Thomas Rickert (ISPCP)
27:38
Congrats, Farzaneh!
Amr Elsadr (NCSG)
27:42
Congrats, Farzaneh!!
Brian King (IPC)
27:45
congratulations!
Alan Woods (RySG)(Donuts)
27:53
indeed absolutely... congratulations!!
Hadia Elminiawi (ALAC)
28:05
congrats Farzi
Farzaneh Badii (NCSG)
28:12
Thank you all
Matt Serlin (RrSG)
28:21
Congrats Farzi!
León Sanchez (ICANN Board Liaison)
32:38
no dog barking today!
Marika Konings
35:35
In this file you can find the survey results
Farzaneh Badii (NCSG)
38:08
I have to drop off for 30 minutes unfortunately. Will be back as soon as I can
Marc Anderson (RySG)
45:01
I agree with Milton - seems good advice
Brian King (IPC)
45:11
Me too
Hadia Elminiawi (ALAC)
45:25
Starting with a common understanding with regard to the SSAD is absolutely necessary
Hadia Elminiawi (ALAC)
45:40
+ 1 Milton
Matt Serlin (RrSG)
46:23
seems like a reasonable plan
Marika Konings
46:46
See https://docs.google.com/document/d/1bm8sdjrNHvNgftMK4f8s-U81FlNSIe2TVNlQKCXZy5k/edit#heading=h.gjdgxs
León Sanchez (ICANN Board Liaison)
49:07
I have to leave the call early as I am heading to the airport. My apologies for not staying till the end.
León Sanchez (ICANN Board Liaison)
49:11
see you all soon in LA
León Sanchez (ICANN Board Liaison)
49:14
safe travels
Sarah Wyld (RrSG Alt)
49:48
I will have comment on O
Alan Woods (RySG)
51:45
A gac rep ? as an accreditor . No offence to our gac colleagues, on the record as a no there.
Sarah Wyld (RrSG)
52:30
Interesting point Amr
Thomas Rickert (ISPCP)
52:34
We have questions on the legal basis for LEA currently with Bird and Bird. So we might need to revisit once we get the answers.
Thomas Rickert (ISPCP)
52:45
That is the reason why I am silent on this one.
Amr Elsadr (NCSG)
53:21
@Thomas: Sounds reasonable…, and important to note.
Amr Elsadr (NCSG)
54:47
@Chris: Thanks for the clarification. That does make sense.
Sarah Wyld (RrSG)
56:09
Right, so maybe that should refer to human review of the request to confirm that legal basis etc. is identified, but not specific to the "balancing test"
Milton Mueller (NCSG)
57:04
Oh O O
Sarah Wyld (RrSG)
58:13
thanks!
Amr Elsadr (NCSG)
58:46
We should get Alice in Wonderland’s smoking caterpillar to chair this call, when we’re racing through the alphabet? ;-)
Milton Mueller (NCSG)
59:30
Perhaps replace "Yes" with "Maybe" if things are not that clear
Chris Lewis-Evans (GAC)
01:00:04
Sorry Milton did you mean N?
Milton Mueller (NCSG)
01:01:37
Yes
Milton Mueller (NCSG)
01:01:53
Actually I meant N O (haha)
Chris Lewis-Evans (GAC)
01:03:16
@Milton Happy with Desirable if possible?
Thomas Rickert (ISPCP)
01:05:06
The big issue with both use cases is that we are opening the floodgates for requestors who claim they are security practitioners. I do not see a way of checking eligibility. Doing this via safeguards only, as suggested by SSAC during our last call - is not enough in my view.
Alan Woods (RySG)
01:05:14
of the Controller, not the disclosee
Volker Greimann (RrSG)
01:05:50
only if you already control the data, Margie, not if you still have to get it... none of these sections grant access
Thomas Rickert (ISPCP)
01:06:12
You can exercise user rights vis a vis the controller, but not use that as a reason to ask for any data. Am I getting this wrong?
Alan Woods (RySG)
01:06:34
agreed both Volker and Thomas.
Sarah Wyld (RrSG)
01:06:48
+1 Thomas
Alex Deacon (IPC)
01:06:50
@thomas - so then some kind accreditation, authentication, authorization is necessary.
