Logo

Julie Bisland's Personal Meeting Room - Shared screen with speaker view
James Bladel (RrSG)
36:08
I’ll drop 30 min before the end (or 30 min beyond our usual stop time). Thx.
Julf Helsingius (NCSG)
37:39
42 is the answer
Becky Burr (ICANN Board Liaison)
38:25
That’s correct we did not meet
Berry Cobb
38:50
Except we do have a 1 hour webinar scheduled for next Thursday the 13th.
Hadia Elminiawi
40:02
Hello all - apologies for being late
Margie Milam (BC)
45:28
the BC supports the IPC comments as well on these
James Bladel (RrSG)
48:15
So long as the controller/bearer of liability makes the determination on “legally permissible” then I’m good.
Marc Anderson (Verisign / RySG)
48:22
1, 6, 9, 14, 16, 18, 19, 20
Marc Anderson (Verisign / RySG)
48:33
I think that is my list of items to discuss
Volker Greimann (RrSG)
48:38
Bingo!
Matt Serlin (RrSG)
49:08
+1 James
Hadia Elminiawi (ALAC)
51:08
The old WHOIS is dead - we should stop referring to it. Our goal is to do our work efficiently while complying with GDPR
Amr Elsadr (NCSG)
51:38
How can we stop referring to it, when the draft reports makes out the EPDP Team’s mandate to replicate it?
Amr Elsadr (NCSG)
52:44
@Franck: Low volume and distorted sound.
Berry Cobb
52:46
Inadubile.
Thomas Rickert (ISPCP)
52:47
i guess the issue could be. itigated
Berry Cobb
52:54
Franck, can we do a call out to you?
Hadia Elminiawi (ALAC)
53:04
Franck we cannot hear you
Thomas Rickert (ISPCP)
53:05
mitigated if d
Franck Journoud (IPC)
53:10
sure
Milton Mueller (NCSG)
53:12
same here Franck, very difficult to hear
Thomas Rickert (ISPCP)
53:54
sorry for my typing. the issue can maybe be mitigated if we learn more about how cases will be dealt with
Berry Cobb
54:27
The flow chart is just a visual representation of the text in the draft report.
Franck Journoud (IPC)
55:06
I'm back
Thomas Rickert (ISPCP)
55:21
there might be the need for a legal panel / expert committee that oversees the decision-making (manual OR automated) and eligibility for automated decision-makinf
Hadia Elminiawi (ALAC)
55:23
NO Amr not al cases necessarily require human review based on what do you put forward this assumption
Milton Mueller (NCSG)
56:03
There was never a MUST
Milton Mueller (NCSG)
56:07
Janis
Milton Mueller (NCSG)
56:44
there was always a “COULD” or MAY
Amr Elsadr (NCSG)
57:38
How could step 3 of the balancing test possible be done using algorithms?
Amr Elsadr (NCSG)
57:51
*possibly
Milton Mueller (NCSG)
58:47
No we did not ever agree to that.
Mark Svancarek (BC / marksv)
58:47
phase 2
Berry Cobb
59:25
Audio is great Franck.
Amr Elsadr (NCSG)
59:32
The NCSG has never agreed to automation of decisions to disclose. Would be nice to acknowledge that when folks say “we agreed” to this.
Julf Helsingius (NCSG)
59:54
+1 Amr
Amr Elsadr (NCSG)
01:00:37
No matter how many times folks say that “we agreed” to this, the NCSG never has. If you mean that all other groups other than the NCSG agreed, then fine.
Alan Woods (RySG)
01:00:55
If they are already disclosed - thy have been disclosed in a single instance - and to a specific requester -
Marc Anderson (Verisign / RySG)
01:01:08
The EPDP Team recommends that the receipt, authentication and transmission of SSAD requests be fully automated insofar as it is technically feasible. The EPDP team recommends that disclosure decisions should be automated only where technically and commercially feasible and legally permissible. In areas where automation does not meet these criteria, standardization of disclosure decisions is the baseline objective.
