get clarification on what "explicit additional charges" means?

Hi folks - Dropping early today. Owen Smigelski will step in for the RrSG. Thank you!

I really don't think Registrants should be paying for this system

we said data subjects MUST NOT bear the costs. the registrants are the data subjects

+1 Sarah.

Well said, Volker

@Volker: +1

Yeah…, agree with Volker on all this.

subsequent running of the system happens on a cost recovery basis

@Sarah: +1

What if applicable law REQUIRED disclosure. Would the cost of that disclosure mechanism be borne by requestors?

it is not THEIR data, it is their DATA

For this SSAD system? Sure. Alternatively, the requestor can come right to the registrar and request the data for free.

This is a hard, worked-out compromise. We wouldn't want to change it

maybe I’m missing something but if ICANN subsidizes how do you avoid the fact that ultimately registrants are paying for disclosure?

or the other requestors subsidize the freebies...

exactly Becky

The “their” still needs to go.

Makes the sentence mean something totally different.

+1 Amr

only a little bit...?

That sounds good to me.

@Volker: +1

+1

What about the 40+% of registered name holders who are not "data subjects" - may they pay for natural person registrants' data to be disclosed?

they shouldn‘t either, brian

we could habe simply said. fees should not go up or new fees introduced to finance ssad

I haven't heard anything to convince me to change the existing language

As Laureen said, it should be "waived"

(That's a "cannot live with" right there.)

implementation

;-)

yes

Change the last sentence to "The EPDP Team also recognizes that governments may be subject to certain payment restrictions which should be taken into account in implementation.

Love it

<3

I'm very effusive.

You know we revere you Janis --

LOL.

Agree with Alan W

@AlanW: +1

@Volker: Exactly.

Oh god love them!

we will try :-)

Sure

Maybe we combine these two paragraphs to better make the connection?

Can we all get historic cost refunds for time served in EPDP?

If we automate and CP's costs go down, good for them!

@Brian: LOL!! Count me in!!

works for me

what does it mean for current CP costs to be considered?

that suggests ICANN may not recover development and deployment, only operations

like, what is the practical effect?

no objection to remove

@AlanG: +1

That sentence was put in for a reason!

Add after "historic costs", "(that is, the costs born by contracted parties prior to the SSAD)"

but "borne by contracted parties prior to the SSAD)" is not the same as "costs for developing, deployment, and operationalizing" which is what Marika referenced

yes, janis, we are

agree Sarah, but not sure the language says that.

@Becky: +1. Requires clarification.

Becky - right, so we should figure it out

@Marc: +1

Keep as I’m running out of time - this is the start of the potential foot note …. “Given the potential for legal uncertainty and the heightened legal and operational risk on all parties included in the provision of the SSAD, creation of a legal risk fund refers to the creation of a suitable legal contingency plan, including but not limited to appropriate insurance cover, and any other appropriate measures that may be deemed sufficient to cover potential regulatory fines or related legal costs. “

Not perfect by any stretch … but .. time …

I'm unclear how CP costs would be calculated, recovered, etc.

I like AlanW's language as a good starting point for reivew

Note there is a week of no calls for groups to do homework.

Thanks, all.

Ok Berry thanks

Thanks all. Bye.

Thanks everybody

And if homework is done and groups prepared, maybe we complete in 2. ;-)

bye all