Alex Deacon (IPC)
01:06:59
kind of
Sarah Wyld (RrSG)
01:07:37
What does the highlighting indicate?
Thomas Rickert (ISPCP)
01:07:56
Alex, maybe we need to discuss this in LA. I do not seem to understand the raison d’être for this use case.
Matt Serlin (RrSG)
01:08:27
That is absolutely one of the big items to discuss in LA
Alan Woods (RySG)
01:08:32
+1 thomas
Alex Deacon (IPC)
01:08:37
@thomas - ok well that’s a different (and larger) issue than the one I was commenting on.
Thomas Rickert (ISPCP)
01:09:12
@Alex. Yes. Sorry. I do not mean to be difficult.
Volker Greimann (RrSG)
01:09:17
if all the european lawyers on the call agree, that still is just an opinion?
Matt Serlin (RrSG)
01:09:25
It just comes naturally Thomas :)
Thomas Rickert (ISPCP)
01:09:40
:-)
Matt Serlin (RrSG)
01:11:13
+1 Amr…I think it continues to overlap a lot with the SSAC use case with maybe slight variations
Hadia Elminiawi (ALAC)
01:11:22
I guess the main difference is in relation to the civil claims
Alan Woods (RySG)
01:11:22
+1 Amr
Hadia Elminiawi (ALAC)
01:12:21
I haven’t seen any of the cases addressing the civil claims aspect
Alan Woods (RySG)
01:12:38
bar of course the SSAC
Alan Woods (RySG)
01:12:50
which recognised non-LEA
Alan Woods (RySG)
01:12:58
therefore is civil
Amr Elsadr (NCSG)
01:13:41
@Hadia: If civil claims is an issue, then that can be added where appropriate in the other use cases. If it’s the same set of disclosure requestors, requesting disclosure for the same purposes, there is no need that I can identify for an entirely new use case.
Hadia Elminiawi (ALAC)
01:15:19
@Amr I am not sure that they are the same set of requestors.
Amr Elsadr (NCSG)
01:16:07
@Hadia: The requestors identified in this use case are: “Law enforcement, operational security practitioners, anti-abuse authorities”.
Alan Woods (RySG)
01:16:35
wait NIS ... are we sayig the requesters are critical infrastructure providers under NIS?
Alan Woods (RySG)
01:16:49
cos that seems more to fit into the SSAC II
Amr Elsadr (NCSG)
01:17:03
In this case, the security practitioners are employed by companies. I’m not sure that distinction was made in the SSAC use case, but not sure it makes a difference.
Brian King (IPC)
01:17:15
@Alan I think it's "digital service providers" defined under a different NIS provision
Hadia Elminiawi (ALAC)
01:17:35
Maybe the anti abuse authorities need to be further detailed
Matt Serlin (RrSG)
01:18:51
We have previously said, we believe reverse whois lookups to be out of scope of our work here…that would be a completely new policy development
Amr Elsadr (NCSG)
01:19:01
@Matt: +1
Alan Greenberg (ALAC)
01:19:01
@Milton, aside from other things, there is a logging and notification requirement here which was not present in the old WHOIS.
Alan Woods (RySG)
01:19:16
@brian ... yes Digital service providers, deeemed unde the NIS directive to apply or have an impact on critical infrastructure. . Still not seeing how this is different from SSAC II
Amr Elsadr (NCSG)
01:20:21
@Volker: +1
Sarah Wyld (RrSG)
01:20:34
Well said, Volker.
Alan Woods (RySG)
01:21:08
possible does not equal legal
Brian King (IPC)
01:21:18
@Alan W I don't think so. "If you provide an online search engine, online marketplace or cloud computing service (either alone or in combination) then you are a digital service provider (DSP)." https://ico.org.uk/for-organisations/the-guide-to-nis/digital-service-providers/
Milton Mueller (NCSG)
01:21:26
base contracts were written prior to GDPR
Alex Deacon (IPC)
01:21:39
@alan but also doesn’t equal illegal.
Alan Woods (RySG)
01:22:11
Alex .. hardly the strongest policy position ... It's not legal ... but it's not illegal either ... fingers croissed
Matt Serlin (RrSG)
01:22:21
@margie can you point to what you are referring to in the new gTLD agreement that allows this? Thanks!
