FINAL VERSION SUBMITTED (IF RATIFIED)
The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote.
FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC
The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.
DRAFT SUBMITTED FOR DISCUSSION
The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).
Comment Only Google Doc, 30 March 2021:
https://docs.google.com/document/d/1Xus48mqvDAJkNkmWQoReT6FL6nN6UB-MJPL8QqF9810/edit?usp=sharing
ICANNSSR2ALACReview 02 March 2021 DRAFT
ICANN SSR2 review by ALAC
Draft by Alejandro Pisanty for joint work with Greg Shatan
We provide a draft comment on the SSR2 report for ALAC to discuss and potentially adopt. SSR2 is the Second Stability, Security and Resilience Review.
- We are pleased to observe that SSR2 has ratified most of the work of the first SSR-RT (full disclosure, it was chaired by one of us, AP). We agree with the observation that SMART objectives had to be derived from the report in a managerial process starting from ICANN’s receiving the report and the Board’s adoption by a resolution.
- We observe with interest that the SSR2 team met the same difficulty as the first SSR-RT in prioritizing recommendations. We attribute this to the many-sided view both reports provide.
- The SSR2 team invested great effort and time in finding the right level of aggregation for their analysis and report, which as the SSR-RT team found, cannot be an in-depth security audit, nor is useful to keep at a too general level.
- Some significant developments in the time between the two reviews are: DNS Abuse, the introduction of the GDPR, the effects of ICANN’s change of status after changes in its contractual relationships with the government of the United States, significant mood changes in the Internet environment, and geopolitical shifts.
- On the way towards implementation the report and those who apply it would find it useful to divide their analysis and plans in three circles: what ICANN does (mostly ICANN.org and the immediate work of the SO/AC Councils); what ICANN influences (contracted parties, participants in ICANN processes especially PDPs); and the rest of the world. Tools adequate for each circle are different.
- We applaud Recommendation 2 for the creation of a CSO position, recommending that it take into account the best people, work, practices, and experience already excelling in foresight, proactive, and reactive work.
- We agree with Recommendation 4, improving Risk Management, making sure that all risks are considered, with community participation that is balanced in order to avoid risks of capture or disproportionate influence by parties with less at stake than influence or ability to slow processes.
- We agree with Recommendation 6, on Vulnerability Disclosures, recommending the highest possible level of interaction with the broad ecosystem.
- We agree with Recommendations 7, Continuity, and 8, Public Interest, which must not be construed in a way that reduces efficacy and agility.
- We agree with Recommendation 12 on DNS Abuse Transparency, cautioning against implications such as arise from the ongoing, complex relationship between GDPR and WHOIS/RDS; the paradoxal effect that data turn out to be protected but users and their assets are not should be avoided.
- We agree with Recommendation 16 on Privacy and RDS with the above caveat related to Recommendation 12 in mind.
- We agree emphatically on Recommendation 17 on the avoidance of domain-name collisions, which is particularly protective of the most diversified, global user base.
- We agree emphatically on Recommendation 18, Informing Policy Debate, for which intensified relationships, attendance, and invitations for mutual participation are further recommended, with organizations such as the IETF, IEEE, ACM, ISOC, and many other national and regional bodies, including universities and research centers which produce quality research.
- We support Recommendation 20 on Key Rollover, recommending further that the experience gained under the COVID-19 emergency be especially considered.
- We recommend that geopolitical and similar risks, including consumer and citizen sentiment in different jurisdictions, be given a stronger consideration, with the implication of maintaining a constant, high level of short, medium- and long term situational awareness and interactions with as many relevant parties as possible.
We do not pronounce ourselves on the Recommendations not mentioned here because we support them “as is”, with no further comment.