Alan Woods (RySG)
01:01:23
if a requester has deleted that data - then its either they no longer needed it and must reapply - or else … data breach
Milton Mueller (NCSG)
01:01:26
There are indeed cases where automation is possible, and we can discuss those. It is the statement that our goal is to automate everything that causes trouble
Caitlin Tubergen
01:03:28
To clarify Marc A.’s intervention, the concept of commercially feasible is included in Rec. 16, just not the high-level principle.
Amr Elsadr (NCSG)
01:03:41
Note that Articles 21 and 22 also allow data subjects the right to object to decision-making based solely on automated means.
Stephanie Perrin (NCSG)
01:03:42
Yes. To be fair, I have always said that some things could be automated, certain use cases where there was certainty about the data elements being disclosed and the identity of the requester, and the nature of their business. my favourite use case is the putting into live use 400 domains from one user, for malware purposes. That ought to trigger a fast response. How you figure out a way to do that is a question we have never addressed….and I have pointed out several times that we have not addressed the decision making process, the actual rationale and words that need to be in the request, on which the legal decision making needs to rest and be defended in Court.
Caitlin Tubergen
01:03:46
Please see line 1393.
Mark Svancarek (BC / marksv)
01:04:18
@AlanW - correct that if disclosed, that disclosure was specific to that requestor (unless the record contained no personal data); good clarification
Amr Elsadr (NCSG)
01:04:50
@Alan G: If I’m right, then the recommendation makes no sense.
Milton Mueller (NCSG)
01:05:17
wrong
Amr Elsadr (NCSG)
01:05:27
It’s surprising that you’re surprised. This is hardly the first time we’ve brought it up.
Alan Greenberg (ALAC)
01:06:06
@Amr, yes, but thatis a BIG *IF* and we disagree on whether there are such cases.
Franck Journoud (IPC)
01:07:28
@Thomas R: would you opine on automating 61f decisions, especially IP/TM ones?
Alan Greenberg (ALAC)
01:07:35
In new tect, there are two redundant "technically feasible"
Hadia Elminiawi (ALAC)
01:08:15
Marks amendment sounds go
Amr Elsadr (NCSG)
01:08:18
@Milton: +1
Hadia Elminiawi (ALAC)
01:08:43
Automation is not the default
Stephanie Perrin (NCSG)
01:10:00
The default is to avoid legal risk that results in fines, I would have said.
Hadia Elminiawi (ALAC)
01:10:04
+1 Milton automation of the decision making is not the default
Berry Cobb
01:10:25
Marc's proposal is on screen, in blueish text.
Georgios Tselentis (GAC)
01:10:33
Let's build on Marc's suggestion where it seems that there is some agreement
Amr Elsadr (NCSG)
01:10:35
Not only does the language say that automation is a MUST (subject to certain conditions), but also gives the SSAD Advisory Group a mandate to seek full automation.
Milton Mueller (NCSG)
01:10:48
Well, LA was not 4 months ago
Hadia Elminiawi (ALAC)
01:11:07
+1 Georgios lets build on Marc's prposal
Berry Cobb
01:11:22
SSAD Advisory Group is no longer used. "Mechanism" pending further input from PC.
Matt Serlin (RrSG)
01:11:44
Marc’s language seems like a good compromise
Milton Mueller (NCSG)
01:11:54
OK with me to “terminate” the SSR language
Stephanie Perrin (NCSG)
01:12:04
There are certainly companies represented here that have enjoyed extensive investigations from data protection authorities. How about sharing your experience as to what kinds of questions are asked regarding decisions to disclose that result in complaints? That will help us understand how to disclose in an automated fashion in ways that are legally defensible.
Stephanie Perrin (NCSG)
01:12:09
Just a suggestion.
Brian King (IPC)
01:12:13
I like Marc’s language
Hadia Elminiawi (ALAC)
01:12:19
Thanks Milton
Margie Milam (BC)
01:12:22
ok with Marc's language
Mark Svancarek (BC / marksv)
01:12:34
I can accept it
Berry Cobb
01:13:58
Most providers? It could be possible small providers choose to automate all?
James Bladel (RrSG)
01:15:41
I may be missing something, but I don’t see any legal risk in automating the COLLECTION of requests.
