Next-Generation gTLD Registration Directory Services to Replace Whois

Page History

Versions Compared

Old Version 3

changes.mady.by.user Michelle Desmyter

Saved on Nov 02, 2017

compared with

New Version Current

changes.mady.by.user Lisa Phifer

Saved on Jan 15, 2018

Key

This line was added.
This line was removed.
Formatting was changed.

There will be a GNSO Next-Gen RDS PDP Working Group teleconference on Tuesday, 09 January 2018 at 17:00 UTC for 90 minutes.

09:00 PST, 12:00 EST, 17:00 London GMT, 18:00 Paris CET

For other times: https://tinyurl.com/y77kbo8q

Info
PROPOSED AGENDA 1. Roll Call/SOI Updates 2. Complete deliberation on data required for Domain Name Management a. Review poll results from 20 December call Question 2 b. Finalize agreement on data required for Domain Name Management 3. Complete deliberation on Domain Name Certification a. Review poll results from 20 December call Question 3 b. Finalize agreement on Domain Name Certification as a legitimate purpose 4. Start deliberation on “Criminal Activity/ DNS Abuse – Investigation” 5. Confirm action items and proposed decision points6. Confirm next WG meeting: Tuesday, 16 January at 17:00 UTC BACKGROUND DOCUMENTS Call Handout: Handout-9January-RDSWGCall-v3.pdf and PPT (includes poll results and DT7 definitions) DT7: Criminal Activity/DNS Abuse - Investigation PDF and DOC KeyConceptsDeliberation-WorkingDraft-9Jan2018.pdf and DOC (updated to reflect call results) 20 December Call poll (closed COB Saturday 30 December) Link to participate: https://www.surveymonkey.com/r/39LFSCX PDF of Poll Questions:Poll-from-20DecemberCall.pdf SurveyMonkey Summary Poll Results: SummaryResults-Poll-from-20DecemberCall.pdf SurveyMonkey Raw Data Poll Results: RawDataResults-Poll-from-20DecemberCall.zip and XLS Annotated Poll Results: AnnotatedResults-Poll-from-20December.pdf 9 January Call poll (closed COB Saturday 13 January) Link to participate: https://www.surveymonkey.com/r/VM6S8YK PDF of Poll Questions: Poll-from-9January-Call.pdf (corrected)

Info

PROPOSED AGENDA

1. Roll Call/SOI Updates

2. Complete deliberation on data required for Domain Name Management
a. Review poll results from 20 December call Question 2
b. Finalize agreement on data required for Domain Name Management

3. Complete deliberation on Domain Name Certification
a. Review poll results from 20 December call Question 3
b. Finalize agreement on Domain Name Certification as a legitimate purpose

4. Start deliberation on “Criminal Activity/ DNS Abuse – Investigation”

5. Confirm action items and proposed decision points6. Confirm next WG meeting: Tuesday, 16 January at 17:00 UTC

BACKGROUND DOCUMENTS

Call Handout: Handout-9January-RDSWGCall-v3.pdf and PPT (includes poll results and DT7 definitions)
DT7: Criminal Activity/DNS Abuse - Investigation PDF and DOC
KeyConceptsDeliberation-WorkingDraft-9Jan2018.pdf and DOC (updated to reflect call results)
20 December Call poll (closed COB Saturday 30 December)

- Link to participate: https://www.surveymonkey.com/r/39LFSCX
- PDF of Poll Questions:Poll-from-20DecemberCall.pdf
- SurveyMonkey Summary Poll Results: SummaryResults-Poll-from-20DecemberCall.pdf
- SurveyMonkey Raw Data Poll Results: RawDataResults-Poll-from-20DecemberCall.zip and XLS
- Annotated Poll Results: AnnotatedResults-Poll-from-20December.pdf
9 January Call poll (closed COB Saturday 13 January)
- Link to participate: https://www.surveymonkey.com/r/VM6S8YK
- PDF of Poll Questions: Poll-from-9January-Call.pdf (corrected)

