00:29:17 Chokri Ben Romdhane: Hi all
00:29:40 Chokri Ben Romdhane: Evan please count me in
00:30:18 Devan Reed - ICANN Org: Closed captions are available in the Zoom CC option. However a running transcript is available at the following link: https://www.streamtext.net/player?event=ICANN
00:30:34 Devan Reed - ICANN Org: Welcome to the Consolidated Policy Working Group Call on Wednesday the 25 of August 2021 at 19:00 UTC.
00:33:14 Herb Waye: Greetings everyone
00:38:24 Cheryl Langdon-Orr: How to interpret this is *extremely* important
00:39:31 Holly Raiche: What was ‘command and control?”
00:40:45 Holly Raiche: Thanks
00:41:18 christopher wilkinson: What is DAAR?
00:42:56 Lutz Donnerhacke: Domain Abuse Activity Report
00:43:05 Evin Erdogdu - ICANN Org: Please reference ICANN Domain Abuse Activity Reporting (DAAR): https://www.icann.org/octo-ssr/daar
00:43:39 Lutz Donnerhacke: .oO( OCTO ) … we do not have bingo sheets
00:44:07 christopher wilkinson: I don’t agree with the change. ICANN should not take a narrow view of abuse. Abuse is NOT limited to security threats. This has nothing to do with ICANN’s ‘0mandate’.
00:44:34 Cheryl Langdon-Orr: excellent to have the cc's in
00:45:03 Sivasubramanian M: This division (in your diagram) of spam, malware and phising domains --- don't they overlap? A spammer might plant malware which might be intended for phising which might also imply other possible security threats..
00:45:10 Lutz Donnerhacke: @Christopher, which Kind of abuse are you refering to?
00:46:08 christopher wilkinson: @Lutz - Several categories of Content.
00:46:18 Sivasubramanian M: +1 CW
00:47:29 John McCormac - HosterStats.com: Has DAAR correlated registry/registrar discounting with various types of DNS abuse? (disposable domain names increase spam levels etc.)
00:48:46 Sivasubramanian M: @John Yes, DAAR can't merely remain as a reporting exercise or as an observatory, the observations may have to lead to discounting as you say.
00:49:46 Lutz Donnerhacke: @CHristopher, i.e. pornographic Content on web sites, which is prohibited in some jurisdiction?
00:49:54 Greg Shatan: +1 CW and Siva. One type is a combination of content and bad acts in order to create abuse or to make the abuse more effective.
00:50:30 Cheryl Langdon-Orr: Thank you @Sameneh this is all very exciting and the value add for those with indivisual reports being received seem an excellent inducement
00:50:33 Greg Shatan: Such as using a pirated logo to lull users into clicking on an abusive link.
00:50:48 Cheryl Langdon-Orr: the future plans are also great directions IMO
00:51:47 Sivasubramanian M: What ICANN could aim for is a common minimum guidelines for all Registries and Registrars to adopt on top of which a Registry could have its own subset of rules to suit its own standards --- for example .secure with stricter set of rules
00:51:54 Lutz Donnerhacke: The Kinds of abuse mentioned in the DAAR seems to be threads which are global accepted as bad activity. Everything else is much more complicated
00:52:47 Sivasubramanian M: @Lutz What is formally accepted as bad activity isn't all that there is.
00:53:38 Lutz Donnerhacke: I do not consider ICANN as a tool for extending local law into a global significance
00:54:01 John McCormac - HosterStats.com: Yes. Low price doms increase spam levels.
00:54:48 John McCormac - HosterStats.com: Thanks.
00:55:16 Sivasubramanian M: @John please clarify what you meant by Registry / Registrar discounting. Did you mean discounting the standing of a Registry or Registry based on a high level of abuse activity withing their operations?
00:55:33 Greg Shatan: I would say DAAR focuses on abuse as defined by the Contracted Parties, as exhibited in numerous ICANN meetings and documents...
