Logo

Marika Konings' Personal Meeting Room
Marika Konings
01:46:29
This is the document that we will look at next - it was also attached to the email that went out yesterday with the agenda.
Stephanie Perrin (NCSG)
01:56:33
test
Georgios Tselentis (GAC)
02:30:32
+1 Thomas
Marc Anderson (Verisign / RySG)
02:33:43
The CPH would further like to reiterate our understanding of the advice we have received from Bird and Bird on automation. Relevant to the SSAD, most decisions short of the ultimate decision whether or not to disclose data can be fully automated, but that most decisions involving disclosing registrant data of a natural person will require meaningful human review. To be clear, this shouldn’t foreclose the possibility of a model that evolves towards further automation of disclosure decisions, or individual controllers automating their own decision-making processes based on their assessment of the risks.
Brian King (IPC)
02:33:51
FWIW to Stephanie's point this already says "legally permissible" - should capture that
Stephanie Perrin (NCSG)
02:35:31
as long as people do not take a narrow reading of that.
Stephanie Perrin (NCSG)
02:36:09
Possibly if Marc would care to spitball a percentage that is likely legally permissible to automate, it might help.
Franck Journoud (IPC)
02:36:32
+1 Alan G!!!
Hadia Elminiawi (ALAC)
02:36:33
@Marc sure but "legally permissible" should cover your above statement
James Bladel (RrSG)
02:39:03
Correct Hadia.
Stephanie Perrin (NCSG)
02:45:39
i have my hand up
James Bladel (RrSG)
02:49:14
same
Volker Greimann (RrSG)
02:49:17
Can we go by the queue again please?
Stephanie Perrin (NCSG)
02:52:48
I still have an important point to make. Shall I type it in the chat?
Mark Svancarek (BC)
02:53:58
I agree with James that we should be focusing right now on the cases which are clearly lawful. The principles allow for us to expand that list as more guidance and experience is received
Stephanie Perrin (NCSG)
02:54:14
WE are about to release a document for public comment. We need to be clear and explicit regarding what we mean by “automation”, because it is a hot button word, and is explicitly dealt with under data protection law. Human oversight is often demanded…we need to explain how that will be achieved somewhere.
Stephanie Perrin (NCSG)
02:54:57
I do not believe that the “grand public” understands what we mean by automating the accreditation and authorization functions.
James Bladel (RrSG)
02:55:31
For avoidance of doubt: It is in our (CPs) best interest to automate as much as possible, so long as we are on firm legal ground. This will scale better and save operational costs.
Stephanie Perrin (NCSG)
02:55:38
So we need diagrams and explicit understand of which procedures will be automated and how, and who is accountable i.e. the controller of that procedure.
Brian King (IPC)
02:55:53
+1 James
Stephanie Perrin (NCSG)
02:57:11
I am concerned that we may unleash a dog’s breakfast of comments if we are not crystal clear…..recent experience with the .org sale has not been…..reassuring
Marc Anderson (Verisign / RySG)
02:59:54
link to automation building block
Marc Anderson (Verisign / RySG)
02:59:55
https://docs.google.com/document/d/1KCzlakWVkt6GN5ZPl0my45WdR34JPes_bZwmJkY9Z3k/edit
Berry Cobb
03:00:16
link to wiki where initial report: https://community.icann.org/display/EOTSFGRD/f.+-+Draft+Initial+Report
James Bladel (RrSG)
03:02:58
Thx Marc
Marika Konings
03:03:46
This is the proposal that was shared last week and which includes the latest version of all the recommendations.
James Bladel (RrSG)
03:04:35
we’ve discussed LEA rquiests with jurisdiction matching.
Berry Cobb
03:04:36
There are two possible examples. LEA requests within same jurisidiction (ex. German LEA to German Rr). UDRP requests from providers.
Stephanie Perrin (NCSG)
03:05:11
Is it possible to print the draft report please?
Margie Milam (BC)
03:05:27
+1 Laureen
Stephanie Perrin (NCSG)
03:06:07
Some of us are not doing this as part of our day job. This makes it hard to keep up with the review, and hard to justify carrying our paper files to support us while here. I guarantee it will help
Mark Svancarek (BC)
03:06:18
@AlanW, sorry I was trying to avoid discussing implementation. Sorry I seemed dodgy. Easy examples would be anything under .BANK, or anything containing the string "exxon"
Mark Svancarek (BC)
03:06:44
("exxon is a string that isn't a word and appears in TMCH)
Margie Milam (BC)
03:07:04
phishing is another example
Hadia Elminiawi (ALAC)
03:27:39
+1 Stephanie
Brian King (IPC)
03:31:43
We have some good ideas to explore for those no-brainer, can-always-be-automated cases, when we get there.