Milton Mueller (NCSG)
01:16:41
the two sentences are about automating requests, and disclosure. we do need both of them
Alan Greenberg (ALAC)
01:17:53
Thanks see disclosure now.Still two "technically feasible"
Milton Mueller (NCSG)
01:19:22
the point is requests and disclosure are two distinct processes. technically feasible applies to both of them
Berry Cobb
01:20:07
45 minutes into the call....1 topic.
Milton Mueller (NCSG)
01:20:20
but it’s the major topic, Berry
Alan Greenberg (ALAC)
01:20:24
Still do't understand the first technicallt feasible. I have a problem with the concept of automating transmission where is is NOT technically feasible!!!
Mark Svancarek (BC / marksv)
01:20:42
+1 James the protocol-level disclosure detail is still open
Chris Lewis-Evans(GAC)
01:20:51
Agree with the split into two points by staff makes the items clearer
Milton Mueller (NCSG)
01:20:57
well that argument would apply to both "technically feasible” Alan
James Bladel (RrSG)
01:21:01
I mean, once we have decided to make a disclosure, HOW do we get that info to the Requestor?
James Bladel (RrSG)
01:21:14
I’m still fine with the blue language.
Hadia Elminiawi (ALAC)
01:22:33
@james this is still to be figured out, however this is part of the implementation. My guess a channel through the central gateway between the CP and the requestor
Caitlin Tubergen
01:22:34
Please put your hand down, Franck. :)
Franck Journoud (IPC)
01:23:27
Janis has something in common with my middle school teachers
Mark Svancarek (BC / marksv)
01:25:49
First sentence is a fragment
James Bladel (RrSG)
01:26:49
So long as the GNSO has the ability to flag any recommendations that ARE policy matters for a PDP, I’m good.
Mark Svancarek (BC / marksv)
01:27:02
+1 Ja,mes
Hadia Elminiawi (ALAC)
01:27:38
+1 James
Franck Journoud (IPC)
01:28:38
good point james
Caitlin Tubergen
01:28:51
@Milton - when I read aloud, I did notice the sentence has a construction issue. If we displayed the suggestion incorrectly, apologies for that. Here is the proposed language: "“In recognition of the need for experience-based adjustments in the functioning of the SSAD, there should a GNSO mechanism to monitor the implementation of the SSAD and recommend improvements that could be made. Improvements recommended through this process must not contradict the data subject’s privacy rights, the policies established by the EPDP, data protection laws, ICANN bylaws or GNSO Procedures and Guidelines.”"
Caitlin Tubergen
01:29:01
(now displayed on screen)
Matt Serlin (RrSG)
01:29:27
+1 Amr
Berry Cobb
01:30:29
fix on screen now!
Hadia Elminiawi (ALAC)
01:30:49
But what kind of GNSO mechanism are we talking about
Amr Elsadr (NCSG)
01:31:06
@Marc: Exactly. +1
Milton Mueller (NCSG)
01:31:49
its a GTLD policy
James Bladel (RrSG)
01:32:10
@Alan G - they can participate on the board to make recommendations, but only the GNSO can determine whether or not this belongs in a GNSO policy.
James Bladel (RrSG)
01:32:17
I think Alan is agreeing with the language as written
Milton Mueller (NCSG)
01:32:36
The GNSO is the only body in a position to determine whether a proposed changed constitutes a policy or an implementation issue
Alan Greenberg (ALAC)
01:33:09
And I suggest oversight. But it should not be a "GNSO" group subject to the GNSO deciding on the composition.
Alan Greenberg (ALAC)
01:33:17
Or what it can talk about.
Amr Elsadr (NCSG)
01:34:09
@James: +1
Stephanie Perrin (NCSG)
01:34:30
+1 James
Thomas Rickert (ISPCP)
01:34:32
now that we are at it: the oversight committee needs to monitor the decision-making practice and analyze objections made by data subjects. let’s inckude that, too, please
Amr Elsadr (NCSG)
01:34:50
In case folks thought I was suggesting this, I did not mean to exclude groups other than those belonging to the GNSO from the Advisory Group’s composition.
Caitlin Tubergen
01:35:25
Please note that within Rec. 19, we have the term “mechanism for continuous evolution of SSAD”
Berry Cobb
01:35:32
Another option is to keep GNSO Mechanisim and specifically ask in the public comment for input on what the mechanisim be?
