
29:35
+1

37:03
my apologies for being late

37:26
I did want to clarify that ALAC’s comments do not yet appear in the Staff document, as those comments were received after the deadline.

38:07
Hi all, just joined. Sorry for being late.

38:11
Hello all - sorry for being late

43:58
I didn't see this on the agenda

47:27
Could we pull up the Belgian letter please

48:47
Are you saying Mark it is unclear whether CP's control their subscribers' data?

50:14
@Milton: No, that isn't what I am claiming

50:31
ok but then i don't understand what you are saying

53:56
We prefer not to refer only to elements of advice, but rather on the whole picture

54:48
ICANN sets policy, enforces it, and manages the relationship with contracted parties.

56:18
I just did in the chat

56:44
we have already heard from the DPAs, that controllership is a matter of fact.

57:39
+1 James.

57:49
+1 James if our work is to be done by the middle of the year, we need to push forward with one model that is the safest route

59:06
control != physical control

01:00:06
Setting policy for the management of an industry is also a form of control

01:03:58
You get clarity if you present our concept as a draft code of conduct according to GDPR. Once approved, everyone has legal certainty.

01:05:13
Moreover, you cannot force all contracted parties to implement some complex algorithm associated with automation.

01:05:37
I would like to caution people about the assumption that it is responsible to spend a lot of money to build an intake system that does not produce more predictable output.

01:05:52
If we reject the CPH proposal to chase the Hybrid model now, then perhaps it would be helpful for other groups to articulate their concerns and why they want to continue examining the Centralized model. So when we meet at ICANN 99 somewhere to debate this, it will be clear why we didn’t take the fork in the road back in now

01:05:58
Becky + 1

01:07:00
Becky, that is certainly not an assumption we hold. We have been going on about the costs of this system vis a vis the benefits for some time.

01:07:14
his had is up

01:07:37
sorry, I mean you had said that Stephanie

01:08:03
we needed a proper risk assessment on this whole controllership issue, to clarify the facts, the risks, and the attendant liability.

01:09:36
Becky, I find your comment disingenuous. We are setting policies and standardizing processes for making disclosure decisions. To say that a hybrid model is not predictable and a centralized model is, has no logic behind it.

01:10:44
You are welcome to disagree with me Milton, not sure why it is necessary to suggest I am dissembling

01:10:56
And in response to Disspain, it's becoming increasingly obvious that our board liaisons are here to try to tilt the policy outcome in a way they prefer, not to serve as liaisons

01:11:24
Thank you Georgios for the clarification -

01:11:26
Wow..I wasn’t aware that agreeing with becky was so powerful

01:13:48
Milton, decentralized decisionmaking across thousands of different CPs is going to be far less standardized than centralized decisionmaking.

01:14:12
+1 Georgios we should not abandon the centralized model. Lets try to work on it to make it succeed

01:14:20
I actually have no idea at this point about the differential costs associated with any of the models. The Board has been clear about its desired outcome - a bottom up policy that results in a consistent and predictable user experiece.

01:14:41
experience

01:15:36
@Becky Now you're at least trying to make an argument. As such, I think it's straightforward to answer it. But the policy will be uniform, the procedures will be uniform and ICANN will be in a position to sanction CP's who don't comply with it. I think that's predictable and consistent

01:16:31
What we fear is that a "uniform and consistent" policy means "ICANN decides to disclose to anyone who asks" which is what we all know some people want, and it's the policy ICANN actually enforced for its first 20 years

01:18:17
Volker, liability cannot be reduced for processing under your control. The goal is to reduce the amount of processing under your control. This isn't a purely academic issue, it has real policy impacts.

01:18:28
+1 MarkSv

01:18:44
it boils down to "under its control"

01:18:45
That’s a good point, Stephanie. And not just Contracted Parties, but Registrars. Most customers have no idea who/what ICANN or the Registry is

01:18:54
Milton: that's not a reasonable argument. A cursory look at the dozens of pages of the draft shows we're not developing an automatic disclosure policy.

01:19:14
Milton, there are many ways of guarding against that perfectly reasonable concern. Dealing with the concern by having the answers provided by over 2000 different entities is only one way.

01:19:27
in practical terms, Franck, 90% of the policy hinges on who makes the disclosure decision

01:19:39
Moving toward an effective, consistent and predictable model while taking a bit more time is better than moving quickly with a system that does not work.

01:19:49
+1 Hadia

01:20:11
works for who, Hadia?

01:20:30
When this EPDP dies, remember why we killed it.

01:20:44
@Nilton for the users of the system

01:20:51
sorry Milton

01:21:01
We (NCSG) and most CP's are not going to accept a centralized model, so it's not like we are going to achieve consensus on it eventually

01:21:35
BC isn't going to accept 30-day SLAs

01:21:42
What about a centralized model in which the CPs take a role

01:21:57
@Hadia, so yeah, you are only concerned with the "users of the SSAD" which means those seeking disclosure - not registrants. It's too bad ALAC is no longer interested in representing individual internet users

01:22:10
I do agree with @Stephanie re registrant experience - I thought that was the point about developing bottom up policy regarding how the balancing is undertaken

01:22:32
@Hadia “What about a centralized model in which the CPs take a role”. That’s a Hybrid model.

01:22:34
The chat has gotten quite inflammatory. Let's bring this back to more productive discourse.

01:22:44
We are trying to develop bottom up policy here, Bevky, but we keep getting nudges from the top

01:23:01
@Milton In any of the models all registrants rights are 100% taken care of

01:23:31
@Milton: plz dial down the personal attacks.

