Logo

Julie Bisland's Personal Meeting Room
Alan Woods (Donuts)
34:58
sorry for the lateness!
Sarah Wyld (RrSG)
35:18
Thanks for the update and for your hard work, Legal Team!
Alan Greenberg (ALAC)
37:33
Sorry for being late.
Milton Mueller (NCSG)
40:13
We're interested primarily n the disclosure decision
Sarah Wyld (RrSG)
40:35
Should we talk about this one before we move on to the other?
Milton Mueller (NCSG)
42:25
we should, but we probably won't
Alan Woods (RySG) (Donuts)
46:52
+1 Sarah
Matt Serlin (RrSG)
47:04
well said Sarah…that jumped out to me as well
Thomas Rickert (ISPCP)
48:42
we better pause our work then
Thomas Rickert (ISPCP)
50:06
the answers suggest that we have to be extremely lucky as a group to meet the responses from the EDPB
Thomas Rickert (ISPCP)
50:32
if not, our recommendations will likely be rejected.
Thomas Rickert (ISPCP)
50:47
Am I missing something?
Matt Serlin (RrSG)
51:21
While I agree with Alex that the letter are somewhat conditional, I think our fundamental question about what role ICANN is willing to take was addressed
Becky Burr (ICANN Board Liaison)
51:34
Agree @Matt
Becky Burr (ICANN Board Liaison)
52:36
Both Board and Org have fundamentally said that ICANN is willing to act as or be responsible for managing a non contracted party decision-maker
Alex Deacon (IPC)
53:32
@matt and becky - so is it sufficient for us to agree on a centralized model with ICANN with the decider and move forward?
Sarah Wyld (RrSG)
54:13
Alex - Isn't it still conditional on the response? But now we know that IF the response is that it's OK legally, then ICANN is willing to do it?
Volker Greimann (RrSG)
55:01
@Becky: Will they also carry all liability for such decisions and any implications thereof on CPs?
Becky Burr (ICANN Board Liaison)
56:36
@Milton, not saying that. Of course there could be a mechanism that does not centralize decision-making, and it is a fundamental policy decision. The Board does prefer a centralized decision-maker and would need to understand how the alternative is in the global public interest.
Eleeza Agopian (ICANN Org Liaison (MSSI)
56:52
@Alan G, to your point on authorization providers, Section 4 of the Strawberry paper describes the role of the authorization provider. This entity would be responsible for evaluating a given query and the identity of the requestor against the community-developed policy governing access to non-public registration data, and determining whether or not the request should be approved based on the application of that policy. Subject to Board approval, ICANN org is willing and able to play this role and/or identify a third-party entity to perform this function to the extent it reduces the exposure of contracted parties under the GDPR and is consistent with EPDP-developed policy. The “Exploring a Unified Access Model” paper seeks EDPB confirmation that this approach would effectively reduce the exposure of contracted parties under the GDPR.
Becky Burr (ICANN Board Liaison)
58:02
@volker, that is the point of asking for EDPB guidance. It is hard to see how we could centralize decision-making away from Cps, but leave them liable.
Becky Burr (ICANN Board Liaison)
59:04
@volker, in other words, if CPs remain liable for the decision to release information, it is natural to assume that they would feel compelled to participate in the decision-making.
Becky Burr (ICANN Board Liaison)
59:28
Which, in turn, would defeat the goal of having a centralized decision-maker
Volker Greimann (RrSG)
59:34
Thanks, Becky, that matches our expectation
Alan Woods (RySG) (Donuts)
01:00:05
I'm a bit confused Becky. So the board DOES think that liability will be retained?
Alan Woods (RySG) (Donuts)
01:00:41
and we are hoping that the EDPB will confirm otherwise?
Alan Greenberg (ALAC)
01:00:50
@Volker/Becky, the real question in my mind is whether there is a class of queries that is NOT automatable that ICANN (or delegate) can act as the authorization provider. I find it hard to understand how that would be possible.
Alan Woods (RySG) (Donuts)
01:01:02
(apologies .. I think my brain is addled lol)
Alan Greenberg (ALAC)
01:01:48
@MArc, correct, we need the authorization provider building block. It is perhaps related to the automation block.