James Bladel (RrSG)
01:35:37
Sure..which one?
Caitlin Tubergen
01:35:40
Would that be acceptable to the Team?
James Bladel (RrSG)
01:36:49
…there should be a [committee or panel comprised of SSAD stakeholders] to monitor the implementation of the SSAD and recommend improvements…..
Brian King (IPC)
01:36:50
I’m also concerned that “GNSO mechanism” language means a group that is not representative of this team
Brian King (IPC)
01:37:14
I like that better James. thanks
Stephanie Perrin (NCSG)
01:37:15
We do have an existing structure at ICANN. the Acs have their own mechanisms for raising issues. The GAC has been particularly successful over the years in ensuring that ICANN continue to implement a WHOIS that violated existing data protection law.
James Bladel (RrSG)
01:37:48
And then below, add this: “The GNSO Council shall make the determination if any recommendations constitute new policy changes and require a PDP
Stephanie Perrin (NCSG)
01:38:46
So if anything, the existing GNSO structures should in my view be reinforced. The NCSG does not want to see users being forced to pick up liability costs for noncompliance with law. Inevitably, all costs trickle down to the registrants.
Thomas Rickert (ISPCP)
01:40:43
is anyone looking at suggestions in the chat or do we have to go to thr queue?
Milton Mueller (NCSG)
01:40:49
ha ha I agree with you there Alan (shiver at “mechanism”)
Hadia Elminiawi (ALAC)
01:41:05
@Amr how can we agree on "GNSO mechanism" without knowing how will other stakeholders be represented
Milton Mueller (NCSG)
01:41:31
lets get rid of continuous evolution
Amr Elsadr (NCSG)
01:41:33
@Hadia: Other groups are represented in the actual SSAD Advisory Group.
Berry Cobb
01:42:26
Whatever we call it, can I get a 1 word description for the swimlane model? ;-)
Amr Elsadr (NCSG)
01:42:38
The role of the GNSO in developing gTLD policy isn’t something novel that we are recommending. This EPDP Team was chartered by the GNSO Council, like all groups developing gTLD policy recommendations.
Hadia Elminiawi (ALAC)
01:43:09
@Amr where do we refer to the SSAD Advisory group and its composition
Berry Cobb
01:44:07
"SSAD Advisory Group" is stricken. Latest is "mechanism"
Amr Elsadr (NCSG)
01:44:12
@Hadia: I have no preferences on where to refer to the Advisory Group. It’s in the draft report, as well as the swim-lane doc (see bottom part of the flowchart on page 2).
Berry Cobb
01:44:25
70 minutes into session.
Hadia Elminiawi (ALAC)
01:46:14
@Milton this is fine but other groups have to be recognized as well
Caitlin Tubergen
01:47:32
Proposed updated language: "In recognition of the need for experience-based adjustments in the functioning of the SSAD, there should a mechanism for the continuous evolution of SSAD to monitor the implementation of the SSAD and recommend improvements that could be made. Improvements recommended through this process must not contradict the policies established by the EPDP, data protection laws, ICANN bylaws or GNSO Procedures and Guidelines.”"
Mark Svancarek (BC / marksv)
01:47:51
+1 Janis
Milton Mueller (NCSG)
01:48:13
We cannot accept “continuous evolution”
Franck Journoud (IPC)
01:48:15
+1 Janis
Milton Mueller (NCSG)
01:48:24
you don’t need that language
Margie Milam (BC)
01:48:51
we need "continuous evolution"
Milton Mueller (NCSG)
01:49:33
you’ve made it pretty clear that “evolution” means movement towards a centralized model that does not respect the data subject’s privacy rights
Brian King (IPC)
01:51:10
Again Milton, cut it out. We will make our own points, and I object to you constantly attributing motive.
Mark Svancarek (BC / marksv)
01:51:29
Naw, evolution is incremental :)
Franck Journoud (IPC)
01:51:38
@Milton: we’ve made it pretty clear that “evolution” means movement towards a centralized model that respects data protection laws
Amr Elsadr (NCSG)
01:51:57
“recommending improvements to implementation”?
