Hi Jonathan. 🙂

hello everyone

Hello, my name is Andrea Glandon and I will be monitoring this chat room. Please note that questions or comments will only be read aloud if submitted in English within the Q&A pod. They will be read aloud at the end of the presentation. Questions and comments placed in chat will be considered as part of the “chat” and will not be read out loud on the microphone.Please note that chat sessions are being archived and follow the ICANN Expected Standards of Behavior. http://www.icann.org/en/news/in-focus/accountability/expected-standards.

Audio streaming in Zoom will be in English. To listen and speak English during the session, simply join via Zoom.To listen and speak a language other than English, please join via the ICANN Adigo Dial-in Number List (https://www.adigo.com/icann) and enter your language ID:English: 9001French: 9002Spanish: 9003Chinese: 9004Russian: 9005Arabic: 9006You will also need to join the Zoom session to follow the presentation, see the comments or questions in the chat.

Hello all

Thank You @Andrea for the information.

Thanks!!!

Greetings from the Office of the Ombudsman. Hope everyone is doing well. ombudsman@icann.org

Thank @Andrea

Greetings to allI’m Ciapha G. Mandemasa form Liberia

Greetings. - Dr. T V Gopal, Professor, Department of Computer Science and Engineering, College of Engineering, Guindy Campus, Anna University , Chennai, INDIA.

Reminder to all speakers to speak slowly

Gretings from BurundiMinistry of ICT / Burundi GAC

Good afternoon

Is there a link to the ppt being discussed? Thanks

The presentation will be published online along with the recording after the presentation

Thanks

After the *webinar

Clarifying question about the projected schedule: are the 5-6 year estimates inclusive or exclusive of the ~24 month policy language development phase?

Will those surveys being made public?

be made

Hello everyone, for civil society from Chad

@Cole, they said inclusive

Reminder to post all questions in the Q&A pod. Thank you

Have yu surveyed the potential requestors? That seems lke the key variable in the cost estimates.

These are significant ranges

On "Requesters" were not rough numbers provided through GAC?

So nearly half of the projected costs are within ICANN.org?

@Nigel -Even if GAC povided some estimates, it seems prudent to survey the gruop at the bottomm of the key variable

There was no requirement for ICANN to recover the full costs of development.

+1 Alan G.

Thanks for that clarification, @Alan Greenberg

+1 Alan G.

Alan, there is no ICANN money. It's either registrant money or SSAD user money, regardless of how many indirection levels the money traverses.

Just a quick laugh that the SSAD is concerned about natural/legal status of Requestors while the policy has not required this differentiation in Whois

The PDP states that the cost should be paid by the users of the system

@Maxim - the huge sums delivered to ICANN from the last ruond of gTLDs has put huge sums into ICNN coffers

Goran, please change your chat to everyone and resend your message. Thank you

The PDP states that the cost should be paid by the users of the system

So 2 years for IRT, 3-4 years for development (5-6 years); So, earliest release would be 2027-2028?

@Cyntia, unfortunately those are not cash and may end up being just papers

@Jeff - that seems about right. Elon Musk will land humans on Mars before ICANN can implement SSAD - that is kind of a ssad reality :-(

Every penny paid by new gTLD applicants for ICANN last resort auctions will be charged from registrants of those TLDs. So, either way, registrants pay.

@Maxim - plenty of upfront $ went directlly to ICANN accounts. Incuding $ for gTLD auctions.

Michael, does SSAD stand for So SAD ?

hi everyone Frank Anati from Ghana 🇬🇭 , https://www.linkedin.com/in/frank-anati

@Maxim - double entendre - my attempt at a bit of humor

@Maxim - The operating cash of any organization eventually comes from consumers. Your point?

@Cynthia, check the fin plans on how much are invested in papers

None of those consumers asked for SSAD. To the contrary, they would prefer no WHOIS and no SSAD at all. EPDP established a clear "requester pays" model.

trusting third parties to identify someone is a bad joke - legal burden is not removed

@Cyntia: Aren’t the consumers of the SSAD the data requestors/SSAD users?

@Maxim - the fact that there's more money coming doesn't detract from the large sums already received.

there is no way for contracted parties not to use their own systems/mail

@Maxim - No SSAD & no WHOIS? You area suggesting there be no accountabililty at all?

centralized outside system does not leave traces, so CPs will have to use something to protect their interests and something leaving traces on their side

“SSAD will NOT guarantee data disclosure or provide predictability of disclosure” This is a serious reason to think about the cost of the solution and value.

I am not suggesting that, just reckoning what domain registrants would prefer. Which is one of the main reasons behind EPDP definition of who would pay.

Reminder to change your chat to everyone

@Amr - the beneficiaries of SSAD are consumers. ALl consumers. People & companies who should protected from the criminals preying upon them.. THAT is who SSAD is for.

@Cyntia , accountability is an operational/legal idea, and might not be relevant to the tech system

Jan, please change your chat to everyone and resend your message. Thank you

Apologies.

