Logo

051040043 - EPDP-Phase 2A Team Call - Shared screen with speaker view
Terri Agnew
37:53
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en**Members: reminder, when using chat, please select all panelists and attendees in order for everyone to see chat.
Margie Milam (BC)
43:47
+1 Alan G
Brian King (IPC)
45:34
Let's get that legal advice too. That should be helpful.
Brian King (IPC)
45:48
Becky read my mind. Scary.
Berry Cobb
48:19
All good.
Berry Cobb
48:39
https://docs.google.com/document/d/14Fs3b_Sz1ij3Tiu58uy0C69DWFHAq1Dp/edit
Berry Cobb
49:30
at 150
Melina Stroungi (GAC)
57:05
+1 Hadia
Sarah Wyld (RrSG)
58:17
We discussed the drawbacks of flags last meeting, maybe those concerns should be further considered? I don't think flags are a good solution across the board.
Sarah Wyld (RrSG)
58:23
Adding more flags wont fix that
Terri Agnew
59:01
**Members: reminder, when using chat, please select all panelists and attendees in order for everyone to see chat.
Hadia Elminiawi (ALAC)
01:00:33
We could apply this approach to only new registrations
Berry Cobb
01:01:47
Staff was challenge with where to put the heading. We'll take your input for the next revision.
Berry Cobb
01:01:59
As a reminder, the scenarios came from the RrSG proposal.
Sarah Wyld (RrSG)
01:02:17
The scenarios were based on past plenary discussions
Sarah Wyld (RrSG)
01:02:37
But agree with header suggestions - background, guidance, and examples
Brian King (IPC)
01:03:07
Winter Woods is most welcome
Sarah Wyld (RrSG)
01:04:06
+1 on the focus
Steve Crocker (SSAC)
01:04:43
Apologies. I have a prior commitment. Tara will continue to carry the SSAC ball.
Melina Stroungi (GAC)
01:08:29
Absolutely. Thanks Milton
Brian King (IPC)
01:10:30
I'm encouraged to hear that from Milton and am generally open-minded. I'd like to understand the types of guardrails the NCSG is looking for more clearly so we can hopefully agree. "Can we get that in writing?" :-)
Milton Mueller (NCSG)
01:11:30
+1 Sarah.
Hadia Elminiawi (ALAC)
01:12:23
@Milton this worry shouldn't be there because the law prohibits the publishing of legal persons data that includes PI - so the second step is always necessary if disclosure is going to happen. Putting safeguards that addresses this concern is more than welcome
Thomas Rickert (ISPCP)
01:12:27
If we agree we are on the right path with this, we can always add more safeguards to the process, such as e-mail even after non-personal data has been self-identified to inform about the consequences of that choice and give an opportunity to rectify inaccurate self-determination.
Brian King (IPC)
01:14:17
@Thomas, thank you. I actually just added that to the doc
Thomas Rickert (ISPCP)
01:14:40
@Brian - great!
Milton Mueller (NCSG)
01:15:11
such awkward language. Minimize risk to a minimum?
Brian King (IPC)
01:15:22
Minimize risk to the max!
Milton Mueller (NCSG)
01:16:41
almost as bad as “differentiation between the differentiated data sets”
Berry Cobb
01:16:41
Marc's concern could be addressed by clarifying in the examples who would be doing what as he is correct that it is not written in the form we normally write recommendations ('registrar COULD / MAY', etc)?
Sarah Wyld (RrSG)
01:16:42
I think I forgot to say one thing in response to Melina -- under no circumstances should human review of registration data at the time of registration be required. That simply does not scale.
Hadia Elminiawi (ALAC)
01:17:08
@Sarah +1
Sarah Wyld (RrSG)
01:18:31
Yes, it would be up to the registrant
Keith Drazek (Verisign) (Chair)
01:18:33
Thanks to everyone for contributing on the call!
Milton Mueller (NCSG)
01:18:34
yes
Milton Mueller (NCSG)
01:19:19
yes, you leave it up to them to decide
Hadia Elminiawi (ALAC)
01:19:46
@Melina makes sense
Sarah Wyld (RrSG)
01:22:37
Volker's proposal was to have that distinction be optional for the CP
Sarah Wyld (RrSG)
01:22:39
not mandatory
Jan Janssen (IPC)
01:24:23
+1 Melina
Keith Drazek (Verisign) (Chair)
01:25:10
We're still focusing on guidance for voluntary processing, not mandatory requirements, but acknowledge we'll need to consider both (soon).
