00:38:57 James Bladel (RrSG): Terri cutting out intermittently for me. :( 00:38:59 Becky Burr (ICANN Board Liaison): Audio keeps fading out 00:39:11 Amr Elsadr (NCSG): @James: For me too, so issue is on her end. 00:39:11 Matt Serlin (RrSG): Losing Terri a bit 00:39:13 Hadia Elminiawi (ALAC): The sound is breaking 00:39:13 Andrea Glandon: Thank you, I have let her know 00:39:14 milton mueller: on my end you are dropping off intermittently Terri 00:39:18 Andrea Glandon: it’s on her end 00:39:25 Amr Elsadr (NCSG): @Andrea: She moved her head. ;-) 00:39:31 Andrea Glandon: She did!! 00:39:34 Laureen Kapin (GAC): Terri, I am only hearing every other word. 00:39:41 Amr Elsadr (NCSG): @Terri: Hahaha!! 00:39:59 Alan Greenberg: Apology came through PERFECTLY! 00:40:10 Andrea Glandon: :) 00:42:14 Amr Elsadr (NCSG): Have my hand raised on the agenda question just to ask if 3a could be given more than 5 minutes of discussion. :-) 00:42:47 Terri Agnew: Apologies about the poor audio during the intro. 00:43:25 Thomas Rickert (ISPCP): Question: Why ist the EPDP team being bypassed? Why has the document not been shared with our group before sending? 00:44:18 Alan Woods (RYSG): That is not my recollection at all 00:44:24 Milton Mueller (NCSG): why hesitant? 00:44:32 Milton Mueller (NCSG): these are policy questions 00:44:49 Alan Woods (RYSG): Ther were hesitant to send the pre draft, but were to share prior to sending. 00:44:53 Alan Woods (RYSG): *they 00:45:23 Margie Milam (BC): that's what I recall too 00:46:11 Milton Mueller (NCSG): =1 Amr 00:46:17 Milton Mueller (NCSG): +1 that is. 00:46:22 Alan Greenberg (ALAC): I strongly supported NOT sharing prior to the EU input, but I am very disappointed that we did not have an opportunity to comment prior to being formally submitted. 00:49:03 Brian King (IPC): Agree that it would be helpful to know what the expected timeframe is for a response 00:50:23 Matthew Crossman (RySG): I have in my notes from LA that the next plenary meeting of EDPB is 12th-13th November 00:51:50 Brian King (IPC): thank you, Georgios 00:52:52 Alex Deacon (IPC): Alex 00:53:26 Amr Elsadr (NCSG): @Thomas: +1 00:53:43 Alan Greenberg (ALAC): @Thomas, +1 00:54:29 Amr Elsadr (NCSG): @Thomas: Share your sentiments, and agree with your recommendation on a statement. 00:54:30 Alan Greenberg (ALAC): I have not reviewed the document and perhaps I will have no problem with it, but process does matter. 00:55:18 Hadia Elminiawi (ALAC): we still need to take a detailed look before reaching any decision in this regard - there are no merits in just distancing ourselves 00:56:46 Amr Elsadr (NCSG): @Hadia: Thomas and I, as well as Alan G have just mentioned reasons/merits why we should distance ourselves from this doc. 00:57:15 Alan Greenberg (ALAC): @Amr, that is not what I said. 00:57:21 Becky Burr (ICANN Board Liaison): @Amr, can you expand on your substantive concerns about report? 00:57:32 Becky Burr (ICANN Board Liaison): I understand process concerns 00:57:36 Alan Greenberg (ALAC): I may strongly support it, once I have studied it. 00:57:36 Milton Mueller (NCSG): Becky its primarily about process. 00:57:37 Amr Elsadr (NCSG): I know, Alan. I didn’t say that you meant them as reasons to distance ourselves, but your point on process is just that imo. :) 00:57:51 Hadia Elminiawi (ALAC): @Amr Alan did not say so 00:57:59 Chris Disspain: my apologies for missing this call..I am currently on a train with a very dodgy signal 00:58:03 Amr Elsadr (NCSG): @Hadia: See my response to Alan above. 00:59:09 Hadia Elminiawi (ALAC): @Amr process is important but that is not a reason for us to miss on an opportunity if one exists 01:00:17 Milton Mueller (NCSG): I am not saying we should ignore answers from the EDPB, I am saying we don't waste time interacting with them. 01:00:21 Amr Elsadr (NCSG): @Janis: I’m not very interested in drafting questions for ICANN org at this point, either. Would rather just do what I said earlier; distance ourselves from this. 01:00:22 Volker Greimann (RrSG): We might even get “clarity”, that elusive beast 01:00:28 Milton Mueller (NCSG): "them" being strawberry team 01:01:01 Milton Mueller (NCSG): We don't need to waste time talking to strawberry team in Montreal to benefit from any answers provided by EDPB 01:01:26 Milton Mueller (NCSG): it's a parallel process, full stop. So let it be parallel. Parallel lines do not intersect 01:01:53 Hadia Elminiawi (ALAC): @Amr we need to wait and see before jumping into conclusions 01:03:00 Milton Mueller (NCSG): No. No discussions with Strawberry team in Montreal 01:03:07 Hadia Elminiawi (ALAC): @Amr even this discussion that we are having now is a waste of time because we don't know what we are talking about yet 01:03:09 Amr Elsadr (NCSG): @Hadia: No. Not really. ICANN org needed to wait and see what we thought before they jumped. 