Margie Milam (BC)
01:52:06
We have already agreed that this doesn't change policy
Hadia Elminiawi (ALAC)
01:55:28
don't worry it won't turn into a monster. We are looking for technical improvements and advancements to the system
Julf Helsingius (NCSG)
01:55:58
Can we say that then?
Volker Greimann (RrSG)
01:56:23
the reptilian model?
Mark Svancarek (BC / marksv)
01:57:19
laughing time is over
Stephanie Perrin (NCSG)
01:58:35
Given that we have not actually determined how the decision making will be implemented, I fail to see how we are determining which is policy and which implementation.
Stephanie Perrin (NCSG)
01:59:06
And I am fairly familiar with the process of analyzing whether a decision is in compliance with data protection law.
Stephanie Perrin (NCSG)
01:59:32
So we are on a slippery slope that is not well understood, folks.
Brian King (IPC)
02:03:03
response requirements section would be ok
Berry Cobb
02:04:37
90 min into session.
Alan Woods (RySG)
02:05:07
really this is "a cannot live with" for the initial report!
Amr Elsadr (NCSG)
02:05:31
@AlanW: I was wondering the same.
Brian King (IPC)
02:07:10
“A complete request must not be denied merely for lack of information requested by the disclosure decision maker.”
Brian King (IPC)
02:07:14
ok?
Volker Greimann (RrSG)
02:07:44
"...however a disclosing party may request further information"
Caitlin Tubergen
02:09:24
Rec. 6 notes that CPs may request further information. “If the answer to any of the above questions is no, the Contracted Party may deny the request, or require further information from the requestor before proceeding to paragraph 6 below.”
Matt Serlin (RrSG)
02:09:27
I’m fine with the language Janis describes…not what Brian put above
Milton Mueller (NCSG)
02:10:00
done.
Matt Serlin (RrSG)
02:10:05
Next
Amr Elsadr (NCSG)
02:10:06
Fine by me too.
Brian King (IPC)
02:13:03
let’s put it out to public comment
Brian King (IPC)
02:13:20
and move on
Alan Greenberg (ALAC)
02:14:16
Would also be applicable if a jurisdiction rules that RDS must be open.
Milton Mueller (NCSG)
02:14:26
yes
Milton Mueller (NCSG)
02:14:36
important issue, Marc
Milton Mueller (NCSG)
02:14:56
NCSG proposal was to delete “irrespective of policy requirements”
James Bladel (RrSG)
02:14:57
Some CPs only serve corporate (non-natural) customers in jurisdictions where they are not subject to privacy law.
Chris Lewis-Evans(GAC)
02:15:06
+1 Marc not a cant live with for now
Eleeza Agopian (ICANN Org Liaison)
02:15:16
That is fine for org, Janis. Thanks.
Milton Mueller (NCSG)
02:15:25
I have a comment
Eleeza Agopian (ICANN Org Liaison)
02:17:34
Should have also noted that NCSG’s comment does partly address the questions we had. Can certainly be discussed in more detail later on.
Mark Svancarek (BC / marksv)
02:22:12
@Eleeza I have considered the tech implementation details and would be happy to discuss/debate with your tech folks
Eleeza Agopian (ICANN Org Liaison)
02:22:19
Thanks, Mark.
Stephanie Perrin (NCSG)
02:24:17
it certainly does imply compliance, Marc good catch
Stephanie Perrin (NCSG)
02:26:28
I believe the NCSG objects to this kind of response burden being loaded on the contracted parties, absent a cost analysis that would indicate this is easily done and would not result in costs trickling down to registrants
Alan Woods (RySG)
02:29:40
is this not the perfect candidate for comment - lets see how the community actually reacts?
Hadia Elminiawi (ALAC)
02:29:50
@Laureen sounds good
Amr Elsadr (NCSG)
02:30:15
@AlanW: +1
Franck Journoud (IPC)
02:31:10
marc a you're fading in and out
Franck Journoud (IPC)
02:31:19
or is it just me?
Hadia Elminiawi (ALAC)
02:31:42
"semi-annual"
Margie Milam (BC)
02:31:46
+! Laureen
Berry Cobb
02:31:53
How about 6 months in the first year, and then annually thereafter?
James Bladel (RrSG)
02:32:04
Measuring vs. Reviewing Targets? Are we talking about the same thing (and same interval period)?
