hello all

buenos dias a todos

Slides are available on the wiki agenda page: https://community.icann.org/x/6g6JBw

thx

@Terri: Thanks!!

<question>was the issue of leaked credentials for LEAs accounts considered? people tend to change jobs e. t. c. <question>

automation does not mean the automatic disclosure of the data

@Hadia: The last sentence in the first principle is quite specific, referring to automation of disclosure decisions.

@Amr yes I wanted to put it in other words to make it clearer

Thank you for your question, Maxim. We will address questions at the end of the slide presentation, and we have taken note of your question.

I’d like to note that so far, there has been no mention on any slides of compliance with privacy/data protection laws or GDPR anywhere. I’d imagine that this is central to the scope of the EPDP.

@Amr : +1

@Amr, that would be a serious issue

<question>what happens if local law in jurisdiction of a contracted party will prohibit use of SSAD?<question>

All please - do we need to state the obvious this whole report has been developed and produced in compliance with the GDPR. This is what this group has been chartered to accomplish

in GDPR - law enforcement is limited to EU law enforcement

Thank you for your note, Amr. This presentation does not cover every point in the report; however, the Report does provide: During Phase 1 of the EPDP Team’s work, the EPDP Team was tasked with reviewing the Temporary Specification. The Temporary Specification was established as a response to the GDPR. Accordingly, the GDPR is the only law that is specifically referenced in this report.

…The EPDP team has extensively deliberated whether this Initial Report could be drafted in a way that is agnostic to any specific law, but the EPDP Team determined that the report would benefit from explicit references to facilitate the implementation of the Team’s recommendations. The GDPR is a regional law covering multiple jurisdictions and - given the strict criteria it contains - compliance with this law has a high probability of being compliant with other national data protection laws. The EPDP team fully endorses ICANN’s aspiration to be globally inclusive, and nothing in this report shall overturn the basic principle that contracted parties can and must comply with locally applicable statutory laws and regulations.

[question] I’m sorry if i missed it but how would it any way be possible to do automatic disclosure [/question]

<question>was EBERO considered in the model as a replacement of a Registry? <question>

maybe for legal entities willing to disclose their data of full auto?

EPDP phase 3 is yet to come

can I have a copy of the slides, please?

Slides are available on the wiki agenda page: https://community.icann.org/x/6g6JBw

yes a copy of the slides would be welcome

thanks

two ways to ask a question. Raise hand in zoom room or type in chat. If question is typed in chat, please start with <question> and when finished end with <question>

thanks Terri for the reminder

LEAs hate to be tracked

thanks

tough luck. they want the data, they better own up to it

I would not give law enforcement access to our data without reviewing each request manually

+1

Apologies if this was asked in the few minutes I was away <question>For a request coming from an accredited org/person for registrant details for a domain, will the registrant be notified that a disclosure was made to the accredited org/person and the reason for the request</question>

(if it was asked, I'll listen to the recording)

<question>

EBERO is a temporary Registry appointed by ICANN in case some registry terminated or not functional

The Maxim scenario, I figured, is for a TLD currently in EBERO. Will SSAD know to query EBERO and EBERO know how to answer it ?

</question>

Kristian, that is definitely something you should put in public comments, since we currently plan to allow it for local LEAs

@Maxim the default will be for the query to go to the registrar

+1 @Volker

so in an EBERO scenario, that would only be relevant if the request specifically needed to go to the RO/EBERO

local LEAs to make requests track able by foreign LEAs???

it is pure SCIfi

foreign LEAs are normal requesters with no special privilege

accuracy of Whois going to be obsolete, RDAP is coming

<question> Will it be possible for a registry/registrar to ask the requestor to provide further documents to justify its request? </question>

Priority 2 Issues: Display of information of affiliated vs. accredited privacy / proxy providers● Legal vs. natural persons● City field redaction● Data retention● Potential Purpose for ICANN’s Office of the Chief Technology Officer● Feasibility of unique contacts to have a uniform anonymized email address● Accuracy and WHOIS Accuracy Reporting System

Has the Day of the meeting in Cancun been announced yet?

@Maxim accuracy of the data is still an issue, how would it disappear with the transition to RDAP

it is better to be named RDDS accuracy

@Marianne, yes.

Olivier:NoMaybeAs beforeNot discussedNot feasibleNo changes

Thanks @Volker

@Michel The EPDP will meet a full day on 7 March. 8 March is a pleneary session to answer questions from the community. Two other sessions on 9th and 12th.

local LEAs always fine with human rights, at least when you ask them about it

THX bARRY

Thanks

it is the way for automation... anyone receives - please send you request to PO box in paper with wet ink signature and apostilled translation to our language

Recordings will be posted on wiki agenda page: https://community.icann.org/x/6g6JBw and GNSO Calendar shortly: https://gnso.icann.org/en/group-activities/calendar#feb

Thanks Terry

Apologies - 9 March is the Plenary session to ask questions. The 8 March session is reserved for the legal committee of the EPDP to meet.

@Marianne: I’d read the report if I were you. The short answer “yes” only applies to the current situation. There are stakeholders seeking to centralize the decisions to disclose data (take them away from CPs), and eventually automate this decision-making. That would potentially exclude CPs from the process entirely.

Small correction: the EPDP Plenary Session in Cancun is currently scheduled for Monday, 9 March.

Amr, it looks like exclusion of CPs possible only after termination of the contacts

local LEAs have their ways to contact contracted parties fast

@Maxim: Wouldn’t the EPDP recommendations (if adopted by the ICANN Board) ultimately result in amendment of these contracts?

<comment> It might be better to add ‘distinct economy recognized by international fora’ to government/territory in recommendation 2. <comment>

@Amr, depends on local law

1 request per month (my guess)

Yes. Local law always trumps the contracts anyway. ;-)

how sanctioned LEAs are to be accredited?

Who can "sanction" an LEA?

OFAC

in the same jurisdiction as ICANN

Ah, sorry, you mean the LEA of a "sanctioned" country?

@Rafik: +1. Would be great to have questions and concerns expressed as thoroughly as possible in the public comments.

Thanks for this informative and presentation … most helpful... bye for now...

in the list there can be particular LEAs

thank you

Thanks

Thank you for very useful webinar!

for example based on territory principles

thanks and bye

THank you - this was VERY useful.

Thanks everyone !!

thanks all

thanks for webinar

Thank you, very good

Thanks a lot and bye to all

thanks

Thank you

thank you