Logo

EPDP - Phase 2 Proposed Recommendations on a Standardized System for Access and Disclosure
Maxim Alzoba
01:04:23
hello all
casas cristian
01:11:44
buenos dias a todos
Terri Agnew
01:11:48
Slides are available on the wiki agenda page: https://community.icann.org/x/6g6JBw
Kurt Cogghe (PwC)
01:12:03
thx
Amr Elsadr
01:12:23
@Terri: Thanks!!
Maxim Alzoba
01:12:51
<question>was the issue of leaked credentials for LEAs accounts considered? people tend to change jobs e. t. c. <question>
Hadia Elminiawi
01:14:43
automation does not mean the automatic disclosure of the data
Amr Elsadr
01:15:41
@Hadia: The last sentence in the first principle is quite specific, referring to automation of disclosure decisions.
Hadia Elminiawi
01:17:39
@Amr yes I wanted to put it in other words to make it clearer
Caitlin Tubergen
01:17:56
Thank you for your question, Maxim. We will address questions at the end of the slide presentation, and we have taken note of your question.
Amr Elsadr
01:20:09
I’d like to note that so far, there has been no mention on any slides of compliance with privacy/data protection laws or GDPR anywhere. I’d imagine that this is central to the scope of the EPDP.
Jacques Blanc (RrSG)
01:20:51
@Amr : +1
Nadira Al Araj
01:21:01
@Amr, that would be a serious issue
Maxim Alzoba
01:22:32
<question>what happens if local law in jurisdiction of a contracted party will prohibit use of SSAD?<question>
Hadia Elminiawi
01:22:41
All please - do we need to state the obvious this whole report has been developed and produced in compliance with the GDPR. This is what this group has been chartered to accomplish
Maxim Alzoba
01:23:20
in GDPR - law enforcement is limited to EU law enforcement
Caitlin Tubergen
01:24:22
Thank you for your note, Amr. This presentation does not cover every point in the report; however, the Report does provide: During Phase 1 of the EPDP Team’s work, the EPDP Team was tasked with reviewing the Temporary Specification. The Temporary Specification was established as a response to the GDPR. Accordingly, the GDPR is the only law that is specifically referenced in this report.
Caitlin Tubergen
01:24:39
…The EPDP team has extensively deliberated whether this Initial Report could be drafted in a way that is agnostic to any specific law, but the EPDP Team determined that the report would benefit from explicit references to facilitate the implementation of the Team’s recommendations. The GDPR is a regional law covering multiple jurisdictions and - given the strict criteria it contains - compliance with this law has a high probability of being compliant with other national data protection laws. The EPDP team fully endorses ICANN’s aspiration to be globally inclusive, and nothing in this report shall overturn the basic principle that contracted parties can and must comply with locally applicable statutory laws and regulations.
Kristian Ørmen
01:27:37
[question] I’m sorry if i missed it but how would it any way be possible to do automatic disclosure [/question]
Maxim Alzoba
01:27:48
<question>was EBERO considered in the model as a replacement of a Registry? <question>
Maxim Alzoba
01:28:55
maybe for legal entities willing to disclose their data of full auto?
Maxim Alzoba
01:30:04
EPDP phase 3 is yet to come
natha
01:32:34
can I have a copy of the slides, please?
Terri Agnew
01:32:48
Slides are available on the wiki agenda page: https://community.icann.org/x/6g6JBw
Olga Cavalli
01:32:51
yes a copy of the slides would be welcome
Olga Cavalli
01:32:56
thanks
Terri Agnew
01:34:18
two ways to ask a question. Raise hand in zoom room or type in chat. If question is typed in chat, please start with <question> and when finished end with <question>
Rafik Dammak
01:34:29
thanks Terri for the reminder
Maxim Alzoba
01:35:11
LEAs hate to be tracked
Maxim Alzoba
01:36:52
thanks
Volker Greimann
01:38:17
tough luck. they want the data, they better own up to it
Kristian Ørmen
01:38:37
I would not give law enforcement access to our data without reviewing each request manually
Anna Karakhanyan
01:38:50
+1
Dev Anand Teelucksingh
01:38:52
Apologies if this was asked in the few minutes I was away <question>For a request coming from an accredited org/person for registrant details for a domain, will the registrant be notified that a disclosure was made to the accredited org/person and the reason for the request</question>
Dev Anand Teelucksingh
01:39:17
(if it was asked, I'll listen to the recording)
Rubens Kuhl
01:39:30
<question>
Maxim Alzoba
01:40:02
EBERO is a temporary Registry appointed by ICANN in case some registry terminated or not functional
Rubens Kuhl
01:40:14
The Maxim scenario, I figured, is for a TLD currently in EBERO. Will SSAD know to query EBERO and EBERO know how to answer it ?
Rubens Kuhl
01:40:17
</question>
Volker Greimann
01:41:01
Kristian, that is definitely something you should put in public comments, since we currently plan to allow it for local LEAs
Brian King (MarkMonitor)
01:41:12
@Maxim the default will be for the query to go to the registrar
Jacques Blanc (RrSG)
01:41:20
+1 @Volker
Brian King (MarkMonitor)
01:41:41
so in an EBERO scenario, that would only be relevant if the request specifically needed to go to the RO/EBERO
Maxim Alzoba
01:41:46
local LEAs to make requests track able by foreign LEAs???