Stephanie Perrin (NCSG)
02:32:13
Surely if there are problems in the SLAs, the affected parties (requestors) are able to raise the issues?
Matt Serlin (RrSG)
02:33:12
this is just review of the targets…not adherence to the SLA
Stephanie Perrin (NCSG)
02:33:42
I find it extraordinary that we are arguing about SLA compliance reporting when we actually have not investigated what the decision making process is going to look like.
Stephanie Perrin (NCSG)
02:34:14
And there is no focus on compliance with applicable law and respect for registrant rights….no metrics at all.
Stephanie Perrin (NCSG)
02:34:37
Unless I missed something and this is included in the SLAs.....
Mark Svancarek (BC / marksv)
02:35:19
We tried to consider all those details when we created this policy rec, hopefully succeeded
Alan Greenberg (ALAC)
02:35:39
The problem is NOT how often we have a formal review. The issue is whether we will PRODUCE statistics regularly (like every month) and the groups REVIEWS periodically - less often. But the statistics are being created.
milton mueller
02:35:42
this strikes me as the kind of detail that could be handled based on public comment
Alan Woods (RySG)
02:35:47
Amen Stephanie! Helps to know the actual requirement (not to mention costs) prior to hammering home on time limits
Alan Woods (RySG)
02:36:19
again we repeat the refrain - this is not, at this point a 'can't live with' matter -
Matt Serlin (RrSG)
02:36:25
+1 Alan
Matt Serlin (RrSG)
02:36:35
Alan W sorry :)
Hadia Elminiawi (ALAC)
02:38:39
One of the advantages of automation is generating automated logs which would also help in proving compliance
Alan Woods (RySG)
02:39:23
sure...and they all lived happily ever after. - not quite that straightforward Hadia -
Alan Woods (RySG)
02:40:16
sorry too flippant … but there are bigger issues with automation , than benefits in reports
Volker Greimann (RrSG)
02:41:21
I for one would appreciate the ability to measure our own performance against some other CPs in similar circumstances.
Volker Greimann (RrSG)
02:41:39
but not need it
Matt Serlin (RrSG)
02:41:53
this is also something completely new to be introduced in a “can’t live with” document this close to publication of the initial report
Alan Woods (RySG)
02:42:15
Amen again …. this call is apparently making pray more!
Amr Elsadr (NCSG)
02:42:58
@Matt: Good point.
Mark Svancarek (BC / marksv)
02:43:24
+1 Volker - a CP should be able to see their own stats and where they reside on the histograph
Amr Elsadr (NCSG)
02:43:32
I agree with Volker’s comment above, but don’t know if this is worth holding up the initial report on.
Volker Greimann (RrSG)
02:44:11
it is not
Volker Greimann (RrSG)
02:44:18
it is a feature, not a requirement
Amr Elsadr (NCSG)
02:44:34
@Volker: Yup. Agree. Again. :)
James Bladel (RrSG)
02:47:48
Milton - you can set up a blog or a watchdog org to rate CPs on privacy protections, if you want. Not the job of ICANN.
Mark Svancarek (BC / marksv)
02:48:07
clarifying: the SLA language is in regard to rate of decision, not percentage of disclosure
Milton Mueller (NCSG)
02:48:33
James not saying ICANN should do it, but the SSAD data that would enable it should be published
Berry Cobb
02:48:42
45 minutes remain.
Matt Serlin (RrSG)
02:48:57
Milton - not every registrar has the same business model so we might disclose 100% of the time since we only work with corporations…others only work with individuals so that won’t be obvious to those looking at those kinds of stats
Milton Mueller (NCSG)
02:49:37
I know that Matt, any interpretation based solely on ratios is not going to be very meaningful given the diff customer bases of CPs
James Bladel (RrSG)
02:49:55
And some CP will have differing legal requirements, so the desire to “name & shame” may create regional barriers to competing across national boundaries.
Milton Mueller (NCSG)
02:50:18
but the same applies to, say, on-time stats for airlines.
Stephanie Perrin (NCSG)
02:51:52
“Milton - you can set up a blog or a watchdog org to rate CPs on privacy protections, if you want. Not the job of ICANN.” This is actually difficult to do, James, absent the kind of blanket complaint I just described.