Info

title	RECORDINGS

Mp3

AC Recording

AC Chat

Transcript

Tip

title	PARTICIPATION

AttendeesAttendance & AC Chat

Apologies: Paul Keating, Kris Seeburn, Rubens Kuhl

Note
Notes/ Action Items Action Items and Notes from RDS PDP WG Call – 9 January 2018 These high-level notes are designed to help PDP WG members navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki. 1. Roll Call/SOI Updates Link to meeting page: https://community.icann.org/x/QgByB Greg Shatan has a new employer: Moses & Finger, has new role with ISOC 2. Complete deliberation on data required for Domain Name Management a. Review poll results from 20 December call Question 2 92% supported the possible WG agreement on Domain Name Management given below Note responses giving rationale for additional data not included due to lack of support - may be considered later b. Finalize agreement on data required for Domain Name Management Accept as rough consensus the following WG Agreement WG Agreement: The following registration data is needed for the purpose of Domain Name Management: Domain Name, Registrant Name, Registrant Organization, Registrant Email, Registrar Name, Creation Date, Updated Date, Expiration Date, Nameservers, Domain Status, and Administrative Contact. Action: Staff to incorporate this WG Agreement in the working draft, and to start maintaining a table of data that has been agreed to be collected for legitimate purposes 3. Complete deliberation on Domain Name Certification a. Review poll results from 20 December call Question 3 84% supported the possible WG agreement: Domain Name Certification is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for using some data collected for other purposes. (Access requirements to be deliberated at a later stage.) 3 responses proposed revisions to the above text and 3 gave rationale for treating DN Certification as a legitimate purpose for data collection b. Finalize agreement on Domain Name Certification as a legitimate purpose Comments: Not an essential requirement but may be something we need to allow to be collected to enable DN certification - that is, not mandatory to collect, but allow to collect RDS should not be limited to data of interest to registrant in its relationship with its registrar - RDS exists in part to provide data needed by third parties in their relationship with the registrant - this is such a case Registration data is required by several processes during DN certification, but there are other processes that do not require WHOIS data today Is this required for operation of the domain name ecosystem? No. But should the RDS be required to allow collection of registration data for this purpose? From chat: ICANN is in the security, stability, resiliency and trust business. Certification is an integral part of that. Choices we may need to consider: ((MUST be collected) or (MAY be collected with informed consent)) or (not legitimate) We are trying to identify purposes that are legitimate for collection of some registration data. We were not trying to parse mandatory or optional for each data element at this stage. Alternative proposal which gained some traction: Domain Name Certification is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for allowing some data to be collected, or for using some data collected for another purpose. Another alternative: Domain Name Certification MAY BE a legitimate purpose for requiring collection of registration data, but may not be a legitimate purpose for registrants who do not intend to use a Certification Authority that uses RDS registration data. Suggestion to change "another" to "this" purpose...introduces a potential wild card otherwise. Some cert vendors use the RDS in their processes. That is a legitimate use, and a legitimate reason (all on its own) for collection, even if there is no other reason to collect the data. That is not a reason to require everyone to provide such data. Possible WG Agreement (revised, to be confirmed by poll): Domain Name Certification is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for allowing some data to be collected, or for using some data collected for another purpose. 4. Start deliberation on “Criminal Activity/ DNS Abuse – Investigation” Slide 7-10 provides an overview of Drafting Team 7's definition of this purpose “Investigation” is one of three purposes identified by DT7 Definition: The following information is to be made available to regulatory authorities, law enforcement, cybersecurity professionals, IT administrators, automated protection systems and other incident responders for the purpose of enabling identification of the nature of the registration and operation of a domain name linked to abuse and/or criminal activities to facilitate the eventual mitigation and resolution of the abuse identified: Domain metadata (registrar, registration date, nameservers, etc.) Registrant contact information Registrar contact Information DNS contact, etc... Question: Is this just law enforcement? No. Is requiring collection of data to prevent crime beyond ICANN's mandate? Deterring DNS Abuse is part of ICANN's remit From Hamilton memo #3: "Processing of Whois data by law enforcement agencies for such law enforcement purposes should constitute a legitimate interest that motivates processing of personal data in accordance with Article 6.1(f) GDPR." Note that this assumes the needed data will be collected for other purposes – need to confirm this after all purposes for collection have been deliberated upon Support expressed for possible WG agreement as presented in slides The rephrasing used for DN Certification may not be necessary for this purpose - that is, there may be no need to allow for optional collection for this purpose Agreed to test both formulations of this possible WG agreement – that is, with and without clause regarding optional collection Possible WG Agreement (to be confirmed by poll): Criminal Activity/ DNS Abuse – Investigation is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for using some data collected for other purposes. Action: Leadership team to draft poll questions to test these two possible WG Agreements. All WG members encouraged to participate in this poll no later than COB Saturday 13 January. 5. Confirm action items and proposed decision points WG Agreement: The following registration data is needed for the purpose of Domain Name Management: Domain Name, Registrant Name, Registrant Organization, Registrant Email, Registrar Name, Creation Date, Updated Date, Expiration Date, Nameservers, Domain Status, and Administrative Contact. Action: Staff to incorporate this WG Agreement in the working draft, and to start maintaining a table of data that has been agreed to be collected for legitimate purposes Possible WG Agreement (revised, to be confirmed by poll): Domain Name Certification is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for allowing some data to be collected, or for using some data collected for another purpose. Possible WG Agreement (to be confirmed by poll): Criminal Activity/ DNS Abuse – Investigation is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for using some data collected for other purposes. Action: Leadership team to draft poll questions to test these two possible WG Agreements. All WG members encouraged to participate in this poll no later than COB Saturday 13 January. 6. Confirm next WG meeting: Tuesday, 16 January at 17:00 UTC Meeting Materials: https://community.icann.org/x/QgByB[community.icann.org] Including call handout with poll results and the definitions produced by DT7

Note

Notes/ Action Items

Action Items and Notes from RDS PDP WG Call – 9 January 2018

These high-level notes are designed to help PDP WG members navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki.