Alex Deacon (IPC)
01:22:25
I’m just adding balance to the discussion :)
Margie Milam (BC)
01:22:42
@Matt - yes -i'll find it
Milton Mueller (NCSG)
01:23:26
c) is unacceptable
Milton Mueller (NCSG)
01:23:48
reverse lookup
Sarah Wyld (RrSG)
01:23:59
Yes, thanks Marc, that would have been my next point as well.
Thomas Rickert (ISPCP)
01:24:02
I cannot agree to any of the fields as I have my fundamental issues at the moment.
Amr Elsadr (NCSG)
01:24:03
@Marc: +1
Sarah Wyld (RrSG)
01:24:08
I am not comfortable with that third bullet point in seciton c
Matt Serlin (RrSG)
01:24:19
+1 Marc and Sarah
Alan Woods (RySG)
01:25:16
absolutely legal ... with a court order.
Volker Greimann (RrSG)
01:25:37
legality is but one concern though.
Volker Greimann (RrSG)
01:25:49
just becasue something is legal does not make it right
Caitlin Tubergen
01:25:54
Done - thank you, Janis.
Amr Elsadr (NCSG)
01:26:43
@Matt: +1. This was a by-product of a publicly published whois in the past. Was never an ICANN Consensus Policy.
Volker Greimann (RrSG)
01:26:47
and if some registries offered it voluntarily, they sure could continue to do so.
Sarah Wyld (RrSG)
01:26:57
+1 Volker
Volker Greimann (RrSG)
01:27:11
we do not need policy for allowing someone to provide a voluntary service that is legal
Amr Elsadr (NCSG)
01:27:50
@Brian: New policy recommendations would need to be handled in another process (not an EPDP). Would need to be scoped in an issues report subject to a public comment.
Matt Serlin (RrSG)
01:28:01
+1 Amr
Volker Greimann (RrSG)
01:28:05
ask yourself another question then: Will it get consensus?
Steve DelBianco (BC)
01:28:26
@Amr — all of this work is new policy, and is within scope of our charter.
Amr Elsadr (NCSG)
01:28:59
@Steve: I disagree. The EPDP is about harmonizing existing policy with data protection regulation, not about creating new policy.
Amr Elsadr (NCSG)
01:29:21
There are strict guidelines on using an EPDP. Check annex 4 of the PDP manual.
Hadia Elminiawi (ALAC)
01:29:48
+ 1 Brian we are looking for a system that is legal and provides the same benefits of the old system
Alan Greenberg (ALAC)
01:30:35
@Amr, there are all sorts of things that were not ICANN policy bacause there was no need for such policy - the information was public. SSAD did not exist and we are talking about it for the same reason.
Sarah Wyld (RrSG)
01:31:22
Not sure about that last bullet in (G), for similar reasons to what we just discussed about (c)
Alan Woods (RySG)
01:31:44
Hadia. Thats a very surprising statement the old system was access to unfettered access which was, and as has been clearly indicated by the EDPB, not in line with the requiremetns of data protdciton law. Benefits derived from the breach of the law, is hardly something we should be aspiring to.
Margie Milam (BC)
01:32:05
Yes - I agree with Brian
Alan Woods (RySG)
01:32:09
ugh... typing fails ..lol
Amr Elsadr (NCSG)
01:32:12
SSAD, to me, is an implementation measure to facilitate whatever policy recommendations we come up with. The policy recommendations should focus on the features of SSAD to (again) harmonize existing policies with data protection regulation.
Marc Anderson (RySG)
01:32:58
hard to hear Volker
Steve DelBianco (BC)
01:33:33
Purpose of a request is not the same thing as specific uses of the data in fulfilling that purpose
Alan Greenberg (ALAC)
01:34:06
@Amr, Anything we do has to be in accordance with data protection regulation. That is why we are suggesting asking for legal input. The rest is to decide what do we need (legally alloowed) that allows us to continue to function given GDPR.
Steve DelBianco (BC)
01:34:08
Requestor can represent that they will use the data ONLY in accord with their stated purpose, and in compliance with GDPR
Farzaneh Badii (NCSG)
01:34:53
I have said this before. I am hoping that if the legal advice is not what you have in mind and not what you thought would, you accept it even if not in the interest of what you are pursuing.