Milton Mueller (NCSG)
02:52:40
I thought we were not going to discuss these
Stephanie Perrin (NCSG)
02:53:17
as you have explained, 100% disclosure stats from a company that deals only with legal persons is not helpful. We do not understand the business models of each company. The resellers are a baffling maze, and not at all transparent. So a lot of work to do to make monitoring by civil society at all meaningful
Volker Greimann (RrSG)
02:54:53
I don't believe that these use cases have a role to play in our report at this time.
Volker Greimann (RrSG)
02:55:04
offer tehm as public coment
Stephanie Perrin (NCSG)
02:55:04
But do let me assure folks that entities with litigation expertise in these matters are watching
Stephanie Perrin (NCSG)
02:56:12
I agree with Volker that we are uneven in our depth of detail, these use cases are perhaps not useful at this point, as long as there will be opportunity to comment on the assumptions inherent in them
Alan Woods (RySG)
02:56:28
agreed Volker.
miltonmueller
02:57:36
WE HAVE FOUR PEOPLE SAYING WE SHOULD NOT BE DISCUSSING USE CASES NOW
Stephanie Perrin (NCSG)
02:57:43
me too
miltonmueller
02:57:52
Can staff please inform Janis that I am raising a point of order on this.
Julf Helsingius (NCSG)
02:57:57
+1
James Bladel (RrSG)
02:59:27
Need to drop folks. Thanks, and have a good Thursday.
Amr Elsadr (NCSG)
03:00:21
@Volker: +1
Matt Serlin (RrSG)
03:00:45
Agree with Volker here…if the goal is to get this out in the next few days
Berry Cobb
03:01:06
@Matt - next 24 hours. ;-)
Matt Serlin (RrSG)
03:01:17
or that Berry :)
Matt Serlin (RrSG)
03:01:26
I’m surprised you don’t have it down to the minute!
stephanieperrin
03:02:17
If there is one thing I hate about Zoom, it is that if you drop off the call, you lose the previous chat.
Caitlin Tubergen
03:02:19
Note that no one objected to Issue 11, in which we propose to include a link to a wiki page, where Mark Sv’s document will be posted, with the caveat that these use cases are under discussion. *(footnote) – to review the other types of disclosure requests that the EPDP Team is considering, please see [include link to wiki page].
stephanieperrin
03:03:46
+1 Alan
Amr Elsadr (NCSG)
03:04:07
@AlanW: +1
Milton Mueller (NCSG)
03:04:19
Caitlin as I said any kind of publishing of these cases is a defacto recommendation or will be interpreted that way
stephanieperrin
03:04:20
DPIA required. Check the federal register to see what Homeland security does when it changes its records systems
Franck Journoud (IPC)
03:05:11
wiki allows people to comment on it
Mark Svancarek (BC / marksv)
03:05:30
I can add an assumption related to DPIA
Brian King (IPC)
03:06:01
the caveat takes care of the concern about how these are being represented
Milton Mueller (NCSG)
03:06:27
We DONT have many of these “in mind”
Franck Journoud (IPC)
03:07:49
yes we've already agreed to proceed on use cases per issue 11
stephanieperrin
03:08:15
do people actually think these are ready to be reviewed by a DPA? Are Janis and Goran going to run them by the Belgian DPA on valentine’s day? My advice would be to bring chocolates.....
Caitlin Tubergen
03:08:22
Lines 970 - 973
Caitlin Tubergen
03:08:48
Please refer to Issue 11 in the Issues Compilation list for the proposal that I typed into the chat.
Franck Journoud (IPC)
03:09:40
+1 Marc Anderson
Hadia Elminiawi (ALAC)
03:09:47
+1 Marc sounds good
Mark Svancarek (BC / marksv)
03:09:59
+1
stephanieperrin
03:10:00
I have asked how we automate the LEA requests. Apart from automating the approval of the entity accreditation, what decision are we automating? I don’t believe this one is a “no brainer”
Caitlin Tubergen
03:10:04
@Alan G. - there are two examples in the report already. Please see lines 967-968.
Hadia Elminiawi (ALAC)
03:10:37
@Caitlin will be added to 970-973 as a footnote
Alan Greenberg (ALAC)
03:11:01
Yes, now understand. Was not clear if yourfootnote was in lieu of or in addition to. Now clear.
