Page History

...

• Timezone Converter:http://tinyurl.com/yc6mnjk9
• Abstract: http://sched.co/CbF3
• Adobe Connect: Multimedia Session Recording
• English Audio: Session Recording
• AC Chat: RDS PDP WG 1 Nov Chat.docx
• Transcript RDS Abu Dhabi 01 Nov 

REVISED PROPOSED AGENDA - WEDNESDAY

...

• Brief updates from DT5 and DT6
• No updates from DT2 or DT3 at this timemeeting

4. Purposes for gTLD registration data and directory services (continues from Saturday)

b. Criminal Investigation/DNS Abuse Mitigation (DT#7)

• Link to Draft:  https://community.icann.org/download/attachments/69280637/DraftingTeam7-CrimInvAbuseMit-1%20November%202017.pdf
• Slides: https://community.icann.org/download/attachments/69280637/RDS3-DT7%20Overview%20for%20ICANN%2060.pdf
• Category covers all use of an RDS to support criminal and other investigations
• Users include law enforcement, cybersec professionals, IT admins protecting their own networks, automated protection systems, others pursing abuse issues
• Definition of “Abuse” is included in the definition slide 2
• Who you need to contact depends upon the particular abuse case
• Expand investigation to understand scope of abuse may involve identifying additional domain names
• Investigation may lead to request to suspend domain names
• Users either making a lot of ad hoc requests to support investigation or automated processes that query data for a large number of domains – probably more than one purpose
• Categories of Actions – should include hosting providers getting involved in mitigation, as opposed to just the registrars for the underlying DNs
• Re: hosting companies may not be willing to talk to investigator but may be willing to talk to the DN’s Tech/Admin contact
• Relationship to compliance and reg enforcement purpose as well? Where do these purposes overlap or do they just relate to each other in a way that can be defined?
• No such thing as world-recognized law enforcement – jurisdiction may play role in determining users and chains of users (3d matrix?, even GDPR does not address needs of law enforcement)
• Note that who gets access to what data still needs to be addressed, even after defining the purpose and data involved
• Noted that these cases are about access and not putting data into the system in the first place

...

d. Academic/Public Interest DNS Research (DT#1)

• Link to Draft: https://community.icann.org/download/attachments/69280637/techissues1.pdf
• For example, DN registration history was used in a study of the introduction of new TLDs
• Another example: APWG researching trends and patterns – for example history data (WhoWas)
• WHOIS accuracy studies (starting from 2000 USG study, continuing through ICANN ARS)
• May also be used to assess P/P use, examining geographic distribution of registrations, etc.
• Could potentially be used for examining the impacts of GDPR in the future
• Many of these are examples of public policy research (including ICANN policies)
• Examples of organizations conducting such studies include ISOC, EFF
• Data elements list is not inclusive – often use whatever data is available, may need data across many domains for statistical analysis, etc.
• Distinction between this and market research? Sometimes academic study data ends up being applied for other reasons, including commercial
• Question: Since virtually all the examples given require the aggregation of RDS data and the ability to search across multiple domains, do we need to treat this aggregation itself as a use case/purpose?  
• Would it be a method or use or purpose? Or would the search of aggregated data produces a new data set, that may then be used several purposes?
• See ref to ICANN contractual enforcement – is this covered by DT5? Use of data by Contractual Enforcement Dept for research vs. use of data by Contractual Enforcement Dept for enforcement purpose?

...

• Slides: ICANN60 RDS PDP F2F v6.PDF (updated 1 November for Wednesday F2F)
• List of Drafting Teams (includes team member lists & links to team email archives)
• Drafting Team outputs - may be updated in advance of meeting:
  • DT1: Tech Issue Resolution and DNS Research [doc, PDF]
  • DT2: Domain Name Control and Individual Internet Use [doc, PDF]
  • DT3: Domain Name Certification [doc, PDF]
  • DT4: Domain Name Purchase/Sale [doc, PDF]
  • DT5: Regulatory or Contractual Enforcement [doc, PDF]
  • DT6: Legal Actions [doc, PDF]
  • DT7: Criminal Investigation/DNS Abuse Mitigation [doc, PDF] and slides