Amr Elsadr (NCSG)
01:35:23
@Alan G: Agree, but using an EPDP to develop recommendations is another limiting factor in what the GNSO is allowed to recommend to the ICANN Board.
Amr Elsadr (NCSG)
01:36:16
@Alan G: You were one of the folks who came up with EPDP guidelines. ;-)
Hadia Elminiawi (ALAC)
01:36:34
@Alan W I did explicitly say the words "a legal system.” I meant getting the benefits of the old system and obviously avoiding the "Miss use" through a New system that respects the law
Sarah Wyld (RrSG)
01:37:42
We will certainly submit written comments as well ;)
Matt Serlin (RrSG)
01:38:07
@Hadia some of the “benefits” of the old system sadly were never ICANN consensus policy and as we continue to say shouldn’t be part of our work here but could be another PDP in the future
Farzaneh Badii (NCSG)
01:38:12
Reverse searching?
Alan Woods (RySG)
01:38:49
which, for the record may not look like the old system ... which was not legal. Rose tinted reminiscence of the fact that the good old days were wonderful, does not help us set realistic expectations as to the necessary limitations that will result in a future, legal, outcome of our task.
Margie Milam (BC)
01:38:52
reverse searching is in the new gtld agreements
Farzaneh Badii (NCSG)
01:38:54
I would like to record my objection to J. Don’t know if it has been discussed before
Marika Konings
01:39:30
We’ll put this up as a google doc following the call
Alan Woods (RySG)
01:39:30
and if it's in the contract it must be legal right?
Farzaneh Badii (NCSG)
01:39:41
Margie… you can have a holy agreement granted by god and if it is against the law, it can’t and won’t happen
Margie Milam (BC)
01:39:54
@Alan - I am asking for legal advice to answer that question
Sarah Wyld (RrSG)
01:40:07
I do have a question re the F2F schedule
Brian King (IPC)
01:41:55
Spec 4
Brian King (IPC)
01:41:58
Section 1.10
Brian King (IPC)
01:42:07
https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-31jul17-en.html
Sarah Wyld (RrSG)
01:42:29
Thanks for that info
Brian King (IPC)
01:42:44
you betcha
Marika Konings
01:43:08
To review the current draft GNSO schedule, please see https://docs.google.com/spreadsheets/d/1JimSyz5laTsRNDN4CvyhPTQdCQYxfMrCro7_GjrTWqY/edit#gid=1857571399
Marika Konings
01:43:26
For EPDP Team, there is a full day scheduled on Saturday and other meetings throughout the week.
Farzaneh Badii (NCSG)
01:43:38
I won’t be able to join the LA F2F meeting. I will attend partly remotely
Hadia Elminiawi (ALAC)
01:46:17
Sure
Farzaneh Badii (NCSG)
01:47:09
Glass of wine? I thought it deserved whiskey
Matt Serlin (RrSG)
01:47:45
Safe travels to all heading to LA
Marc Anderson (RySG)
01:47:46
Safe travels everyone going to LA.
Julf Helsingius (NCSG)
01:48:06
Safe travels!
Hadia Elminiawi (ALAC)
01:48:33
Safe tarvels all
Chris Lewis-Evans (GAC)
01:49:01
See you in LA, Safe travels
Sarah Wyld (RrSG)
01:49:05
Thanks, all.
Alan Woods (RySG)
01:49:08
as a lot of the use case is pending legal advice ... surely we should wait
Hadia Elminiawi (ALAC)
01:49:14
Thank you al bye
Amr Elsadr (NCSG)
01:49:16
Thanks all. Bye.
Julf Helsingius (NCSG)
01:49:17
See you in LA!
Rafik Dammak (GNSO Council Liaison)
01:49:20
ghanks all
Brian King (IPC)
01:49:22
thanks all
Zoom would like to update your account settings. When joining a meeting or webinar by entering a meeting ID, participants will be required to enter a password. Participants joining using a meeting invite link will not be required to enter a password. Learn More
This change will be effective on . If approved or declined, the change will take effect immediately.