Thomas Rickert (ISPCP)
03:11:14
we should then clarify that these use cases have been suggested by team members for further feasibnility and legal assessment
Hadia Elminiawi (ALAC)
03:12:13
+1 Thomas
Brian King (IPC)
03:13:45
add a footnote that Milton is not thinking about this
Hadia Elminiawi (ALAC)
03:14:06
@Milton maybe we can include only one or two use cases as an example
Amr Elsadr (NCSG)
03:15:10
I don’t think Milton’s concern is the number of use cases at this point.
Alan Greenberg (ALAC)
03:15:17
The document is available on our archives. Let's use the footnote and change the wording to say these have been proposed and the EPDP will consider.
Hadia Elminiawi (ALAC)
03:15:19
The footnote only makes a link to the wiki page and does not list the cases
Volker Greimann (RrSG)
03:15:32
can we use "looking at" instead of "considering"?
Milton Mueller (NCSG)
03:15:41
proposed
Hadia Elminiawi (ALAC)
03:15:44
+1 Thomas we should note that these cases are still being discussed
Caitlin Tubergen
03:15:47
@Milton - would it be acceptable to include a caveat on the wiki page that this list is proposed by BC Team Members, but does not represent agreement within the Team and will be discussed further.
Milton Mueller (NCSG)
03:15:49
proposed by IPC/BC
Amr Elsadr (NCSG)
03:16:01
I’m guessing we can proceed as per Caitlin’s suggestion, while baking in the concerns Milton has raised; making the reality of the current situation very clear.
Milton Mueller (NCSG)
03:16:03
yes, Caitlin
Caitlin Tubergen
03:16:20
Thank you - we can note this.
Amr Elsadr (NCSG)
03:16:51
@Caitlin: That sounds good.
Stephanie Perrin (NCSG)
03:17:18
as someone who used to brief a DPA on public comments, allow me to explain to you the risk in focusing attention of details when there is no conscensus. DPAs like to see details. Throw up a couple of examples that have not been tested with a DPIA, you are presenting a bullseye.
Stephanie Perrin (NCSG)
03:18:16
no DPA’s office is going to crawl through our wiki, given current resource constraints. Throw them something easy like this, you are asking for focus
Hadia Elminiawi (ALAC)
03:18:17
+1 Thomas
Alan Greenberg (ALAC)
03:19:39
By publishing, we are giving an opportunity to those who think such automated release is impossible, they can comments.
Franck Journoud (IPC)
03:20:11
Thanks Amr. And your first point is understood
Amr Elsadr (NCSG)
03:21:20
@Caitlin: Thanks.
Berry Cobb
03:21:29
We added the extra 5 days from the original 40 to give additional time after ICANN68, which includes an additional weekend to the 23rd of March.
Amr Elsadr (NCSG)
03:21:30
Thank you too, Franck.
Berry Cobb
03:22:49
Where possible, the preference for the groups represented here, that only 1 submission be done per group.
Hadia Elminiawi (ALAC)
03:23:44
@Caitlin the use cases are proposed by the BC but are supported for discussion by most of the groups, referring to the use cases as only a BC proposal does not correctly reflect the reality
Julf Helsingius (NCSG)
03:24:23
Hadia: do you really want to reopen that?
Hadia Elminiawi (ALAC)
03:26:15
@Julf no - I agree to Caitlin's proposal, I am just not sure that we should only refer to the use cases as a BC proposal, maybe adding language that the group will be discussing further the use cases or anything to that effect is better
Berry Cobb
03:28:22
all good. thx
Berry Cobb
03:28:53
Negative.
Berry Cobb
03:29:14
We have to launch by 23:59 UTC.
Berry Cobb
03:30:28
THANK YOU ALL!
Rafik Dammak (GNSO Council Liaison)
03:30:38
Thanks all
Milton Mueller (NCSG)
03:30:42
bye all
Chris Lewis-Evans(GAC)
03:30:43
Thanks all
Hadia Elminiawi (ALAC)
03:30:46
Thank you all
Hadia Elminiawi (ALAC)
03:30:55
Bye all