00:55:34 Sivasubramanian M: I understood it that way... or is it price that you were talking about?
00:55:36 Holly Raiche: Really interesting - thank you
00:55:54 Roberto Gaetano: it will be quite a problem to get into matters that are considered legal/illegal depending on jurisdiction - surely to open that can of worms might have the effect of not being able to act even on globally accepted “bad behaviours” - so I would be careful in trying to extend the concept
00:56:23 Cheryl Langdon-Orr: Indeed @Roberto
00:56:27 John McCormac - HosterStats.com: @Siva the registries and registrars often run discounting offers on registrations. It makes some models of abuse economically more feasible than they would be with a full prices registration.
00:57:39 Sivasubramanian M: Oh sorry, I was saying that based on a high level of abuse as reported by DAAR that is traced to a specific Registry of Registrar, ICANN could consider 'discounting' the standing of the Registrar or Registry.
00:57:58 Lutz Donnerhacke: This is phishing
00:58:59 John McCormac - HosterStats.com: Just another possible tweak for DAAR, it might be a good thing to break down compromised hosts/doms by dedicated server/shared hosting. That would also make it easier to see patterns of compromise.
00:05:11 Marita Moll: That was weird!
00:05:17 Matthias M. Hudobnik: Echo
00:05:21 Cheryl Langdon-Orr: As is Adigo
00:05:27 Matthias M. Hudobnik: It works
00:09:08 hadia Elminiawi: ok thank you
00:09:12 hadia Elminiawi: very clear
00:09:21 Lutz Donnerhacke: So only the truly Domain related issues
00:09:24 Cheryl Langdon-Orr: Thanks VERY much!
00:09:41 John McCormac - HosterStats.com: Thanks, Samaneh. Very interesting presentation.
00:09:55 Evin Erdogdu: Thank you very much, Samaneh
00:10:01 Holly Raiche: Thank you Very interesting
00:10:08 hadia Elminiawi: Thank you so much samaneh
00:10:08 Lianna Galstyan: Thanks much
00:10:51 hadia Elminiawi: It is clear Daniel
00:16:33 Holly Raiche: Could you rerun the poll now that the explanation has been given
00:21:01 Cheryl Langdon-Orr: Same answer from me ;-)
00:21:24 Holly Raiche: In future, maybe not run polls until after an explanation and discussion?
00:22:00 Cheryl Langdon-Orr: LOL
00:22:14 Cheryl Langdon-Orr: Ohh dear
00:22:26 Roberto Gaetano: no consensus :-)
00:22:42 Cheryl Langdon-Orr: You tried Lutz!
00:22:56 Bill Jouris: As with many things, much will depend on how the post notification is actually implemented.
00:23:24 Lutz Donnerhacke: It's okay ...
00:23:31 Harold Arcos: Pros and Cons from pov of the WG will be useful
00:23:34 alangreenberg: I'm on the call now.
00:23:39 Holly Raiche: +1 Bill
00:23:48 Marita Moll: Maybe a couple of slides on an issue like this showing the pros and cons would be helpful.
00:23:49 hadia Elminiawi: hi alan
00:23:52 John McCormac - HosterStats.com: The problem with a post notification is that the mailserver might change and the registrant might not get the post notification e-mail.
00:24:01 Lutz Donnerhacke: Bill: At the Moment there is no process definition
00:24:12 Holly Raiche: @ John - that is what needs a bit more discussion
00:24:31 Bill Jouris: @Lutz, which makes it hard to judge whether it will work.
00:24:35 John McCormac - HosterStats.com: @Holly Yep. It won't be possible to have a solution for all cases.
