
41:32
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en

41:55
Members: lease select all panelists and attendees in order for everyone to see chat. Attendees and note, the raised hand option has been adjusted to the bottom toolbar.

42:08
https://docs.google.com/spreadsheets/d/17qLMYb3HC7qGYPQveXbUq5ZSzvedrQ3t8AdVdrRIdrw/edit#gid=0

44:25
I'm sorry, what is the WBS column?

45:09
I am the human sacrifice of the RRSG to the legal team

46:56
Thanks Berry. I continue to marvel at and try to learn from your spreadsheets

49:08
Since the Council meeting is later today, we're hopeful we can do the approval over the Council mailing list as to expedite this task.

50:47
Sorry, the CPH to provide an update on IRT status?

51:08
@Sarah - an update on the status of implementation of rec #6.

51:18
Thanks Marika

56:38
Link to goog doc: https://docs.google.com/document/d/1weQemSQ0-884ILbhmR3OLzUWouyGXMKH/edit

57:06
The aim of the yellow highlighted text was to translate the input provided in the comments. But of course, if we’ve missed something, please speak up.

58:54
+1 Marc

01:00:27
Reminder: please select all panelists and attendees in order for everyone to see chat

01:02:55
Especially those definitions that were derived from legal committee materials :-)

01:03:14
@marika it makes sense reviewing these definitions first by the legal committee

01:04:27
we need to be clear on the definitions in order to be clear on the legal impact

01:06:29
I'm troubled by the idea of creating a definition with the goal of a specific outcome (correlation)

01:06:37
@Melina, I agree anonymized in relation to whom?

01:07:23
It will be important to ensure definitions we agree on are used not only during our work in the EPDP but also in the IRT and beyond.

01:09:17
Agree Sarah.

01:09:40
To Milton's point, I would draw the team's attention to the CPH suggested problem statement, lower down in this document

01:10:44
agreed sarah it is all about what problem we are dealing with and what is the acceptable way to solve it

01:11:29
it cannot be published

01:11:37
if it is not anonymized

01:11:43
Agree, email is there as an option. I think our job here is to provide guidance on how one could implement an email address while adhering to data protection requirements. Not to require an email address in all cases.

01:12:20
agree Sarah

01:12:58
link to instructions from GNSO council that Sarah mentioned:https://community.icann.org/pages/viewpage.action?pageId=150177878

01:13:41
Lost Markia there

01:16:50
+1 Margie we need some more time to react to this

01:18:11
i would love that if we just follow what Bird & Bird suggested as definitions in their legal memo: if its the same email used for multiple entries from one person, its pseudynomized; if it's one address for one entry and never repeated, it's anonymized. why did we ask for legal advice and not listening to them?

01:18:42
+1000 Manju

01:19:07
I ask the same thing about the advice provided with regard to the Legal/Natural issues ;-).

01:19:34
+1 ALan

01:21:08
“uniform” means the same for each individual registrant?

01:22:04
Are there forms that do not comply with the policy requirements set out in phase 1?

01:22:11
Is that the issue? noncompliance?

01:25:11
"contactability" without being able to fill in a web form is a glorified Facebook poke

01:25:54
If the form is not being relayed that's certainly a Compliance problem

01:27:35
Seems like we have heard a lot from stakeholders telling us this is a problem

01:27:58
I don’t see any driving of us toward conclusions, quite the contrary

01:28:32
I see endless repetitions of the same debate and no motion toward conclusion. unfair to suggest Keith’s handling of this is biased

01:29:47
As recommendation #13 is still in the implementation phase, doesn’t further guidance on web forms not belong in the IRT discussions?

01:30:17
agree Marika

01:32:49
obviously an IRT issue

01:33:07
Folks, I just sent a sample relay to the ePDP list. These forms (at least at my Registrar) are functioning as intended. If other registrars cannot provide the same functionality, it should be raised with Compliance.

