AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Public Comment CloseStatement
Name 

Status

Assigned Working Group

Assignee(s)

Call for
Comments Open		Call for
Comments
Close 		Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number

ALAC Advice to ICANN Board on EPDP Phase 2

DRAFTING

CPWG

Alan Greenberg

Hadia Elminiawi

At-Large staff
staff@atlarge.icann.org

Hide the information below, please click here 

As was noted on the 30 June CPWG meeting, ALAC Member to the EPDP-TempSpec, Alan Greenberg, noted he plans to draft ALAC advice to the ICANN Board on EPDP Phase 2.

FINAL VERSION SUBMITTED (IF RATIFIED)

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 


FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.


DRAFT SUBMITTED FOR DISCUSSION

The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).

REVISED: Alan Greenberg 13 July 2021 18:36 UTC

AT-LARGE ADVISORY COMMITTEE

ALAC Advice to the ICANN Board on

The System for Standardized Access/disclosure to non-public domain name registration information

(“SSAD”)

The ALAC notes with appreciation the hard work of the EPDP Phase two team work which resulted in producing an initial report outlining a proposed system for standardized access/disclosure to non-public gTLD registration data (“SSAD”) accompanied by 18 recommendations and an addendum to the initial report addressing priority two items accompanied by four recommendations and two conclusions.

While ALAC acknowledges that the phase two team was successful in arriving at consensus in relation to many of the phase two recommendations and as we ensure our full commitment to ICANN processes and multi-stakeholder model, we find ourselves obliged to present this advice to the Board to safeguard the interests of the individual Internet end users.

  1. Our advice to the Board relates to four main aspects of the initial report outlining the proposed system for access/disclosure to nonpublic registration data

The ability of the proposed system (“SSAD”) to fulfil the requirements of the system’s users (Nonpublic information requestors)

The SSAD was initially created in order to allow third parties with legitimate interests and lawful basis to obtain nonpublic registration data in a timely manner. Many of these legitimate interests and purposes for the use of the SSAD are related to the protection of Internet users; as such, ALAC would like to see the proposed system fulfilling the needs of its users. However, the service level agreements associated with the requests types, the assigned priorities, and the lack of effective automation make it impossible for the SSAD to fulfill the needs of urgent requests as well as requests related to consumers’ protection among others.

2. The Proposed system in most cases offers a service that does not differ much than the current practice

While the system automates the receipt, authentication and transmission of SSAD requests to the relevant contracted party, all disclosure decisions apart from four limited use cases are handled in a manner that does not differ much than the current practices.   Those current practices have proven inadequate, and there is little reason to believe that with the SSAD, it will be better.


3. The agility of the system and its ability to adapt and evolve

Given the novelty of the proposed solution and possible legal clarity as time passes and more cases are globally addressed, SSAD is expected to be able to adapt and evolve based on new findings and learned experiences. However, the proposed recommendations do not allow for an agile system that could evolve without further PDPs.  

 

4. The consensus level that some of the recommendations received

Six out of the 18 recommendations received significant opposition. These six recommendations address the response requirements, contracted party authorization, automation of the SSAD, service level agreements related to non-automated discloser requests, discloser requirements, review of implementation using a GNSO standing committee and the ability of the system to adapt and evolve. All of the recommendations lacking consensus are core recommendations to the operation of the proposed system for access/disclosure, which indicates lack of community support to the proposed model. Ultimately, resulting in developing a system whose intended beneficiaries will not use. The ALAC questions the concept of a Consensus Policy based on recommendations that did not have consensus within the PDP WG!


5. Legal/Natural differentiation

At the end of Phase 2, the ALAC was optimistic that future effort might ensure a Legal/Natural differentiation and that the SSAD recommendations could be amended to allow automated disclosure for Legal Person registration. It now appears that such a change will not occur. It seems likely that EU NIS2 regulations and legislation will require such differentiation in the near future, but only for those registrars affected by such legislation (resulting in a very uneven playing field. To accommodate such legislation within the SSAD for the entire registrar community would require a further PDP.


