Logo

051040043 - EPDP-Phase 2 Team Call
Terri Agnew
32:18
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en
Terri Agnew
32:29
Members: please select all panelists and attendees in order for everyone to see chat
Volker Greimann (RrSG)
34:42
point of order: our rep remembers no such agreement
Berry Cobb
35:30
https://docs.google.com/document/d/17gGzz6K-zKuSK71FluHCowZo3p6tFEd3/edit
Amr Elsadr (NCSG)
39:51
I don’t recall any group supporting the proposal at this time…, registrars, or otherwise.
Amr Elsadr (NCSG)
40:16
The NCSG may end up not accepting it. :-)
Berry Cobb
40:50
Small team calls are only recorded, no transcripts.
Laureen Kapin (GAC)
40:59
+ 1 Volker -- participating in ICANN68 and the EPDP mtgs is challenging.
Stephanie Perrin (NCSG)
41:06
I would have to agree. The NCSG meeting runs from (my time, EDT) 3 am to 5:30 am, so having a 10 am meeting on top of a full 8 hour shift all night is a bit much
Stephanie Perrin (NCSG)
41:25
And the same thing is happening with RPMs.
Berry Cobb
41:34
However, there is a zoom transcript provided, but as you know it can be a little choppy.
Volker Greimann (RrSG)
41:42
that is a relief
Hadia Elminiawi (ALAC)
42:12
Brian we can't hear you
Stephanie Perrin (NCSG)
42:22
Thanks for that clarification Berry. Problem is we don’t even have time to listen at the moment, still catching up on ICANN Meeting conflicts….
Hadia Elminiawi (ALAC)
42:23
good now
Amr Elsadr (NCSG)
42:23
Can hear you now, Brian.
Amr Elsadr (NCSG)
43:06
Thnx, Brian.
Laureen Kapin (GAC)
43:41
Yes, kudos to Amr for his very thoughtful approach to try and move the ball forward. That said, we're not at the finish line and yet. . .
Hadia Elminiawi (ALAC)
46:12
+1 Laureen and Brian thank you Amr for putting this forward
Marika Konings
46:19
And as a reminder, this should say 1 business day, not 24 hours.
Marika Konings
46:25
as Volker said :-)
Mark Svancarek (BC)
46:35
I do not recall agreeing to change to business day
Berry Cobb
47:40
link to yellow items doc: https://docs.google.com/document/d/1gSdkEf4EyBM7z3YXAzGjTb-AULxOrDeC/edit
Marika Konings
50:10
@Mark - the 24 hours was part of the original staff support team proposal to limit urgent requests to LEA in return for a 24 hour response time. As limiting to LEA was not accepted, we also reverted back to the 1 business day.
Mark Svancarek (BC)
51:59
Again, I do not recall that business days was tied to non-LEA
Mark Svancarek (BC)
52:20
No
Volker Greimann (RrSG)
53:36
yes we can
Thomas Rickert (ISPCP)
53:39
For urgent LEA requests, there is always the RRSG emergency contact.
Brian King (IPC)
54:07
Thomas that's for abuse though, not necessarily disclosure.
Brian King (IPC)
54:25
Probably connected in most cases, but not necessarily.
Ben Butler (SSAC)
55:44
Struggling to think of a LEA issue that wouldn’t involve abuse.
Ben Butler (SSAC)
56:20
or at least alleged abuse/criminal activity
Thomas Rickert (ISPCP)
56:27
Well, if it is such an urgent case, I trust it is in connection with abuse.
Ben Butler (SSAC)
56:48
+1 Thomas
Thomas Rickert (ISPCP)
56:56
Not trying to be difficult, just saying there are alternative routes to the data.
Alan Greenberg (ALAC)
57:35
IF all Prio 1 requests are abuse, then the REAL limit is 24 hours and why are CP forcing this issue?
Stephanie Perrin (NCSG)
57:37
Frankly, if you are not going to accept that business days usually means not on weekends, then just go with 24 hours.
Brian King (IPC)
57:43
Right, Thomas, but not all abuse is "DNS Abuse" right?