01:03:29 Milton Mueller (NCSG): I know what I am talking about Hadia. 01:03:49 Milton Mueller (NCSG): It is the Strawberry team and ICANN that doesn't know what it's doing 01:04:39 Becky Burr (ICANN Board Liaison): There’s a bit of a chicken and egg issue here, no? Presumably ICANN needs clear input from EDPB to answer questions regarding responsibility, liability, and controller/processor issues posed by EPDP, but can’t wait until EPDP Phase 2 recommendations are complete to ask for that guidance. 01:05:13 Thomas Rickert (ISPCP): To be clear: If we discuss a statement, it should not be hostile, but just clarify that our team is working on the policy and that the policy recommendations we might come up with may or may not be in line with the proposals in the document they received from the strawberries. 01:06:02 Brian King (IPC): Agreed, Becky. 01:06:14 Thomas Rickert (ISPCP): Also, I support Milton. We should not spend time for a discussion with the strawberries in Montreal. They can send a written update. 01:06:18 Milton Mueller (NCSG): why can't it wait, Becky? Because waiting would prevent ICANN Inc from making pre-emptive decisions? 01:06:26 Amr Elsadr (NCSG): @Becky: I appreciate that, and if I were ICANN Org, I wouldn’t want to sit on my hands waiting either. What they could have done was what we asked them to do in Marrakech - to open up dialogue with us, and coordinate this. 01:07:06 Thomas Rickert (ISPCP): Hi Becky, there is nothing wrong with reaching out to the EDPB to get responses, but the way this was done bypassing us is just wrong (imho) 01:07:36 Mark Svancarek (BC): It would have been great if a draft had been shared with us in LA. 01:07:36 Becky Burr (ICANN Board Liaison): @ Milton, Org doesn’t have authority to pre-empt policy development process, but policy development process is asking for input on issues for which EDPB guidance is needed. 01:08:05 Milton Mueller (NCSG): indeed, Becky. So if the policy development process needs input then it should be the PDP team that develops it and asks for it 01:08:06 Becky Burr (ICANN Board Liaison): @Thomas, not defending process, just trying to understand 01:08:19 Milton Mueller (NCSG): And you haven't answered my question: Why can't they wait? 01:09:29 Milton Mueller (NCSG): when you say ICANN Inc can't wait for the PDP process to work, you sound very much like you are saying ICANN Inc should pre-empt the bottom up process 01:09:48 Becky Burr (ICANN Board Liaison): Because EPDP has asked for input from ICANN that is, in turn, dependent on guidance from EDPB. 01:10:11 Becky Burr (ICANN Board Liaison): Milton, I said ICANN has no authority under the bylaws to pre-empt the policy development process. 01:10:23 Thomas Rickert (ISPCP): Understood, Becky. 01:10:35 Becky Burr (ICANN Board Liaison): And I said I am not defending the process - totally hear people on that point. 01:10:37 Milton Mueller (NCSG): Amazing that with all its lawyers ICANN seems still not to understand the function and role of the EDPB 01:13:27 Milton Mueller (NCSG): OK, got it. Very German of you 01:14:22 Thomas Rickert (ISPCP): ...which I trust you think is a good thing, Milton? :-) Just asking (as a German :)) 01:14:54 Becky Burr (ICANN Board Liaison): Glad you asked that Thomas 01:15:18 Margie Milam (BC): +1 James 01:15:45 Marika Konings: Note that there is a further section below focused on de-accreditation - this is just the definition. 01:16:05 Marika Konings: If further details are needed, these should probably be added there? 01:16:05 James Bladel (RrSG): De-accreditation of an Accreditation Authority is a huge issue. Nuclear option. Needs further work & discussion. 01:16:50 Mark Svancarek (BC): +1 James. We need to consider the downstream effects and prepare for them in policy 01:16:57 Volker Greimann (RrSG): agreed, James 01:16:59 Amr Elsadr (NCSG): I think Hadia’s question is a policy question, not an implementation one. 01:17:22 Alex Deacon (IPC): ….if ICANN org is *the* accreditation authority perhaps de accreditation will never happen. It may be that we need to flesh out de-accreditation of 3rd party identity providers they may leverage. 