Page History

...

6. Confirm next meeting date: Tuesday 31 January 2017 at 17.00 UTC

Attendance: 

Apologies: Stephanie Perrin (tentative), Sam Lanfranco, Alex Deacon, Vlad Dinculescu, Susan Prosser, Benny Samuelsen, Lawrence Olawale-Roberts, Maxim Alzoba, Beth Allegretti

Dial outs: Daniel Nanghaka, Holly Raiche, 

Mp3

AC Chat

Transcript

Notes:

1. Roll call / SOI

• Attendance will be taken from Adobe Connect
• Please remember to state your name for transcription purposes and do not forget to mute your line when not speaking.
• Please remember to update your SOI, if/when needed

2. Review poll results: Question 8 - Publication of "raw data" for WG polls

a. Overview of poll conclusions & "raw data" options from Survey Monkey

• Poll Results: FinalResults-Poll-on-Purpose-from-18JanCall.pdf
• Example of "raw data" for a single answer to this poll: Data_FilterRsp14_170123_RawExcel.xls
• Example of exported individual response for a single answer to this poll: Response_14_170123.pdf
  
  
• 23 responses to Q8 - strong opposition to including IP addresses in "raw data"
• 8 opposed to including name, 9 opposed to individual responses - roughly one third of those who responded
• Comment 4) timestamp may be of concern, could be stripped from Excel export but not (easily redacted) from PDF
• Comment 7) request for member affiliation to be included - polls are expecting respondents to speak for themselves, even if you do represent a group, perhaps this should be explicitly noted in every poll. Note that affiliation is available but not readily unless included in poll results. GNSO WG guidelines are clear that polls are not votes, not consensus calls and shouldn't be taken as such - a way to find out what others say, and we should know who is saying it. Should nationality or organizational affiliation play into what's published? In spirit of transparency, some have no objection to publishing data; two WG members changed view to this after discussion. Others are concerned inclusion might call into question whether they are speaking for their affiliation.
• Alternatives include (a) add (optional?) affiliation to spreadsheet only, (b) add option for WG member name to be included in spreadsheet only (c) add option for WG member to provide their employer's name
• Need to understand the problem that we're trying to solve before we can make a change in current process. Several other WG members supported this view.
• Request from Stephanie Perrin can be found here: http://mm.icann.org/pipermail/gnso-rds-pdp-wg/2017-January/002065.html

Action: Staff to request that Stephanie provide explanation of problem to be solved to the WG list to resolve this request.

b. Attempt to reach WG consensus on "raw data" for future WG polls

• To be progressed on-line via WG mail 
• Conclusion deferred to next week's meeting

3. Review poll results: Questions 1-7 - Purposes for "thin data" collection

a. Review of poll conclusions & comments/clarifications

• Poll Results: FinalResults-Poll-on-Purpose-from-18JanCall.pdf
• Note: All of the following poll questions apply only to "thin data", only to purpose(s) for collection

    Q1 - Domain Name Certification

• 21:3 support for WG Agreement #1 : Domain Name Certification is a legitimate purpose for "thin data" collection.
• Noted that we are only talking about "thin data" so a lot of concerns around privacy are moot
• There is no obligation on anyone to get an SSL cert - if you are requesting an SSL cert, you are giving CA permission to do validation using your data
• Note that those taking CC payments are obligated by PCI compliance to get certs
• Purposes doesn't seem self-evident to all
• Purposes such as this one need more than "thin data" (looking only at "thin data" now to break this into smaller pieces to facilitate progress, but need to get beyond "thin data" soon)
• Can purposes being legitimate without being a purpose of RDS? Need to consider in context of Purpose Statement.
• Are some taking a too constrained view of purposes?
• A useful purpose for data that already exists vs. a purpose for collection in the first place, with exception of Domain Name Control which may be self-evident
• If anything is a purpose for collection, we must state definitely why the purpose is legitimate. What is the foundation and motivation for that purpose?
• Reason for collection + large list of potential uses that may or may not be deemed acceptable

     Q2 - Business Domain Name Purchase or Sale

• 21:2 support for WG Agreement #2 : Business Domain Name Purchase or Sale is a legitimate purpose for "thin data" collection.
• No problem having this an appropriate use, but don't understand why this would be a purpose of collection

    Q3 - Academic/Public Interest DNS Research

• 19:3 support for WG Agreement #3 : Academic / Public Interest DNS Research is a legitimate purpose for "thin data" collection.
• Do "thin data" only really pose an issue for this purpose?

    Q4 - Regulatory and Contractual Enforcement

• 22:2 support for WG Agreement #4 : Regulatory and Contractual Enforcement is a legitimate purpose for "thin data" collection.
• Ditto

    Q5 - Criminal Investigation & DNS Abuse Mitigation

• 23:1 support for WG Agreement #5 : Criminal Investigation & DNS Abuse Mitigation is a legitimate purpose for "thin data" collection.
• Thin data seems more relevant to this purpose but does collecting for this purpose pose any risk?
• No problem with data being used for anti-abuse but should data be collected for express purpose of being investigated for possible abuse/criminal activity?

    Q6 - Legal Actions

• 22:3 support for WG Agreement #6 : Legal Actions is a legitimate purpose for "thin data" collection.
• What is the distinction between purpose, collection, use?
• Why does purpose for collection matter? How will it be applied later on?
• May jump ahead to Privacy charter question to better understand how data protection laws define and differentiate between purpose of collection and purpose of disclosure/display

    Q7 - Individual Internet Use

• 22:1 support for WG Agreement #7 : Individual Internet Use is a legitimate purpose for "thin data" collection.

b. Add results to "Key Concepts Deliberation Working Draft" Section 2.2.2

Action: Staff to update Section 2.2.2 conclusions reached by this the 18 January poll (listed above)

4. After completing deliberation on Users/Purposes Charter Question 2.2 for thin data collection only:

     2.2.1 For what specific (legitimate?) purposes should gTLD registration thin data elements be collected?

    We will then proceed to deliberating on Data Elements Charter Question 3.1 for thin data only:

     3.3.1 Do existing gTLD registration "thin data" elements sufficiently meet the needs of purposes identified as permissible for collection of "thin data" elements?

    See handouts: 18JanMeeting-PurposesForThinData-Handout.pdf and 24JanMeeting-ThinDataElementCollection-Handout.pdf

• May jump ahead to charter question of Privacy next week to get a better understanding of "purpose" and how it does or doesn't apply to "thin data" elements

5. Confirm action items and proposed decision points.

Action: Staff to request that Stephanie provide explanation of problem to be solved to the WG list to resolve this request. WG members to respond with any concerns/questions.

Action: Staff to update Section 2.2.2 conclusions reached by this the 18 January poll (listed above)

WG Agreements - see above list

6. Confirm next meeting date: Tuesday 31 January 2017 at 17.00 UTC