1. Roll Call/SOI Updates

Link to meeting page: https://community.icann.org/x/QgByB
Greg Shatan has a new employer: Moses & Finger, has new role with ISOC

2. Complete deliberation on data required for Domain Name Management

a. Review poll results from 20 December call Question 2

92% supported the possible WG agreement on Domain Name Management given below
Note responses giving rationale for additional data not included due to lack of support - may be considered later

b. Finalize agreement on data required for Domain Name Management

Accept as rough consensus the following WG Agreement

WG Agreement: The following registration data is needed for the purpose of Domain Name Management: Domain Name, Registrant Name, Registrant Organization, Registrant Email, Registrar Name, Creation Date, Updated Date, Expiration Date, Nameservers, Domain Status, and Administrative Contact.

Action: Staff to incorporate this WG Agreement in the working draft, and to start maintaining a table of data that has been agreed to be collected for legitimate purposes

3. Complete deliberation on Domain Name Certification

a. Review poll results from 20 December call Question 3

84% supported the possible WG agreement:
Domain Name Certification is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for using some data collected for other purposes. (Access requirements to be deliberated at a later stage.)
3 responses proposed revisions to the above text and 3 gave rationale for treating DN Certification as a legitimate purpose for data collection

b. Finalize agreement on Domain Name Certification as a legitimate purpose

Comments:
Not an essential requirement but may be something we need to allow to be collected to enable DN certification - that is, not mandatory to collect, but allow to collect
RDS should not be limited to data of interest to registrant in its relationship with its registrar - RDS exists in part to provide data needed by third parties in their relationship with the registrant - this is such a case
Registration data is required by several processes during DN certification, but there are other processes that do not require WHOIS data today
Is this required for operation of the domain name ecosystem? No. But should the RDS be required to allow collection of registration data for this purpose?
From chat: ICANN is in the security, stability, resiliency and trust business. Certification is an integral part of that.
Choices we may need to consider:
((MUST be collected) or (MAY be collected with informed consent)) or (not legitimate)
We are trying to identify purposes that are legitimate for collection of some registration data. We were not trying to parse mandatory or optional for each data element at this stage.
Alternative proposal which gained some traction: Domain Name Certification is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for allowing some data to be collected, or for using some data collected for another purpose.
Another alternative: Domain Name Certification MAY BE a legitimate purpose for requiring collection of registration data, but may not be a legitimate purpose for registrants who do not intend to use a Certification Authority that uses RDS registration data.
Suggestion to change "another" to "this" purpose...introduces a potential wild card otherwise.
Some cert vendors use the RDS in their processes. That is a legitimate use, and a legitimate reason (all on its own) for collection, even if there is no other reason to collect the data. That is not a reason to require everyone to provide such data.

Possible WG Agreement (revised, to be confirmed by poll): Domain Name Certification is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for allowing some data to be collected, or for using some data collected for another purpose.

4. Start deliberation on “Criminal Activity/ DNS Abuse – Investigation”

Slide 7-10 provides an overview of Drafting Team 7's definition of this purpose
“Investigation” is one of three purposes identified by DT7
Definition: The following information is to be made available to regulatory authorities, law enforcement, cybersecurity professionals, IT administrators, automated protection systems and other incident responders for the purpose of enabling identification of the nature of the registration and operation of a domain name linked to abuse and/or criminal activities to facilitate the eventual mitigation and resolution of the abuse identified:

Domain metadata (registrar, registration date, nameservers, etc.)
Registrant contact information
Registrar contact Information
DNS contact, etc...

Question: Is this just law enforcement? No.
Is requiring collection of data to prevent crime beyond ICANN's mandate?
Deterring DNS Abuse is part of ICANN's remit
From Hamilton memo #3: "Processing of Whois data by law enforcement agencies for such law enforcement purposes should constitute a legitimate interest that motivates processing of personal data in accordance with Article 6.1(f) GDPR."
Note that this assumes the needed data will be collected for other purposes – need to confirm this after all purposes for collection have been deliberated upon
Support expressed for possible WG agreement as presented in slides
The rephrasing used for DN Certification may not be necessary for this purpose - that is, there may be no need to allow for optional collection for this purpose
Agreed to test both formulations of this possible WG agreement – that is, with and without clause regarding optional collection

Possible WG Agreement (to be confirmed by poll): Criminal Activity/ DNS Abuse – Investigation is NOT a legitimate purpose for requiring collection of registration data, but may be a legitimate purpose for using some data collected for other purposes.

Action: Leadership team to draft poll questions to test these two possible WG Agreements. All WG members encouraged to participate in this poll no later than COB Saturday 13 January.

5. Confirm action items and proposed decision points

Action: Staff to incorporate this WG Agreement in the working draft, and to start maintaining a table of data that has been agreed to be collected for legitimate purposes

Action: Leadership team to draft poll questions to test these two possible WG Agreements. All WG members encouraged to participate in this poll no later than COB Saturday 13 January.

6. Confirm next WG meeting: Tuesday, 16 January at 17:00 UTC

Meeting Materials: https://community.icann.org/x/QgByB[community.icann.org]

Including call handout with poll results and the definitions produced by DT7

Content

Space Tools

Versions Compared

Old Version 3

New Version Current

Key