Becky Burr (ICANN Board Liaison)
01:01:50
The Board seeks confirmation that under the strawberry team model the centralized decision-maker would be responsible for GDPR compliance with respect to the decision to release information
Sarah Wyld (RrSG)
01:01:57
Well said Marc, and + on thanking them for the responses
Milton Mueller (NCSG)
01:02:37
@Becky. I still don't see why the board has, or should have a "preference" regarding who makes the disclosure decision. The community makes the policy, not the board
Becky Burr (ICANN Board Liaison)
01:04:22
Yes, the community makes the decision. The board must respect that decision unless a supermajority determines that it is not consistent with the global public interest.
Becky Burr (ICANN Board Liaison)
01:05:48
@Laureen - this is acknowledged in strawberry paper. That said, key question is who is responsible for the decision to release data in response to a request.
Sarah Wyld (RrSG)
01:05:50
Right - but if the CP retains some portion of responsibility/liability, then the CP should also participate in the decision making process
Matt Serlin (RrSG)
01:06:04
+1 Sarah
Sarah Wyld (RrSG)
01:06:42
I'm happy to work on this, certainly
Marc Anderson (Verisign / RySG)
01:06:44
Happy to jump on a small team call to get that started
Becky Burr (ICANN Board Liaison)
01:06:46
depends on the guidance @Sarah and Matt. The strawberry paper clearly proposes that the CPs would not be responsible for release decision.
Sarah Wyld (RrSG)
01:06:58
Becky - right, much depends on the guidance
Alex Deacon (IPC)
01:07:05
Sign me up for this new small team also.
Margie Milam (BC)
01:07:16
Me too
Sarah Wyld (RrSG)
01:14:44
Should Registrants pay to have their data disclosed via SSAD?
Milton Mueller (NCSG)
01:15:20
Huh?
Milton Mueller (NCSG)
01:15:43
The purpose of this system is to disclose redacted data, not to protect privacy
Sarah Wyld (RrSG)
01:15:57
Yes, I was surprised by that also Milton
Volker Greimann (RrSG)
01:16:25
I still feel we could cut months off the time needed to complete this by finally getting rid of the pet desires and aspirational goals and concentrate on what is actually achievable and likely to find consensus.
Julf Helsingius (NCSG)
01:17:32
+1
Matt Serlin (RrSG)
01:17:42
I thought we had agreed to that principle in previous discussions in the room…until it was put in writing
Volker Greimann (RrSG)
01:18:01
So instead of spending hours on accuracy and automation what-ifs, lets do what can be achieved now
Sarah Wyld (RrSG)
01:18:10
If a data subject has to pay to have their data disclosed via SSAD, that implies they can choose *not* to be in the SSAD, especially since there is a direct-to-CP process under the Phase 1 Rec 18
Volker Greimann (RrSG)
01:18:45
As it stands, the blame for our delayed timelines lies squarely at the feet of those bringing up dead horses again and again
Alex Deacon (IPC)
01:19:33
+1 Mark -
Sarah Wyld (RrSG)
01:19:40
What Framework are you referring to? the DNS Abuse Framework is unrelated to RDDS information
Sarah Wyld (RrSG)
01:19:51
Those are separate concerns entirely
Milton Mueller (NCSG)
01:19:56
I don't dispute that there are public benefits from a system of access, but contributions should be related to usage
Alan Greenberg (ALAC)
01:20:01
+1 Mark SV
Sarah Wyld (RrSG)
01:20:32
I want to also add some support for Point 1 in the letter
Margie Milam (BC)
01:21:30
agree with deletion 1/2
Rod Rasmussen (SSAC)
01:21:31
This is not a simple economic analysis. There are fixed costs fro building and basic maintenance of a SSAD. There are variable costs for covering requests. If one assumes (as any good economist does) that many if not most requests are tied to some sort of abuse issue, it hardly seems that benefits fall only to those requesting data, and that CP’s with particularly poor hygiene will contribute more to the variable costs of running a SSAD than any others. These various issues need to be teased out MUCH more if this group is going to make economically sound recommendations.
Milton Mueller (NCSG)
01:21:34
Don't support taking out #2. At all
Milton Mueller (NCSG)
01:21:39
No
Volker Greimann (RrSG)
01:21:41
no
Sarah Wyld (RrSG)
01:21:42
No
Matt Serlin (RrSG)
01:21:47
I think the principles are critical to be included and don’t support removing them
Ayden Férdeline (NCSG)
01:22:01
Oppose deleting 2
Volker Greimann (RrSG)
01:22:37
Alan, we’ll still have that cost in realism-world
Volker Greimann (RrSG)
01:23:12
So there it’ll be this cost and that cost
Alan Greenberg (ALAC)
01:24:05
Volker, I agree (and I actually think that you WILL still be the "authorization provider" in many cases). Buty I am trying to understand the overall position.