Matt Serlin (RrSG)
03:33:15
Let’s remember the central gateway will not hold any of the actual data
Alan Woods (RYSG)
03:35:10
+100000 Matt
Hadia Elminiawi (ALAC)
03:36:36
+1 Matt the data would ultimately come from the CPs data
Matt Serlin (RrSG)
03:37:19
Right but I also say that to illustrate it’s difficult for the central gateway to make decisions without having access to the data
Brian King (IPC)
03:38:22
@Matt, right. And let's consider that the central gateway could get the data (but not disclose it) for its own purposes of evaluating whether to automate. Automation could be a subsequent step. If the central gateway is operated by ICANN (or its designee) as a joint controller, there is no problem for the CP to send the data to its joint controller for the controller's own purpose.
Berry Cobb
03:39:08
I've also heard though, while SSAD does not have the data, some Registrars may choose to automate disclosure requests, even if 6.1.f due to scales or lack of resources.
Berry Cobb
03:39:34
<<< should say smaller Registrars.
James Bladel (RrSG)
03:40:36
Creating copies of data records has its own risks. And who ensures that the SSAD’s data is synchronized if the Registrant/Data Subject makes any updates? Opens up lots of questions
Berry Cobb
03:41:33
The TSG model and I think I recall Org saying they don't want to store data at the SSAD.
Brian King (IPC)
03:43:21
that's my recollection too, Berry. I don't think anybody wants ICANN or SSAD to have a shadow database
Alan Woods (RYSG)
03:45:57
+1 stephanie
Brian King (IPC)
03:46:07
"evolutionary model"?
Alan Woods (RYSG)
03:47:14
...can we just not call it … The model … can we commit already
James Bladel (RrSG)
03:48:09
For the record: I’m still favoring Iguana
James Bladel (RrSG)
03:51:06
Here’s a very easy fix - Delete “...from a hybrid to a (partly) centralized)...”
Berry Cobb
03:52:20
While it doesn't work purely given two sides of demand vs. supply side, the model is really a hub and spoke of sorts.
Chris Lewis-Evans (GAC)
03:53:42
+1 James on deletion
Mark Svancarek (BC)
03:56:56
I think "EXPECTED evolving nature" anticipates an outcome but does not mandate it
Terri Agnew
03:57:06
Reminder to lower hand in zoom when finished with question/comments.
Marika Konings
03:57:42
The principles need to be seen as a package - so evolution would only happen if the other conditions are met (technically feasible and legally permissible).
Matt Serlin (RrSG)
03:58:34
To the point James earlier, we also think we need to add commercially reasonable as well to those two existing caveats
Thomas Rickert (ISPCP)
04:11:10
I had suggested earlier that the trademark-infringement related disclosure requests could be automated.
Brian King (IPC)
04:11:38
+1 Thomas. I will submit that to the email list shortly.
Volker Greimann (RrSG)
04:17:33
@Thomas: How?
Berry Cobb
04:19:46
Note, Standardization is within the Automation building block.
Berry Cobb
04:21:21
prelim rec. 13 (from automation BB) currently reads: The EPDP Team acknowledges that full automation of the SSAD may not be possible, but recommends that the SSAD [should, must or may] be automated where technically feasible and legally permissible. Additionally, in areas where automation is not both technically feasible and legally permissible, the EPDP Team recommends standardization as the baseline objective.
Mark Svancarek (BC)
04:33:02
All great suggestions Volker
Chris Lewis-Evans (GAC)
04:33:14
+1 Volker
Volker Greimann (RrSG)
04:34:55
Maybe add statistics:
Volker Greimann (RrSG)
04:35:27
95% of CPs in your jurisdiction have approved this king of request/ requests by this requester...
Volker Greimann (RrSG)
04:35:39
king=kind
Hadia Elminiawi (ALAC)
04:36:01
+1 Volker adding statistics help the system to learn
Volker Greimann (RrSG)
04:36:59
Speak now or be forever quiet! ;-)
Mark Svancarek (BC)
04:39:55
+1 Volker again
Mark Svancarek (BC)
04:41:35
Right now the principles allow a CP what to automate, who they implicitly trust, and whether to contract a joint controller or a processor. I think all these good ideas are compatible with the principles already ...?
Thomas Rickert (ISPCP)
04:42:27
Are all joint controllers (ICANN, Rys and Rrs) comfortable with the way responsibilities are now split?