Versions Compared

Old Version 16

changes.mady.by.user Marika Konings

Saved on

compared with

New Version 17

changes.mady.by.user Marika Konings

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Also, in discussions that the EPDP Team has had regarding purposes, ICANN Office of the CTO (OCTO) has been mentioned. To inform the EPDP Team’s continued discussion on this topic, ICANN Org would like to clarify that ICANN OCTO does not require personal data in domain name registration data for its work. For example, OCTO’s Domain Abuse Activity Reporting (DAAR) project <https://www.icann.org/octo-ssr/daar> uses only the registrar and nameserver information.

3.  Further input is requested to explore how WHOIS was used before the Temp Spec was adopted, in OCTO's activities.  The original Org response does not address that issue. For example, did OCTO use WHOIS in its law enforcement training and outreach activities, or engagement with the cybersecurity community, or to facilitate or respond to large scale botnet attacks, such as Conficker or Avalanche? Individual members may follow up with the CTO for follow up questions, if available at ICANN63.

Regarding the EPDP Team’s follow-up question on how OCTO used WHOIS data for training and outreach activities, prior to the effective date of the Temporary Specification, use of WhOIS data to identify the registrant and the technical data related to a domain name was part of the training materials. The training showed how one could use WHOIS data to attempt to contact a registrant or the hosting provider in cases of compromised machines, etc. Since the Temporary Specification became effective, the training no longer shows one how to use public WHOIS data to contact a registrant, instead as part of the training, a brief overview of where the policy discussions are and how people can get involved in the discussion is provided.

 The EPDP Team’s follow-up question also asks how OCTO used WHOIS data for engagement with cybersecurity community, or to facilitate or respond to large scale botnet attacks, such as Conficker or Avalanche. Conficker, Andromeda and other large-scale actions are typically managed by the Law Enforcement agencies, not OCTO. OCTO’s role in those activities does not involve the use of personal data in WHOIS. Those Law Enforcement agencies would be better placed to discuss their operational procedures and the effect of the Temporary Specification on their operations.


Data Retention

  1. With respect to data retention: For how long and why, should data escrow agents retain old deposits (if at all) in order to fulfill their contractually-required obligations? For how long and why, should data be retained by registries and registrars from the perspective of ICANN Org for purpose A (Establish the rights of a Registered Name Holder in a Registered Name and ensuring that the Registered Name Holder may exercise its rights in respect of the Registered Name)?

...