So are we on our way to a "SSAD v2" which is a much simpeler much more cost effective, efficient, ticket like system that makes live easier on everyone involved ? That is what I understood the EPDP was actually requesting.

Instead of saying “declining users” you might wish to say “shrinking user base”. Given that we are talking about requests that might be declined in a later process….it is a wee bit confusing. Just an editing thought....

@Cyntia: whois prior to GDPR is dead, and we need to work together to find a solution that complies with the law. It’s not about hiding accountability, it’s about complying with data privacy laws that carry significant penalties.

@Maxim - I am a domain registrant w/ almost 100 domains. From my perspective, accountability is a key factor in protecting me & my names. I don't know who you imagine you're speakinig for, but it's not all registrants.

@Cyntia, a registry and registrar

@Cyntia: by that rationale, should all Internet users be somehow charged? Via agreements between ICANN and ISP, mobile Internet providers, etc…? I can’t imagine that anyone would agree to that. Just like registrants pay for domain name registration fees, TM holders pay for TMCH services, SSAD needs to be paid for by people who elect to use it.

That was my point four years ago. ICANN cannot solve the GDPR/Whois problem.

@Maxim - accountability is absolutely relevent to systems used by the general public.

That was my point four years ago and in my recent Congressional testimony, ICANN cannot solve the GDPR/Whois problem.

@Cyntia- whois was never intended for “accountability”.

@Rick: What GDPR problem? ;-)

Is that per year?

+1 Amr- I’m glad the GDPR has resulted in also protecting my personal data. The amount of spam and phishing emails/calls has gone down since my data stopped being published in whois

13-106 per year?

Reminder to change your chat to everyone. Thank you

@Amr - In your opinion then, only people who actively monitor abuse should pay to keep the public safe? That's like saying only people who pay for police forces shuold receive their protection. And now we're back in the 1800s.

Can ICANN share this secondary research

@Cyntia- so when everyone had access to full registration data via whois, there was either no abuse or bad guys were always getting caught? That also means since GDPR, abuse has gone up? None of these happened or has happened.

@Cyntia: Like Owen said, there was never a policy that mandated whois being made available as an accountability mechanism. Granted that some use it for that purpose. Others have used it for other purposes, including many that are not compliant with law. It really does sound like you’re proposing some kind of broad Internet tax to subsidize the costs of SSAD users. Best of luck with that one.

@Owen - I disagree. In my reading of the notes of the scientists who originated the internet, they were vey concerned about accountability.

agencies will go to the contracted parties anyway (direct contact does not leave traces in the third party systems, which no agency likes)

Thank you for answer

The Phase 1 Rec 18 direct-to-CP process also has timelines for predictability

None of us should forget that GDPR and similar regulations are about balance. Agree that receiving less spam and fraudulent service offers, etc. is a relief for registrants. That’s a great outcome. However, current policies have transitioned the system from one extreme to the other. We have lost sight of the balance because of the uncertainties around enforcement. That is what good policy can fix at the public and private level.

@Owen - lol Of course ther as abuse. There was simply a easily-accessible mechanism to deal with the abuse. By, say, individuals like me.

@Cyntia- I’m curious what notes you’ve read, because everything I’ve ever heard, including talking to people who helped develop the DNS, is that is was was “the directory simply listed the contact information that was requested of anyone transmitting data across the ARPANET” (see https://whois.icann.org/en/about-whois#field-section-3)

@Cyntia- and if you still have a valid reason for requesting data disclosure, you can do so under the law in a way that still protects registrant rights.

Thank you all

WHOIS for Internet Protocol addresses were always different from WHOIS for domains. Principles used in the number system are different till today.

@Owen - Whois post GDPR can still be more robust than it is at present. And there are many ways of dealing with these issues thta don't require people who want to combat abuse to breathe some type of rarified air & papy through the nose. As an individual that sees abuse regularly, I think we're making it too hard for simple users to help themselves.

Report said "ICANN MAY contribute to the (partial) covering of costs for maintaining the Central Gateway.:

@Cyntia- I understand your concerns, however the legal and technical complexities (which also include staggering development budgets) make such solutions as you envision impossible. Contracted parties have to deal with these realities, rather than wishlists of some ICANN constituencies (which may not align with these realities)

Does that mean after the first 5 years the fees would drop?

^Shani ?

@Owen - Again, you presume that registrants shuold no longer have access to any means to protect themselves. Instead, you would force them to pay a verified requestor to have any means to protcet themselves. As a Registrant myself, I don't appreciate that.

@Marie Pattullo - Exactly!

Thank you Shani

Thanks. As someone to built these systems, sometimes from scratch and sometimes as integrations, for years. These estimates seem very high to me, that's all.

From experience : after 5 years you will need new development

So don't count on pricing going down ...

@Cyntia- you misunderstand me. I do not want registrants to pay for having their data be accessible. At all. Hence why there cannot be an open system under GDPR, and why we’ve arrived at the SSAD.

@Owen: +1

Informative session… professional and respectful… stay safe everyone and be kind. ombudsman@icann.org

odp-ssad@icann.org

Thanks to all presenters and staff memebers

Thank you so much for informative session