Maxim Alzoba
01:41:57
it is pure SCIfi
Volker Greimann
01:42:59
foreign LEAs are normal requesters with no special privilege
Maxim Alzoba
01:43:05
accuracy of Whois going to be obsolete, RDAP is coming
Marianne Georgelin
01:43:31
<question> Will it be possible for a registry/registrar to ask the requestor to provide further documents to justify its request? </question>
Olivier MJ Crepin-Leblond
01:44:26
Priority 2 Issues: Display of information of affiliated vs. accredited privacy / proxy providers● Legal vs. natural persons● City field redaction● Data retention● Potential Purpose for ICANN’s Office of the Chief Technology Officer● Feasibility of unique contacts to have a uniform anonymized email address● Accuracy and WHOIS Accuracy Reporting System
Michael Palage
01:44:54
Has the Day of the meeting in Cancun been announced yet?
Hadia Elminiawi
01:44:55
@Maxim accuracy of the data is still an issue, how would it disappear with the transition to RDAP
Maxim Alzoba
01:45:24
it is better to be named RDDS accuracy
Brian King (MarkMonitor)
01:45:38
@Marianne, yes.
Volker Greimann
01:45:51
Olivier:NoMaybeAs beforeNot discussedNot feasibleNo changes
Olivier MJ Crepin-Leblond
01:46:26
Thanks @Volker
Berry Cobb
01:46:27
@Michel The EPDP will meet a full day on 7 March. 8 March is a pleneary session to answer questions from the community. Two other sessions on 9th and 12th.
Maxim Alzoba
01:46:36
local LEAs always fine with human rights, at least when you ask them about it
Michael Palage
01:46:41
THX bARRY
Marianne Georgelin
01:47:22
Thanks
Maxim Alzoba
01:48:43
it is the way for automation... anyone receives - please send you request to PO box in paper with wet ink signature and apostilled translation to our language
Terri Agnew
01:48:55
Recordings will be posted on wiki agenda page: https://community.icann.org/x/6g6JBw and GNSO Calendar shortly: https://gnso.icann.org/en/group-activities/calendar#feb
davekissoondoyal
01:49:10
Thanks Terry
Berry Cobb
01:49:22
Apologies - 9 March is the Plenary session to ask questions. The 8 March session is reserved for the legal committee of the EPDP to meet.
Amr Elsadr
01:49:31
@Marianne: I’d read the report if I were you. The short answer “yes” only applies to the current situation. There are stakeholders seeking to centralize the decisions to disclose data (take them away from CPs), and eventually automate this decision-making. That would potentially exclude CPs from the process entirely.
Caitlin Tubergen
01:50:07
Small correction: the EPDP Plenary Session in Cancun is currently scheduled for Monday, 9 March.
Maxim Alzoba
01:50:56
Amr, it looks like exclusion of CPs possible only after termination of the contacts
Maxim Alzoba
01:51:41
local LEAs have their ways to contact contracted parties fast
Amr Elsadr
01:51:45
@Maxim: Wouldn’t the EPDP recommendations (if adopted by the ICANN Board) ultimately result in amendment of these contracts?
Manju Chen
01:52:01
<comment> It might be better to add ‘distinct economy recognized by international fora’ to government/territory in recommendation 2. <comment>
Maxim Alzoba
01:52:08
@Amr, depends on local law
Rubens Kuhl
01:52:18
1 request per month (my guess)
Amr Elsadr
01:52:25
Yes. Local law always trumps the contracts anyway. ;-)
Maxim Alzoba
01:52:55
how sanctioned LEAs are to be accredited?
Marie Pattullo
01:53:28
Who can "sanction" an LEA?
Maxim Alzoba
01:53:49
OFAC
Maxim Alzoba
01:54:18
in the same jurisdiction as ICANN
Marie Pattullo
01:54:43
Ah, sorry, you mean the LEA of a "sanctioned" country?
Amr Elsadr
01:54:44
@Rafik: +1. Would be great to have questions and concerns expressed as thoroughly as possible in the public comments.
Cheryl Langdon-Orr
01:55:02
Thanks for this informative and presentation … most helpful... bye for now...
Maxim Alzoba
01:55:11
in the list there can be particular LEAs
Nadira Al Araj
01:55:20
thank you
Lito Ibarra
01:55:28
Thanks
Anna Karakhanyan
01:55:32
Thank you for very useful webinar!
Maxim Alzoba
01:55:32
for example based on territory principles
Abdeldjalil Bachar Bong
01:55:33
thanks and bye
Gordon Chillcott
01:55:34
THank you - this was VERY useful.
Manal Ismail
01:55:43
Thanks everyone !!
Maxim Alzoba
01:55:46
thanks all
nigel hickson
01:55:47
thanks for webinar
Pelle Wecksell Europol/Empact
01:55:52
Thank you, very good
davekissoondoyal
01:55:53
Thanks a lot and bye to all
natha
01:55:54
thanks
Kristian Ørmen
01:55:58
Thank you
Kurt Cogghe (PwC)
01:56:00
thank you