Hadia Elminiawi (ALAC)
01:26:31
@Volker you first entrance to any kind of differentiation is the Registrant type
Mark Svancarek (BC)
01:26:39
It still seems like recording a record as personal vs non-personal vs unknown should be a mandatory policy
Sarah Wyld (RrSG)
01:26:59
Back in 2 min sorry
Mark Svancarek (BC)
01:27:21
We already have a requirement to differentiate "provided consent to publish" vs other
Mark Svancarek (BC)
01:29:07
+1 Milton
Sarah Wyld (RrSG)
01:30:04
So this is part of the difficulty of making the guidance first and then deciding if it's required or optional afterwards
Sarah Wyld (RrSG)
01:30:19
As an optional suggestion? Flags are great, they work for some providers! As mandatory? Not so much
Sarah Wyld (RrSG)
01:31:03
RrSG group doc, I didn't do it all by myself but thanks for that show of confidence in my abilities :)
Mark Svancarek (BC)
01:32:10
Sarah, how do you propose to automatically publish the data of a registrant who has requested that their data be published?
Berry Cobb
01:32:21
o Does this accurately capture agreed aspects from the different proposals (RrSG, proposal 1a and thought experiment)? If not, what is missing?o Is it sufficiently high level to allow for flexibility to accommodate different business models, while at the same time providing helpful insights to those that want to differentiate?o What incentives, if any, could be considered to promote any guidance agreed to by the EPDP Team?
Hadia Elminiawi (ALAC)
01:33:00
It could be a mix of both
Sarah Wyld (RrSG)
01:33:02
MarkSV - What do you mean by 'automatically' here? (Sounds silly but I mean it) if they requested it, then it's not automatic, they've checked a box and clicked a "save settings" button. But then our automated system responds to their click/save by doing the publication.
Caitlin Tubergen (ICANN Org)
01:33:16
We will note this in the action items, but it would be helpful if EPDP Team members could provide additional feedback as comments rather than overwriting others’ edits.
Sarah Wyld (RrSG)
01:35:19
Yes, after the Registrant indicates they want to publish then the actual publication in RDDS is automated
Melina Stroungi (GAC)
01:35:56
@Volker it is important for the security, stability and resilience of the DNS. There have been various problems and incidents reported by the redaction of data
Sarah Wyld (RrSG)
01:36:22
THanks Mark that does help
Mark Svancarek (BC)
01:36:26
:)
Margie Milam (BC)
01:38:32
Criminals put all kinds of data in WHOIs - including fake organization information
Hadia Elminiawi (ALAC)
01:38:52
standardization is also importnat
Margie Milam (BC)
01:40:18
+1 Keith
Terri Agnew
01:42:18
**Members: reminder, when using chat, please select all panelists and attendees in order for everyone to see chat.
Margie Milam (BC)
01:42:19
It would mean that the fake organization would be published which means there can be greater analysis & correlation for cybersecurity investigations
Sarah Wyld (RrSG)
01:43:41
I left a comment on that in the doc
Sarah Wyld (RrSG)
01:43:54
oh, sorry, I'm referring to 5a
Sarah Wyld (RrSG)
01:43:59
I think Milton may be in 4c?
Mark Svancarek (BC)
01:44:19
We are having trouble with the term "published" so it's good to be clear that we are actually talking about what is returned in response to a query
Keith Drazek (Verisign) (Chair)
01:44:35
+1 Mark
Brian King (IPC)
01:44:45
+1 Mark
Alan Woods (RYSG)
01:47:56
yes but the disclosure under SSAD, is also where there is a prime facie case in the disclosure request - which is a whole safeguard that is not actually present in publication.
Alan Woods (RYSG)
01:48:05
*prima
Brian King (IPC)
01:49:35
Thanks, Alan W. You're right, there is additional nuance there.
Milton Mueller (NCSG)
01:50:38
paper? What’s that?
Milton Mueller (NCSG)
01:51:38
@Alan they are both responses to queries
Brian King (IPC)
01:51:59
I make the point because the word is being used incorrectly.
Berry Cobb
01:52:10
And that is also a distinction in Phase 1 IRT. A section on publication of the minimum public data set.
Hadia Elminiawi (ALAC)
01:52:32
@Volker good for you
Mark Svancarek (BC)
01:52:37
@Alan, we've been using these terms but even affiliated folks like the RDAP WG find such terms confusing or problematic
Hadia Elminiawi (ALAC)
01:52:49
:-)
Chris Lewis-Evans (GAC)
01:52:49
@Volker LOL if only we could all go for a beer
Hadia Elminiawi (ALAC)
01:57:44
Thank you all - bye
Thomas Rickert (ISPCP)
01:57:51
Bye all!
Alan Woods (RYSG)
01:58:07
Thank you all and thank you Terri