00:21:04 Anne Aikman-Scalese: I can't get into this document - firm policy against Google account. 00:22:14 Anne Aikman-Scalese: They require an email to let me in. Cannot do it. 00:22:41 Kimberly Carlson: https://docs.google.com/document/d/1yrXk6-z1yHXrIUcIoYW6v6chzlcSOIQpn59MV-OKnyg/edit 00:22:59 Anne Aikman-Scalese: OK - got it thanks and it works now 00:28:10 Kimberly Carlson: I have just resent everyone’s panelist URLs 00:28:25 Matt Larson: 3. Identify datasets used in past studies and determine if those datasets are still available and any constraints there may be regarding access. 4. Identify gaps (*) in the datasets used by previous studies, resulting in a list of additional datasets or data providers that would be necessary to successfully complete Studies 2 and 3. 5. Assess the potential availability of these additional datasets. 00:28:36 Matt Larson: (*) Gaps in the data refers to types, sources, specific events captured, etc., that were not used in prior work but would have been useful or even necessary for the prior work to have been comprehensive. 00:28:55 Matt Larson: That's text from the Study 1 SOW that Karen is working from and which I'd like to speak to at some point today. No hurry. 00:29:41 James Galvin: Thanks Kim for the panelist links! 00:30:05 James Galvin: Got it Matt Larson. 00:34:39 Jeff Neuman: I will absolutely make some edits but I didn't want to prior to discussing 00:36:02 Jeff Neuman: Right, but this will likely be used as a basis to get funding from ICANN for the future studies 00:37:54 Rubens Kuhl: I don't think we can take for granted that future studies will happen, so I suggest we do it scenario-based: without further studies, what we can say and suggest is X. Further studies can add this and that. 00:38:08 Jeff Neuman: Agree with Jeff (No surprise). There is interest here, but we need to take the notion of risk and danger off the table 00:38:44 Jeff Neuman: I would love that being priority number 1 of Phase 2 00:38:49 Jeff Neuman: Study 2 00:41:41 Jeff Schmidt: Agree. I just want to make sure we don’t conflate “this is interesting” with “this is dangerous.” Accidentally or intentionally. 00:42:06 Matt Larson: I have a meta comment that I would like to make soon, please. 00:42:59 James Galvin: Matt Larson - I’ll let you jump the queue and be next. 00:44:21 Rubens Kuhl: We also have sub-notification with COVID-19, but the same principle applies: people with strong symptoms will go to the hospital. The other might prefer drinking hot tea in their homes. 00:44:22 Jeff Schmidt: Yes Warren, but there is not zero signal in that data either ;-) 00:44:39 Patrik Fältström : Patrik Fältström here. Arrived unfortunately 20 min into the call. 00:45:50 Kimberly Carlson: 3. Identify datasets used in past studies and determine if those datasets are still available and any constraints there may be regarding access.
4. Identify gaps (*) in the datasets used by previous studies, resulting in a list of additional datasets or data providers that would be necessary to successfully complete Studies 2 and 3.
5. Assess the potential availability of these additional datasets. 00:46:34 Warren Kumari: @Jeff: Yes, there isn't zero data, but with no idea of what percentage of collisions reported 00:49:07 Warren Kumari: (Sorry all, I'm trying a new split (ergodox) keyboard which JUST arrived, and the new layout causes me typing issues)) 00:49:36 Warren Kumari: With no idea i 00:49:50 Warren Kumari: GAH! 00:50:32 Warren Kumari: Perhaps trying s 00:51:28 Jeff Neuman: Resolved (2017.11.02.30), the Board requests the ICANN Security and Stability Advisory Committee to conduct a study in a thorough and inclusive manner that includes technical experts (such as members of IETF working groups, technical members of the GNSO, and other technologists), to present data, analysis and points of view and provide advice to the Board on a range of questions that include, but are not limited to, the following: (1) a proper definition for name collision and the underlying reasons why strings that manifest name collisions are so heavily used; (2) the role that negative answers currently returned from queries to the root for these strings play in the experience of the end user, including in the operation of existing end systems; (3) the harm to existing users that may occur if Collision Strings were to be delegated, including harm due to end systems no longer receiving a negative response and additional potential harm if the delegated registry accidentally or purposely exploited subsequen 00:51:28 Matt Larson: There's a limit to the size of pasted text. You could post a link instead. 00:51:38 Jeff Neuman: https://www.icann.org/resources/board-material/resolutions-2017-11-02-en 00:51:51 Jeff Schmidt: @Warren: :+1: 00:51:58 Jeff Neuman: https://www.icann.org/en/system/files/files/ncap-study-1-report-12feb20-en.pdf 00:52:14 Jeff Schmidt: @Ram: Would love a focus of our group to be just that - finding the other unicorn “.corp/corp.com” issues 00:52:17 Ram Mohan: Your EPDP tracking is showing, Jeff N :-; 00:52:24 Warren Kumari: Perhaps trying a new keyboard right when getting on a call was not the best idea ever... 00:52:33 Jeff Schmidt: Sporting. 