01:17:32 Alan Woods (RYSG): How does that reconcile with Data Protection Hadia? If a whole rake of safeguards are proven to be defunct - then release cannot go ahead in good conscience. 01:18:01 Mark Svancarek (BC): SSL certs is the same analogy I would use 01:18:14 Alan Greenberg (ALAC): For those interested, the Strawberry team meeting with us transcript is at https://gnso.icann.org/sites/default/files/policy/2019/transcript/transcript-gnso-epdp-f2f-day1-pm-09sep19-en.pdf and Elena's commitment to share the revised draft with us in a week after the LA meeting is straddling page 62/63. 01:18:18 Matt Serlin (RrSG): If they were de-accredited for issuing credentials to unqualified entities, we would want to revoke those so maybe just a note to that point 01:18:40 Hadia Elminiawi (ALAC): @James yes there will always be an issue of how these accreditations were granted 01:19:04 Amr Elsadr (NCSG): @Alan G: Thanks for digging that up, and sharing with the rest of us. 01:19:11 Alan Woods (RYSG): ICANN cannot simply get a get out of jail card of course! 01:19:45 Alan Woods (RYSG): If ICANN have failed in properly administering, then that just means we have a much larger failure to deal with. 01:19:59 Hadia Elminiawi (ALAC): @Alan thanks 01:21:03 Matt Serlin (RrSG): I think graduated enforcement would be fine with he nuclear option being the last…just like it works with contracted parties and ICANN today 01:21:05 Alex Deacon (IPC): @georgios - we talk about “graduated response” later in the doc. Its not a binary decision….. 01:21:41 Georgios Tselentis (GAC): ok Alex did not catch this one 01:21:52 Hadia Elminiawi (ALAC): @Alex the only thing that I am not sure that a nuclear option should be allowed to exist 01:22:02 Volker Greimann (RrSG): De-accreditation should also mean that none of their listed officers can ever belong to an accredited entity either, right? 01:22:07 Amr Elsadr (NCSG): @Alex: Thanks for clarifying the differences re: validation/verification. Helpful. 01:27:47 Alex Deacon (IPC): I’ll take an action to scrub the doc to remove the “framework” concept for Accreditation Authorities and make it clear this is policy for the Accreditation Authority itself. 01:30:38 Milton Mueller (NCSG): god, thx Alex 01:32:23 Alex Deacon (IPC): OK to remove the brackets. 01:36:30 Alex Deacon (IPC): +1 Janis - I was thinking the same thing. 01:39:41 Marika Konings: We presume we can also remove brackets in these bullets, if there are no concerns? 01:42:23 Amr Elsadr (NCSG): @Alex: yes…, we concluded that it can assert multiple purposes. No objection to removal of brackets here. 01:42:31 Amr Elsadr (NCSG): Not from me, at least. 01:43:26 Alex Deacon (IPC): what is default and what is not is very much an implementation issue IMO. 01:45:21 Alex Deacon (IPC): @hadia - building block A (contents of requests) includes “a list of data elements requested by the requestor…” So I think we are covered. 01:46:48 Alan Greenberg (ALAC): You could not select a purpos for which you were not accred, but a single entity may have multiple purpose credentials. 01:47:47 Alan Greenberg (ALAC): Using the def'n here, a single identity may have multiple auth credentials. 01:49:04 Chris Lewis-Evans (GAC): +1 alex 01:49:07 James Bladel (RrSG): My analog is a US Driver’s License. You have a single license (Identity) but it has multiple “Categories” for a car, motorcycle, commercial vehicle, etc. 01:50:06 Alex Deacon (IPC): +1 Alan those authorizations are dynamic and change. 01:53:19 Alan Greenberg (ALAC): @James, yes I agree. 01:53:25 Hadia Elminiawi (ALAC): +1 James 01:53:59 Alan Greenberg (ALAC): ALl I was orig. suggesting was that if you had multiple auth cred, a "default" might be associated with your identity. 01:54:29 Alan Greenberg (ALAC): really an impl. issue. 01:56:00 Alex Deacon (IPC): thanks james - wasn’t expecting a quick answer. 02:00:49 James Bladel (RrSG): Shouldn’t the SSAD intercept that reqeust? 02:01:39 Brian King (IPC): @James, not if the requestor goes to the CP directly, outside of SSAD (i.e. based on a Phase 1 Rec 18 one-off request) 02:02:02 Marc Anderson (Verisign / RySG): Maybe publication of revocation lists similar to certs? 