Sarah Wyld (RrSG)
01:25:24
Thanks for clarifying, Janis. In that case I would need some time after the meeting to consider the letter with those changes before confirming.
Milton Mueller (NCSG)
01:25:38
Can we distinguish between fixed and start-up costs and usage costs in our request?
Mark Svancarek (BC) (marksv)
01:26:09
@Milton, that makes sense
Sarah Wyld (RrSG)
01:27:14
+1 Alan
Matt Serlin (RrSG)
01:27:53
Alan is spot on…building and implementing a system we propose is vastly different than the status quo today
Hadia
01:32:18
Hello all
Rod Rasmussen (SSAC)
01:34:09
Speaking personally, I would propose adding a principal that any contracted party with an “excessive” amount of queries relative to the size of its portfolio of domains for “abuse fighting” purposes should bear a higher burden of the costs of running the system. This is imprecise language and would need further definitions, but I think you get the point. I bring this up because the current principles only look at this from the angle that registrants don’t act maliciously. We al know that is often not the case.
Matt Serlin (RrSG)
01:35:18
Well now it’s very clear we aren’t going to be able to agree on this letter on this call so suggest we take it to the list with people’s suggested edits
Sarah Wyld (RrSG)
01:35:34
+1 Matt
Milton Mueller (NCSG)
01:35:37
I still am wondering why we believe ICANN is the go-to entity for a cost estimate. They have no economists on staff, am I correct?
Georgios Tselentis (GAC)
01:36:09
So just to understand what a direct beneficiary is: if SSAD provides information that improves security and stability of the DNS to a third access seeker does this directly benefit ICANN or not?
Mark Svancarek (BC) (marksv)
01:36:15
+1 Matt, and sadly also +1 Milton - how good will the ICANN estimate really be?
Milton Mueller (NCSG)
01:37:26
Georgios: having trouble understanding your question. Are you saying ICANN itself is a direct beneficiary?
Volker Greimann (RrSG)
01:37:57
Depends what you are sending outy
Georgios Tselentis (GAC)
01:38:18
@Milton: I am asking
Matthew Crossman (RySG)
01:38:19
I think we discussed in Montreal that the CZDS system plus an additional premium on top for the additional security functionality that would be necessary here could be a useful baseline
Berry Cobb
01:40:00
https://docs.google.com/document/d/1Ci-wvA1P9yoKjJ5DPeRbZ5FOHL2D8ExGsN2SV9TPELM/edit#
Sarah Wyld (RrSG)
01:42:19
I think Volker had to step away for a moment
Becky Burr (ICANN Board Liaison)
01:42:32
this suggests that the system should be cost neutral
Becky Burr (ICANN Board Liaison)
01:42:37
For CPs
Sarah Wyld (RrSG)
01:43:12
Thanks Becky. I think we were getting at similar to what was in the letter we just looked at.
Sarah Wyld (RrSG)
01:44:19
Just like how this system is being built to accommodate requestors of different types, it needs to also suit CPs of all shapes and sizes
Alex Deacon (IPC)
01:45:14
+1 milton on the equality point.
Sarah Wyld (RrSG)
01:46:51
+1 for proportionality
Milton Mueller (NCSG)
01:47:06
Thomas hard to hear at times
Margie Milam (BC)
01:50:57
I'm going offline to drive but will remain on the phone
Sarah Wyld (RrSG)
01:51:08
Drive safe, Margie!
Sarah Wyld (RrSG)
01:52:11
You said we will get an updated version of this block to review after the meeting ?
Mark Svancarek (BC) (marksv)
01:52:30
@Sarah, I heard that, too
Sarah Wyld (RrSG)
01:52:39
Thanks MarkSV
Milton Mueller (NCSG)
01:52:59
OK with me
Alex Deacon (IPC)
01:55:39
I would suggest we delete the “for example…” text
Volker Greimann (RrSG)
01:55:45
When will Facebook publish a RDS of their account holders by the way? Surely there is crime being committed through that platform too and anyone affected should have the ability to find out who posted what.