The system as currently proposed will require significant time, effort and cost to implement. There is little indication that it will even come close to meeting the needs of the proposed users. Moreover, based on a recent announcement by one registrar to charge for non-public access requests, there is increasing evidence that the costs associated with SSAD may well be above the levels that most users are willing to pay.

In summary, if the SSAD is even used, it will provide a very expensive, very complex, glorified ticketing system, and one that will likely have sufficiently high user fees that it’s use will not be justifiable.

The ALAC advises the ICANN Board to:

  • Either reject the SSAD recommendations, or remand the issue back to the GNSO , perhaps with a suitable delay to fully understand the potential changes to the GDPR-related regulations in Europe.
  • Immediately have ICANN Org design and begin implementation of a ticketing system to track requests for disclosure of non-public gTLD registration information. Such a system has no need for accreditation, thus simplifying the implementation. If a PDP is required to require that all contracted parties use it, such a targeted GNSO PDP should be initiated by the Board. Consideration should be given to having the ticketing system apply to Privacy/Proxy providers. This can likely be built upon existing components already in use within ICANN, or commercial solutions readily available.
  • Should regulations comparable to those related to data registration information in NIS2 be adopted by the European Union Council and Parliament, the ICANN Board should consider initiating a targeted PDP to ensure that all ICANN registrars are subject to comparable rules.

Hadia ElMiniawi 12 July 2021  at 15:25 UTC

AT-LARGE ADVISORY COMMITTEE

ALAC Advice to the ICANN Board on

The System for Standardized Access/disclosure to non-public domain name registration information

(“SSAD”)



The ALAC notes with appreciation the hard work of the EPDP Phase two team work which resulted in producing an initial report outlining a proposed system for standardized access/disclosure to non-public gTLD registration data (“SSAD”) accompanied by 18 recommendations and an addendum to the initial report addressing priority two items accompanied by four recommendations and two conclusions.

While ALAC acknowledges that the phase two team was successful in arriving at consensus in relation to many of phase two recommendations and as we ensure our full commitment to ICANN processes and multi-stakeholder model, we find ourselves obliged to present this advice to the ICANN Board of Directors to safeguard the interests of individual Internet end users.

Our advice to the Board relates to four main aspects of the initial report outlining the proposed system for access/disclosure to nonpublic registration data

1.The ability of the proposed system (“SSAD”) to fulfil the requirements of the system’s users (Nonpublic information requestors)

The SSAD was initially created in order to allow third parties with legitimate interests and lawful basis to obtain nonpublic registration data that would fulfil their purposes for requesting the information. Many of these legitimate interests and purposes for the use of the SSAD are related to the protection of Internet end users; as such, ALAC would like to see the proposed system fulfilling the needs of its users. However, the service level agreements associated with the requests types and the assigned priorities make it impossible for the SSAD to fulfill the needs of urgent requests as well as requests related to consumers’ protection among others.

2The Proposed system in most cases offers a service that does not differ much than the current practice

While the system automates the receipt, authentication and transmission of SSAD requests to the relevant contracted party, all disclosure decisions apart from four limited use cases are handled in a manner that does not differ much than the current practices.  Providing limited benefit to its intended users.

3. The agility of the system and its ability to adapt and evolve

Given the novelty of the proposed solution and possible legal clarity as time passes and more cases are globally addressed, SSAD is expected to be able to adapt and evolve based on new findings and learned experiences. However, the proposed recommendations do not allow for an agile system that could evolve without further EPDPs.  

 4. The consensus level that some of the recommendations received

Six out of the 18 recommendations received significant opposition. These six recommendations address the response requirements, contracted party authorization, automation of the SSAD, service level agreements related to non-automated discloser requests, discloser requirements, review of implementation using a GNSO standing committee and the ability of the system to adapt and evolve. All of the recommendations lacking consensus are core recommendations to the operation of the proposed system for access/disclosure, which indicates lack of community support to the proposed model. Ultimately, resulting in developing a system whose intended beneficiaries will not use.

As the implementation of the proposed system will entail significant costs, time and effort, and as there is no clear evidence that the proposed system offers a service which differs much than the current practice. The ALAC advices the board not to implement the proposed SSAD and advise towards further work to achieve a solution that would serve the public interest.

  • No labels