02:04:54 James Bladel (RrSG): There need to be some terms & consequences for violating them. Otherwise this is dancing dangerously close to the “honor system." 02:05:09 Margie Milam (BC): agree there should be consequences 02:05:17 Margie Milam (BC): - graduated penalties make sense to me 02:07:08 Brian King (IPC): It makes sense that organizational credentials should only be revoked based on a showing of systemic organizational abuse 02:07:53 Alan Greenberg (ALAC): revocation of an org cred is much more likely because the org ceases to exist. 02:08:13 Amr Elsadr (NCSG): Organizational abuse should likely, at a minimum, result in more scrutiny in audits. By the time systemic abuse is identified, a great deal of damage might already be done. 02:08:58 Alan Woods (RYSG): You are skipping an awful lot of steps and due process here 02:09:28 Alan Woods (RYSG): our point is if someone is deaccredited … if we got there …. then that is the consequence. 02:09:46 Volker Greimann (RrSG): I agree with Mark, which is why there need to be graded responses 02:10:16 Matt Serlin (RrSG): Fully agree with Mark…I think it needs further discussion but conceptually it makes sense 02:10:36 Brian King (IPC): Me too, it feels like we're largely in agreement 02:11:29 Marc Anderson (Verisign / RySG): I'll drop my hand in interest of moving on 02:12:04 Margie Milam (BC): you have graduated sanctions under the RAA 02:12:53 Alan Woods (RYSG): Agreed James. If we get to revocation one would assume it was not on a whim! 02:13:24 James Bladel (RrSG): @Margie - don’t you mean “we” ? :) 02:13:34 James Bladel (RrSG): And yes, I supported your proposal for graduated sanctions 02:13:43 Margie Milam (BC): yes :) 02:15:47 Volker Greimann (RrSG): We should prohibit the homeless person of the week kind of requestors 02:17:15 Margie Milam (BC): yes 02:17:55 Amr Elsadr (NCSG): Agree to deleting “p”. 02:18:02 Marc Anderson (Verisign / RySG): agree with deleting p 02:18:54 Alex Deacon (IPC): Its important to know if Stephanie’s concerns are her own or that of the NCSG. 02:22:56 Alan Woods (RYSG): for my sins …. it was me 02:23:49 Mark Svancarek (BC): good metaphor 02:24:28 James Bladel (RrSG): Point taken Janis, I’m on it. 02:27:17 James Bladel (RrSG): It is an implementation issue, but here the policy is saying “will not be restricted.” That is not realistic. Thx. 02:28:29 James Bladel (RrSG): Bullet T feels like a blanket prohibition on any access controls. 02:28:34 Alan Woods (RYSG): +1 James 02:31:03 James Bladel (RrSG): Interesting idea Volker. Or requests beyond a certain quota are not subject to SLA performance requirements. 02:33:36 Brian King (IPC): Agree with SSAC. The system simply needs to work for non-abusive queries. 02:33:39 Alan Greenberg (ALAC): dead air? 02:34:00 Brian King (IPC): The language on the screen works 02:34:02 Marc Anderson (Verisign / RySG): generally I think we all agree that legitimate requests should be allowed and there needs to be tools to combat abusive requests. We still need to work on the exact words needed to accomplish that. 02:34:56 Alan Greenberg (ALAC): It is not clear to me that every user may or should have the same limitations. 02:36:13 Alan Greenberg (ALAC): And celarly if we ever get to the point where some class of requests can be handled without manual intervention, the situation changes. 02:39:43 Volker Greimann (RrSG): will we be getting calendar invites for all these meetings? 02:39:59 James Bladel (RrSG): Good idea vOlker. My calendar for Montreal is already very messy 02:40:22 Marika Konings: @Volker - if you go to the ICANN66 schedule you can download the invites for all the meetings you are interested in, including these. 02:41:32 Volker Greimann (RrSG): That somehow does not work 02:41:44 Terri Agnew: We can send out calendar invites to help. 02:42:05 Volker Greimann (RrSG): thank you, very helpful 02:42:21 James Bladel (RrSG): @Marika @Terri - even if it’s just a list that I can add myself, that would be helpful. Just don’t want to miss a session. Thx 02:42:36 Berry Cobb: The October Project Package will also be posted tomorrow. 02:43:01 James Bladel (RrSG): Thanks 02:43:19 Amr Elsadr (NCSG): Thanks all. Bye. Safe travels to all. 02:43:21 Julf Helsingius (NCSG): Thanks, and safe travels! 02:43:24 Hadia Elminiawi (ALAC): Bye all 02:43:25 James Bladel (RrSG): See you saturday