1.1.1 Containment by small/constrained team (output/status)
1.1.2 Multiple small teams
1.1.5 Define several levels of disclosure (Chatham House rules)
1.1.6 How to protect sensitive info?
22.214.171.124 Attribution -- to a specific organization or shared anonymously
126.96.36.199.2 No -- what mechanism for sharing?
188.8.131.52 Attempt to obtain/produce info without need for NDAs
184.108.40.206 have the source "sanitize" the information before sharing it
220.127.116.11 Share w/ICANN staff -- or independent 3rd party
18.104.22.168 Sanitizing -- not just identity -- strategic/"real" info
22.214.171.124 Tradeoff -- protecting information vs useful report
1.1.7 Levels of confidentiality
126.96.36.199 What is sensitive
188.8.131.52.1 Who defines it as sensitive?
184.108.40.206.2 Ascertain sensitive info from source
220.127.116.11 Chatham House is the lower level of confidentiality
18.104.22.168.1 Highest "most sensitive" material
22.214.171.124.1.1 Confidential or Classified - available only to some WG members, proprietary informations.
126.96.36.199.2.1 More sensitive - available for internal use to all WG members (with attribution/description)
188.8.131.52.2.2 Chatham House
184.108.40.206.2.2.1 "When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed."
220.127.116.11.3.1 Public - can be published on the WG wiki, with attribution
18.104.22.168.1 Internal to Sub-team
22.214.171.124.2 Internal to DSSA
126.96.36.199.3.2 Published or not
188.8.131.52.4 Need to clearly define/track who is internal to DSSA WG and sub-teams?
184.108.40.206 Sign legal document
220.127.116.11 Use section in the DSSA charter, non-disclosure agreement, no additional agreement
18.104.22.168 Sign agreement from the start or for special occasions? -- Mandatory to sign at the beginning.
1.2.1 Agreeing to public output
1.2.3 Sharing without attribution
1.2.4 Mechanism for classification
1.3 Types of confidential material
1.3.1 Data (for analysis)
1.3.2 Internal processes/trade secrets
22.214.171.124 May require compartmentalization
1.4 Platform (prototype) NEISAS
1.4.1 Share confidential information in a trusted model
126.96.36.199 CSIRTs use this tool
1.4.5 How much does it cost?
1.4.6 web site -- www.neisas.eu (maybe)
188.8.131.52 Action item: explore Neisas and report back to the group
1.5 Code of conduct for group?
1.5.1 Charter sufficient?
2.1.1 Sub-working groups may need to access sensitive or proprietary information in order for the DSSA to do its work
2.1.2 These procedures are an exception to accountability and transparency standards
2.1.3 No formal NDA required for membership in the DSSA
2.2.1 Only required where members of sub-working groups need to access and protect confidential information
184.108.40.206 If needed: sub-WG members sign formal Affirmation of Confidentiality and Non-Disclosure agreement
220.127.116.11 If needed: project or issue-specific Non-Disclosure Agreement
18.104.22.168 If needed: separate private sub-working group email lists