00:53:26 Anne Aikman-Scalese: COMMENT: The Board has asked questions about measuring the potential "harm". As I understand it, the question relative to Study 2 is what data is needed to assess that harm. (I don't think the inquiry as to "harm" is limited to "catastrophes".) Maybe we should focus on the word, "harm" or "risk"? COMMENT 00:55:00 Jeff Neuman: harm is more than a risk 00:55:14 Jeff Neuman: Just because there is a risk does not mean it is a risk of "harm" 00:56:02 Anne Aikman-Scalese: @Jeff - I am just looking for a word to replace "danger" that ties back to your reference to the questions the Board wants to answer. That word may be "harm" since it's in the Board resolution. 00:56:41 Ram Mohan: @Anne, and @JeffN, I believe we should focus on harm - as a reflection of risk. That is what the Board wanted/wants to understand, since it will help them see what actions to take if the level of risk goes from to to to to (or something like that) 00:57:29 Jeff Neuman: @Ram - there is nothing in the Study 1 report that demonstrates "harm" 00:57:39 Jeff Neuman: Perhaps a "Risk" of things happening 00:59:04 Ram Mohan: @JeffN, agree that there's a risk of things happening. We have to decide if we want to stick with the term Risk or with the Board Resolution term Harm 00:59:08 Greg Shatan: But isn’t “risk of harm” one of our key concerns? If not the key concern? 00:59:47 Jeff Neuman: @Ram - The Board uses harm because it wants to know what to expect when the approve going forward with the next round 00:59:55 Anne Aikman-Scalese: @JeffN - some Study 1 info identifies harm - Man in the Middle stuff related to DNS Abuse, right? 01:00:02 Jeff Neuman: @Ram - But just looking for "risks" is academic 01:00:49 Ram Mohan: Gradation of risk is probably a very useful outcome. Including understanding if the risk may cause harm/danger/catastrophe. 01:00:55 Ram Mohan: @JeffN, academic how? 01:01:39 Jeff Neuman: @Ram - Because there is always a risk in doing anything; 01:01:58 Jeff Neuman: What are the risks if we delegate new TLDs in Round 2 from potential future name collisions? 01:02:28 Ram Mohan: So just stating that there are risks is not particularly useful. But providing some gradation and some way to differentiate is likely useful. 01:03:47 Jeff Neuman: @Ram - Yes, but things need to be prioritized. 01:03:57 Greg Shatan: Risks can be characterized by severity, probability, types of harm, ease of fixing, losses caused by fixes, etc. 01:04:17 Ram Mohan: For example, should names that are banned due to NC be allowed in a future round? What are the risks? What are the harms? That doesn't appear academic to me. 01:04:33 Jeff Neuman: @Greg - A lot of that work has already been done in the JAS studies and other materials in the bibliography 01:04:46 Greg Shatan: Risk management is a fundamental part of this project and just about everything else. 01:05:20 Greg Shatan: @Jeff, understood — that’s why we collected it together. To form a basis for further work - level setting, if you will. 01:05:39 Jeff Neuman: Greg and Ram - Yes we need to assess risk of course, but we have a lot of that data 01:05:55 Jeff Neuman: Study 1 did not show a large amount of data out there that we needed to get 01:08:08 Jeff Schmidt: The risk is highly, highly concentrated in a few unicorns. Gotta find those. Nothing else matters to the same level (controlled interruption did what it was supposed to). 01:09:38 Jeff Neuman: our study 1...not the phase 1 report 01:09:57 Greg Shatan: handle 01:10:33 Jeff Neuman: Study 1 also was supposed to identify gaps 01:10:59 Steve Crocker: I have a hard stop at one minute before the top of the hour. 01:11:34 Warren Kumari: + lotto 01:11:43 Warren Kumari: + lots 01:12:03 Jeff Neuman: But that is not what Study 1 was. It was to identify the data AND indicate sources of new data 01:16:07 Jeff Neuman: @James - if we all agree, then to tie the chain so to speak, we should file a comment so that the public can see what we are concluding 01:16:46 Jeff Neuman: - And if we knew about this data, then why did we not tell that to the contractor when she was drafting the Study 1 report? 01:17:47 Ram Mohan: @Jeff, good q. re. why the contractor didn't add, but it's not useful for where we are today... 01:17:54 Anne Aikman-Scalese: @Jeff - many calls have been devoted to identifying gaps in the data that need to be reviewed in order to answer the Board's questions. 01:18:41 Ram Mohan: I have to leave the call - Thanks! 01:18:59 Jeff Neuman: @Anne - and ALL of that was included in Study 1 01:19:16 Steve Crocker: Leaving now. Thanks. 01:19:25 Jeff Neuman: The stuff today is new (which is fine), but we should make it part of the public record through the comments 01:19:53 Jeff Neuman: So it doesn't look like we are working around what our expert contractor did (which was a great report) 01:20:34 Anne Aikman-Scalese: Thank you Jim et al 01:20:35 Kimberly Carlson: Thanks all, be safe. bye