01:23:49
@ Milton, I have lost count of the number of times that as a liaison to different community groups I have been told how important it is for us to say if we have any possible concerns about what is being discussed…I’m sorry you don’t like it but I view it as an essential part of our role as liasons

01:24:13
It's not a personal attack to point out that Board members are intervening on policy. That's a process point, Franck.

01:25:00
@Milton what we are trying to do - is finding what would work best and reduce the liability of the CPs

01:25:24
And it's not "personal" to ask why ALAC reps are taking a position that does not seem to be in the interests of who they are supposed to represent. At a personal level, Hadia is very nice

01:25:57
So I don't like it when serious policy disagreements are dismissed as "personal attacks."

01:31:34
"Unreasonable burden on smaller operators": it's unclear whether this refers to ongoing costs or startup costs

01:31:41
Good points as always, Stephanie

01:31:58
@Franck, I was assuming reference was to operational costs

01:32:20
@Milton, my statement - that the costs and benefits of any approach must be considered, and that the costs and benefit of each of the options are likely to be different - strikes me as a statement of fact, not a policy nudge. I certainly have reached no judgment about those costs and benefits at this point.

01:33:03
disproportionately high

01:33:29
to be fair, disappointingly high is also not good :-)

01:34:24
disproportionately high with regards to the available resources to treat such a request"

01:34:48
fine by me, Georgios

01:36:13
@Milton the ALAC position is aligned 100% with the interests of the Internet end users, the loss of the registration data has minor benefits to privacy and major benefits to those harming the network and leading to its insecurity. Most importantly you cannot have true privacy without having a secure network. The ALAC is trying to ensure a network that provides both privacy and security and this is obviously in the best interest of all, Internet users and registrants

01:39:24
To Janis' answer about whether we're talking startup or ongoing costs: following paragraph refers to "the subsequent running of the system." The clear implication is that this paragraph is about startup. If we mean ongoing, let's say ongoing - and then not have different paragraphs deal with the same thing in unclearly overlapping ways.

01:42:36
To be clear, as the other ALAC representative on the EPDP, I support what Hadia has said and would appreciate others not mischaracterizing our motivations and actions.

01:44:35
we hear you

01:44:53
+1 Brian re: "under no circumstances" language.

01:45:41
That's just wrong, Milton. Data will not be disclosed unless the request is necessary.

01:47:53
lol

01:47:59
IPC is happy for SSAD users to contribute to the cost of running the system.

01:48:13
The objection is to the characterization here as a formal policy position.

01:50:16
but @Brian, isn’t this choice a policy decision?

01:50:23
TANSTAAFL

01:51:02
How about “Free to use”. Like the old WHOIS system.

01:51:24
The choice of who pays for it is a policy position we're happy to discuss, and I think we agree that users should contribute.

01:52:00
My objection is to characterizing SSAD as only benefitting the requestors.

01:52:08
Ah, got it

01:52:13
Where is that statement, Marc?

01:52:42
Direct Beneficiaries = Recipients of SSAD data

01:52:55
There is and will be tragedy of commons if usage is detached from cost

01:55:03
I think if I have a monthly request quota, as opposed to a per-request pricing, would be a better attachment of cost to reimbursement

01:55:18
some people would have better data plans than others

01:55:34
so not disagreeing with Milton, just pointing out that we have options

01:57:14
I have a specific comment that can advance things

02:01:41
How would we dump the cost on data subjects, even if we wanted to? (we don't want to)

02:02:45
The way it's done now, Brian, data subjects have to pay to avoid open whois

02:03:44
Also, a general increase in the price of domain name registration could essentially tax users to support the system, especially if there are no usage-sensitive fees

02:03:56
Stephanie, is your dog tearing the house down?

02:03:58
love the bone drop - dogs and kids make noise when mom is on the phone

02:04:30
:-)

02:05:13
Big Christmas bone, tile floor….and it is about 30 below out there, he keeps scratching and going to the patio door, then refuses to go outside…(naked weimaraners, what can I say….)

02:06:07
Meanwhile, at Stephanie's house: https://www.youtube.com/watch?v=Mh4f9AYRCZY

02:09:15
"Under no circumstances" is bad policy language

02:09:47
Being constructive/productive, we're nearly there by removing the second part of the sentence.

02:10:10
Thanks, let's revisit

02:10:13
and move along

02:12:10
I agree with deleting the "neither should operational costs. . . " language.

02:14:11
We could add "for ICANN" before the semicolon

02:14:16
we should add " for ICANN"

02:14:20
jinx!

02:15:02
owe me a Coke®

02:16:13
Why does it mean you can't outsource it?

02:16:17
that's a problem - ICANN should be able to outsource

02:16:55
I think the current wording does address the issue

02:17:06
yes, I like Alan’s suggestion

02:17:18
+1 Stephanie -- I think the language is vague and may lead to unintended restrictions on how to implement this. Why not say something affirmative about how we view the SSAD rather what the system won't be.

02:17:32
+1 Laureen and Stephanie

02:17:33
"outrageous amounts of money" not a very precise term/

02:17:45
I like JAnis' suggestion. Delete business opportunity

02:19:04
Funding should be sufficient to cover cost, including for subcontractors at market cost and to establish a legal risk fund.

02:19:48
Mark is absolutely right here

02:19:52
that was the intent.

02:20:06
And I agree with the concept

02:26:20
I think replacing "will" with "may" solves the problem

02:26:31
+1 Milton

02:26:36
+1 Milton

02:26:51
I'm happy to change to may

02:27:14
don't think that "discretion of the provider" language is necessary

02:27:38
wow. agreement! :-)

02:27:56
<fireworks emoji>

02:28:05
woohoo!

02:28:15
on that note, end the call! quick!

02:28:33
Thanks!

02:28:37
thanks all