Mark Svancarek (BC) (marksv)
01:57:18
Seems like a remnant of a previous concept
Marc Anderson (Verisign / RySG)
01:57:30
agree with Milton
Sarah Wyld (RrSG)
01:59:11
I note Eleeza's comment that the analysis is difficult if there are many models to consider
Milton Mueller (NCSG)
01:59:47
agree Janis, this is implementation guidance
Becky Burr (ICANN Board Liaison)
02:05:48
Under no circumstances should data subjects be expected to …
Sarah Wyld (RrSG)
02:06:03
Sorry, really basic question here, what do the square brackets mean?
Sarah Wyld (RrSG)
02:06:10
We see them a lot but I'm not clear on what they indicate
Becky Burr (ICANN Board Liaison)
02:06:26
usually they mean proposed but not agreed to, but not sure here
Sarah Wyld (RrSG)
02:06:31
Thank you Becky
Rod Rasmussen (SSAC)
02:06:39
@Stephanie - what if the registrant is a criminal using the domain name for criminal purposes? I’d really like them to pay for everyone’s costs of dealing with their abuse. *criminal in a universally accepted definition
Sarah Wyld (RrSG)
02:07:37
Is there a universally accepted definition of criminal?
Julf Helsingius (NCSG)
02:07:46
Does someone speeding have to pay the speed cameras or the fuel for the car of the sheriff?
Rod Rasmussen (SSAC)
02:09:12
There are some universally accepted definitions of crime. Don’t get sucked into the details - this is about principals. Someone using domains to disseminate CSAM, run a phishing scam, or control a massive DDoS botnet fits here.
Chris Lewis-Evans (GAC)
02:09:39
+1
Rod Rasmussen (SSAC)
02:10:19
@Jeff - yes, typically they do via the fine they pay for the infraction. Depends on how the local municipality does cost recovery of course. YMMV
Milton Mueller (NCSG)
02:11:06
We could say that the fees should adhere to the principles in the policy
Sarah Wyld (RrSG)
02:11:47
+1 Marc
Sarah Wyld (RrSG)
02:15:28
It doesn't affect me personally, but since we have about half our members unable to attend on that day it seems unfair to not reschedule it
Berry Cobb
02:15:47
For those in Berlin next week on the 26th, we're still working on a huddle room. I will communicate one, once it is determined.
Mark Svancarek (BC) (marksv)
02:16:04
Thanks, Berry!
Sarah Wyld (RrSG)
02:16:17
27?
Sarah Wyld (RrSG)
02:16:26
Dec 4
Berry Cobb
02:16:28
4th
Marc Anderson (Verisign / RySG)
02:16:31
4th
Mark Svancarek (BC) (marksv)
02:16:32
Same for 28th?
Sarah Wyld (RrSG)
02:16:39
The following Wednesday is Dec 4.
Sarah Wyld (RrSG)
02:16:46
Yes, ok.
Hadia Elminiawi (ALAC)
02:16:57
yes dec 4 next Wednesday
Berry Cobb
02:17:03
3 Dec Legal, Dec 4 Plenary, Dec 5 Plenary.
Sarah Wyld (RrSG)
02:17:41
Thanks Berry
Berry Cobb
02:17:44
Jan. 9th will be first Plenary of 2020.
Berry Cobb
02:18:17
Potential for Legal call on 7 Jan 2020; depending on work accomplished.
Sarah Wyld (RrSG)
02:18:34
It sounded OK but I would appreciate seeing it written down
Terri Agnew
02:18:41
Updated invites will be sent shortly
Sarah Wyld (RrSG)
02:19:09
Thanks Terri. If it could be provided as just a typed out list of dates & times I would greatly appreciate it
Matt Serlin (RrSG)
02:19:15
It feels to me that pace that we are heading toward is very similar to Phase 1 when we tried doing the same thing…I appreciate all of the work we are trying to do, but more frequent meetings does not equate to a better end product
Matt Serlin (RrSG)
02:19:21
My $.02 at least
Alan Woods (RySG) (Donuts)
02:19:30
agreed Matt 100%
Sarah Wyld (RrSG)
02:19:36
Thanks, all
Stephanie Perrin (NCSG)
02:19:43
catching up with chat….Rod makes a good point, but there needs to be a mechanism in law to do that