1.1.1 Containment by small/constrained team (output/status)
1.1.2 Multiple small teams
1.1.5 Define several levels of disclosure (Chatham House rules)
1.1.6 How to protect sensitive info?
188.8.131.52 Attribution -- to a specific organization or shared anonymously
184.108.40.206.2 No -- what mechanism for sharing?
220.127.116.11 Attempt to obtain/produce info without need for NDAs
18.104.22.168 have the source "sanitize" the information before sharing it
22.214.171.124 Share w/ICANN staff -- or independent 3rd party
126.96.36.199 Sanitizing -- not just identity -- strategic/"real" info
188.8.131.52 Tradeoff -- protecting information vs useful report
1.1.7 Levels of confidentiality
184.108.40.206 What is sensitive
220.127.116.11.1 Who defines it as sensitive?
18.104.22.168.2 Ascertain sensitive info from source
22.214.171.124 Chatham House is the lower level of confidentiality
126.96.36.199.1 Highest "most sensitive" material
188.8.131.52.1.1 Confidential or Classified - available only to some WG members, proprietary informations.
184.108.40.206.2.1 More sensitive - available for internal use to all WG members (with attribution/description)
220.127.116.11.2.2 Chatham House
18.104.22.168.2.2.1 "When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed."
22.214.171.124.3.1 Public - can be published on the WG wiki, with attribution
126.96.36.199.1 Internal to Sub-team
188.8.131.52.2 Internal to DSSA
184.108.40.206.3.2 Published or not
220.127.116.11.4 Need to clearly define/track who is internal to DSSA WG and sub-teams?
18.104.22.168 Sign legal document
22.214.171.124 Use section in the DSSA charter, non-disclosure agreement, no additional agreement
126.96.36.199 Sign agreement from the start or for special occasions? -- Mandatory to sign at the beginning.
1.2.1 Agreeing to public output
1.2.3 Sharing without attribution
1.2.4 Mechanism for classification
1.3 Types of confidential material
1.3.1 Data (for analysis)
1.3.2 Internal processes/trade secrets
188.8.131.52 May require compartmentalization
1.4 Platform (prototype) NEISAS
1.4.1 Share confidential information in a trusted model
184.108.40.206 CSIRTs use this tool
1.4.5 How much does it cost?
1.4.6 web site -- www.neisas.eu (maybe)
220.127.116.11 Action item: explore Neisas and report back to the group
1.5 Code of conduct for group?
1.5.1 Charter sufficient?
2.1.1 Sub-working groups may need to access sensitive or proprietary information in order for the DSSA to do its work
2.1.2 These procedures are an exception to accountability and transparency standards
2.1.3 No formal NDA required for membership in the DSSA
2.2.1 Only required where members of sub-working groups need to access and protect confidential information
18.104.22.168 If needed: sub-WG members sign formal Affirmation of Confidentiality and Non-Disclosure agreement
22.214.171.124 If needed: project or issue-specific Non-Disclosure Agreement
126.96.36.199 If needed: separate private sub-working group email lists