01:34:15
Where a Registrar redacts the data element values listed in Section 10.3.1.8 or 10.3.1.12, in lieu of “REDACTED”, Registrar MUST Publish an email address or a link to a web form for the Email value to facilitate email communication with the relevant contact, but MUST NOT identify the contact email address or the contact itself. [Rec 13]

01:36:53
We have the Webinar next Tuesday on L vs. N, and yes the agenda next Thursday will focus more on that topic.

01:36:57
@Keith -- much appreciated. Want to make sure we have sufficient opportunity to deal with both anonymized emails and the treatment of legal information.

01:36:58
@James: missing from many registrars' forms is the possibility of "facilitating email communication" - surely merely delivering a non-message via email as a protocol does not achieve the intended outcome of being able to write an email to the registrant

01:37:19
happy to move along for today, and unfortunately I need to drop at the top of the hour. Thanks all.

01:38:13
Good points, Sarah.

01:39:04
That is maybe a thing that could exist but it certainly does not at this time

01:39:11
(Alan G's suggestion)

01:39:53
There is no reason for it to exist

01:40:07
That’s right Sarah- we can certainly talk about whether it should be addressed in the policy

01:40:18
Right - it goes back to agreeing on a problem statement and what is in scope for this phase

01:44:03
@Milton - as mentioned earlier, it essentially becomes a “tracking cookie” for the DNS

01:45:06
exactly, so why are we considering it

01:46:12
That is a huge conflation of client data and registrant data -

01:46:35
We are talking about the latter only surely?

01:46:35
I'm not sure what this has to do with our work here, but maybe that's because the problem statement is as yet unclear

01:47:00
And, didn't James just explain that in some privacy/proxy services we see pseudonymization in the public-facing email address? I do think that's a good example

01:48:16
so as I predicted, Margie is arguing for correlation, this is really about correlation, not about the definitions

01:48:34
Is revisiting the SSAD response requirements in scope for this phase?

01:48:47
You mean by subpoena?

01:49:10
so if we want to make progress, we have a debate about whether correlation of published contact data is legal.

01:49:52
if you can get it upon request that means you’re getting from the SSAD? what is it to do with publishing?

01:50:20
Good question there Manju

01:52:27
@Mark Thanks so it is the domain name that generates (has generated) another unique string that stays with it.

01:52:29
We need to understand if this is in scope

01:53:16
My hand is up

01:53:21
Also where data is released via the SSAD - this undermines all anonymization and psedonymization - we need to consider the ling tail of such efforts with all processes considered - not just the mere act of ‘correlation’

01:53:28
*long

01:54:36
+1 Alan

01:56:10
RIght! I thought our job here was to provide guidance on how to do this pseudonymization or anonymization properly, for those cases where the CP has decided to do so according to Rec 13

01:56:13
ENISA: “there is still a large threat of re-identification..."

01:56:28
Agree = IF published, how to do it right

01:57:17
Sounds like Laureen is agreeing that pseudonymized email is a major identification risk and special measures would be needed to reduce risks.

01:59:11
Hi folks…need to drop a few minute early. Thanks.

01:59:16
+1 safeguards are required and just to note there is no such thing as risk free and DPAs are not looking for 100% anonymization

01:59:24
Laureen was talking about reducing risk through pseudonymized emails -- which make sense.

01:59:35
+1 Margie

02:00:01
Perhaps a bit more nuanced Milton -- I agree that the real issue is how to mitigate the risk of identification IF the anonymized/pseudonymized data is published.

02:04:26
Thanks Marika for the clarification. Yes, the guidance from Council, not just the original charter.

02:04:51
https://docs.google.com/document/d/1e2-rVF2wh-821tct76O50QdWwn4ZcIqS/edit#heading=h.gjdgxs

02:05:32
https://docs.google.com/document/d/1QlM4O_vwx7cQ11DJ_Lx2kqhyyRgDkMXG/edit#heading=h.gjdgxs

02:07:23
to the list.

02:07:46
Thanks, all

02:07:56
Thank you all - bye for now

02:07:58
Thank you all!