Thomas Rickert (ISPCP)
58:56
That is correct, Brian.
Stephanie Perrin (NCSG)
59:23
I recall it from phase 1
Stephanie Perrin (NCSG)
01:00:04
And I must say this shaving of the gist of the compromise right off, makes me lose trust in the stability of the document
Marika Konings
01:01:27
Also as a reminder: “Violations of the use of Urgent SSAD Requests will result in a response from the Central Gateway Manager to ensure that the requirements for Urgent SSAD Requests are known and met in the first instance, but repeated violations may result in the Central Gateway Manager suspending the ability to make urgent requests via the SSAD.”
James Bladel (RrSG)
01:01:51
Alan - that requirement is for Law Enforcmenet.
James Bladel (RrSG)
01:02:07
You’re mixing two different categories of abuse.
Matt Serlin (RrSG)
01:02:08
And to actually address abuse…not review disclosure requests for data
Matt Serlin (RrSG)
01:02:48
1 business day…not to exceed 3 calendar days seemed like a good proposal from Janis
Thomas Rickert (ISPCP)
01:03:08
The issue is that Registrars should not be required to make staff working on the disclosure requests work 24/7 if I understand correctly.
Brian King (IPC)
01:03:41
I think the point was that registrars already have an obligation to be staffed 24/7 (for a different purpose, I concede), but I think we'd be ok with the compromise.
James Bladel (RrSG)
01:04:20
Different teams & personnel. And presumably different volume of requests (LEA requests are rare and urgent)
Brian King (IPC)
01:04:21
Should be not to exceed 2 calendar days IMO
James Bladel (RrSG)
01:04:49
We started with 5, now down to 3.
Matt Serlin (RrSG)
01:05:08
3 seems to catch those long weekends so I’d support that
Marika Konings
01:05:24
Correct @Chris: “b. Contracted Parties MUST maintain a dedicated contact for dealing with Urgent SSAD Requests which can be stored and used by the Central Gateway Manager, in circumstances where an SSAD request has been flagged as Urgent. “
Brian King (IPC)
01:05:27
We started with 5000 milliseconds ;-)
Brian King (IPC)
01:05:38
Sorry, couldn't help it
Mark Svancarek (BC)
01:05:40
+Brian LOL
Volker Greimann (RrSG)
01:05:46
shall we move it back to 5, Brian?
Laureen Kapin (GAC)
01:05:59
Now, now Volker.
Volker Greimann (RrSG)
01:06:17
me=grumpy
Laureen Kapin (GAC)
01:06:32
You are not alone. . .
Brian King (IPC)
01:06:36
5 seconds is exactly what we'd prefer, Volker. Ha, me too. I forgive you. This schedule is nuts.
Brian King (IPC)
01:07:43
Thanks for constructive conversation and compromise.
Marika Konings
01:08:21
The blue text is basically addressed in a paragraph that is further up so it is a duplication.
Brian King (IPC)
01:10:15
Twice!
Mark Svancarek (BC)
01:11:25
It was Org
Marc Anderson (RySG)
01:15:00
agree, this doesn't belong in SLAs anymore and should go to the new priority one.
Alan Greenberg (ALAC)
01:26:02
My recollection is that ICANN:CP negotiations happen periodically and not often.
Margie Milam (BC)
01:28:33
1.2.2. functional and performance specifications for the provision of Registrar Services;
James Bladel (RrSG)
01:29:24
Is SSAD a “Registar Service”?
Margie Milam (BC)
01:30:00
WHOIS is in the picket fence and this is part of the WHOIS
Brian King (IPC)
01:30:57
I was so excited to hear Becky solve this for us
James Bladel (RrSG)
01:31:02
Given that Registrations have been occurring for several years absent SSAD, it doesn’t appear to be a necessary element
Margie Milam (BC)
01:31:59
Yes - put it in the policy
Alan Greenberg (ALAC)
01:32:07
I thought negotiations were for later change! Not the current numbers.
Mark Svancarek (BC)
01:32:45
@Alan, that's also my understanding
Alan Greenberg (ALAC)
01:33:15
As I said, existing processes may be within 10 years...
Franck Journoud (IPC)
01:33:27
it must be clear that these SLA numbers cannot be watered down by contract negotiations. they are set by consensus policy
Stephanie Perrin (NCSG)
01:34:21
Unfortunately, and inexplicably, I lost my zoom connection after I spoke. I did not hear any response, although I note that someone has brought up the issue of the famous picket fence.
Stephanie Perrin (NCSG)
01:35:04
So if some kind soul will tell me whether there was any response to the issue of affordability of this SSAD and the attendant SLAs, that would be very kind.
Amr Elsadr (NCSG)
01:35:42
@Volker: +1. Shouldn’t policy recommendations be focused on what’s in the contracts, not the SLAs?
Matt Serlin (RrSG)
01:36:06
Are there other policies that contain SLA’s?
Marika Konings
01:37:03
@Matt - I believe UDRP Lock had a response time in policy recs?
Brian King (IPC)
01:37:04
transfer policy
Brian King (IPC)
01:37:09
UDRP
Matt Serlin (RrSG)
01:37:57
Yeah transfer policy was the one that came to my mind…not sure it’s what folks think of when they think of a SLA however
Amr Elsadr (NCSG)
01:41:23
I presume that whatever Consensus Policy is adopted post review of the TMCH/Sunrise/Claims, an SLA might be involved, just not necessarily with CPs.
Brian King (IPC)
01:41:29
Sorry, it's ICANN. We need acronyms.
Laureen Kapin (GAC)
01:41:38
No more acronyms ;-)!
Amr Elsadr (NCSG)
01:42:04
Ts&Cs updated by ICANN unilaterally?
Chris Disspain (ICANN Board Liaison)
01:42:54
@ Laureen …Or as we like to say - NMA!
Laureen Kapin (GAC)
01:43:08
:-)
Stephanie Perrin (NCSG)
01:45:48
So the means that all of those detailed responsibilities will be sorted out in the contract?
Stephanie Perrin (NCSG)
01:46:37
Sure, they are joint controllers, but there remains a huge ambit here in accountability, and that is not a simple matter to be determined inside the picket fence
Georgios Tselentis (GAC)
01:47:13
If SSAD = Central gateway manager it should read: "Contracted parties and SSAD central gateway manager" for clarity
Stephanie Perrin (NCSG)
01:52:20
Lost everybody, is there sound or is it just me?
Marc Anderson (RySG)
01:52:35
sound still works for me @Stephanie
Marika Konings
01:52:51
Maybe we can revert but applying normative language?
Marika Konings
01:54:51
what if can = changed to MAY (in the original version)?
Chris Lewis-Evans (GAC)
01:56:12
Sorry am tired missed read the change
Mark Svancarek (BC)
01:57:05
"Confidential requests can be disclosed to data subjects in cooperation with the requesting entity, but MUST NOT do so without cooperation from the requesting authority, in accordance with the data subject's rights under applicable law."
Amr Elsadr (NCSG)
01:57:09
Stephanie needs to be promoted to a “panelist”.
Mark Svancarek (BC)
01:57:21
It's still slightly different meaning - can it be accepted?
Amr Elsadr (NCSG)
01:57:46
I don’t think so, Janis.
Marc Anderson (RySG)
01:57:48
no, that has the same problem
Amr Elsadr (NCSG)
01:58:38
@Janis: Yes. That’d work.
Amr Elsadr (NCSG)
01:59:28
Actually…, I’m not sure that’d work either.
Mark Svancarek (BC)
02:00:07
No objection to replacing "can" with "MAY" if GAC is OK with it
Stephanie Perrin (NCSG)
02:02:20
I actually am an expert here. So I do object to all the Musts in the latter half of the sentence, and a weak may in the front half
Marika Konings
02:02:46
@Stephanie - reverting back to the original language means there are no MUSTs
Marika Konings
02:02:59
The proposal is to change can to MAY
Stephanie Perrin (NCSG)
02:03:10
Makes it better, the compromise we choked down originally
Mark Svancarek (BC)
02:03:54
@MarcA, I assumed that "in cooperation" was more significant than "if they simply inform", but again I defer to GAC
Marika Konings
02:05:17
Note that this language did not change, only the redline - the green language just notes that it was moved from somewhere else.
Marika Konings
02:06:12
Correct, Janis, it just got moved up.
Alan Woods (RySG)
02:07:18
IMHO Confidentiality requests (except those who are grounded in the specific applicable legal obligation, specifically claimed, unless they are directly applicable, made within a specific jurisdiction by a relevant party) are simply not absolute. We cannot change that.
Marika Konings
02:07:36
For the record, this was the language included in the Initial Report: “Confidential requests can be disclosed to data subjects in cooperation with the requesting authority, [and] [or] in accordance with the data subject’s rights under applicable law”.
Amr Elsadr (NCSG)
02:09:46
@Chris: That sounds great. If that’s what we’re talking about, then works for me.
Stephanie Perrin (NCSG)
02:09:59
Since we have a lot more serious legal advice since phase 1, I expect that there are quite a few bits in there that will be found to be in contradiction to other agreed text
Alan Woods (RySG)
02:10:40
To split hairs … it's not the CPs data .. it's the registrant's - but that is a significant delineation. We are not dealing with something we own, we are custodians of data owned by someone else. I think we could be getting through these things far quicker if we all appreciated this basic fact.
Brian King (IPC)
02:11:17
It seems to me that the requesting entity should be at least notified that the request is no longer confidential.
Amr Elsadr (NCSG)
02:11:19
@AlanW: +1
Amr Elsadr (NCSG)
02:11:31
@Brian: That sounds fair.
Stephanie Perrin (NCSG)
02:12:28
The SSAD must inform all users and the RNHs whose data is going to be revealed, the terms and conditions of disclosure both to third parties and to the RNHs who have rights UNDER THIS POLICY, not just under local law.
Stephanie Perrin (NCSG)
02:13:33
I believe that Bird and Bird have outlined some of those openness provisions in recent memos
James Bladel (RrSG)
02:14:46
No objections
Mark Svancarek (BC)
02:14:49
Suggest ALAC take #61 to the list for discussion?
Marika Konings
02:19:32
Note that this recommendation says ‘the CGM makes a determination’
Daniel Halloran (ICANN Org)
02:21:12
OK. Thanks Marika.
James Bladel (RrSG)
02:24:04
The metaphor is that if you don’t deal with the few bad apples, they will spoil the barrel. Sorry to be picky, but this is being misapplied a lot lately w.r.t. police misconduct.
Volker Greimann (RrSG)
02:25:38
the original language is good
Amr Elsadr (NCSG)
02:26:10
Yup. Original language fine.
Volker Greimann (RrSG)
02:26:18
did i lose sound?
Amr Elsadr (NCSG)
02:26:28
I can hear fine.
Brian King (IPC)
02:26:29
We still hear, Volker
Stephanie Perrin (NCSG)
02:29:21
Companies can differentiate themselves through their transparency reports
Marika Konings
02:29:40
Yes, this change would be a result of the public comment review.
Matt Serlin (RrSG)
02:29:52
Need to run to another call…thanks all
Marika Konings
02:29:52
Or better said - addition
James Bladel (RrSG)
02:29:55
Time check….need to drop in 1 min
Mark Svancarek (BC)
02:30:19
Ah, I see the distinction, Dan.
James Bladel (RrSG)
02:31:34
Need to drop. Thanks all.
Stephanie Perrin (NCSG)
02:32:04
They certainly have no right to see the PI of other RNHs, regardless if they want to verify their own compliance track record
Mark Svancarek (BC)
02:32:40
Let's not call it "the data" - it's activity statistics. We'll just confuse people if we call it "the data"
Stephanie Perrin (NCSG)
02:34:15
We are not okay to park it either
Alan Woods (RySG)
02:34:17
it seems like we are just over engineering what we can see in our 'accounts' in the SSAD (tangible - not concept)
Stephanie Perrin (NCSG)
02:34:23
For very different reasons.
Amr Elsadr (NCSG)
02:36:24
Thanks all. Bye.
Hadia Elminiawi (ALAC)
02:36:27
Thank you all bye