00:24:39 Holly Raiche: Thanks Lutz - that needs more dicussion
00:24:40 DANIEL K. NANGHAKA: That is why the post notification may have a challenge
00:24:46 Lutz Donnerhacke: Bill: Correct
00:25:08 Cheryl Langdon-Orr: exactly @Daniel thus my NO vote in the poll
00:25:18 Bill Jouris: @Lutz, and probably accounts for the number of Not Sure responses to the poll
00:25:19 Lutz Donnerhacke: OCL, so my NO
00:25:45 Roberto Gaetano: I wonder whether questions to be asked via a poll during the call could be anticipated on the mailing list a couple of days earlier so that we can have discussions and explanations - and come to a more informed reply to the poll
00:25:59 John McCormac - HosterStats.com: @Daniel The problems would be multiplied if the domain name being transferred is a nameserver domain name.
00:26:21 Holly Raiche: @ Roberto - good suggestion. It wold help us come to a decision
00:26:35 Lutz Donnerhacke: @john: You have a very evil way of thinking
00:26:59 John McCormac - HosterStats.com: @Lutz I have a particular set of skills. :)
00:27:26 Lutz Donnerhacke: We should try to tranfer the Domain "root-Servers.net" ...
00:27:33 John McCormac - HosterStats.com: :)
00:28:32 DANIEL K. NANGHAKA: During the transfer not all records in the dataset are transferred, which include the DNS records
00:28:52 DANIEL K. NANGHAKA: So it becomes a challenge to post notification
00:28:52 John McCormac - HosterStats.com: @Lutz I think that someone regged a dropped ccTLD nameserver domain a few years ago as a proof of concept.
00:30:15 Holly Raiche: Well said
00:30:48 Marita Moll: +1
00:33:26 John McCormac - HosterStats.com: @Daniel a nameserver dom being transferred is different from an ordinary dom being transferred. The other domain names depending on the nameserver will get no notification . A nameserver domain name could be considered a separate class of domain name for transfer purposes. It would make the transfer process more complex though.
00:33:34 Holly Raiche: Shelter for the homeless!
00:33:46 Cheryl Langdon-Orr: The WT was set up while the PDP existed @Alan
00:34:00 Cheryl Langdon-Orr: and Yes it would require reconstitution
00:34:16 Cheryl Langdon-Orr: and this way forward IS the best way IMO as well @Greg
00:34:48 Holly Raiche: Thanks Greg
00:34:57 Cheryl Langdon-Orr: I think your credting too much in that last part @Greg
00:35:41 Greg Shatan: @CLO - Perhaps I am.... :-)
00:40:43 Sivasubramanian M: Already it is challenging for ALAC to insist on this distiction of legal Vs natural. However there is one more concern. What if a nautral person uses his domain space for business?
00:41:14 Sivasubramanian M: Shouldn't this be business/organizations Vs individaul
00:41:16 Sivasubramanian M: ?
00:42:16 Sivasubramanian M: business activity / commercial activity / organized activity by individuals.
00:43:22 Holly Raiche: @ Siva - some of the objection to NOT allowing a distinction comes from a concern for privacy of individuals who are sole traders.
00:44:09 John McCormac - HosterStats.com: A sole trader (not a registrered company) might be a natural and a legal person as they are doing business (legal/ doing business as) in their own name (personal). Varies by country though.
00:44:39 alangreenberg: Note that what it means for the SSAD to "support" the fields is not defined.
00:44:54 Holly Raiche: True John - definitions are not consistently clear
00:44:56 Sivasubramanian M: @Holy that is a valid concern, but there can't be a blanket exclusion of all individuals from this requirement. Some sole proprietor business are well organized, affecting a large cusotomer base
00:45:33 Greg Shatan: I think that's a very broad definition of "legal person." Typically, it's an either/or distinction.
00:45:35 Holly Raiche: @ Siva- a legitimate question - I don’t have a quick, easy answer
00:46:22 Sivasubramanian M: @Holy I was thinking about a class of individuals (for example physiotherapists) who in a sense offer professional medical services, they might prefer to remain anonymous, and may REQUIRE privacy.
00:47:15 Greg Shatan: The information of natural persons continues to be protected.
00:47:47 Sivasubramanian M: But the concern here is about this exclusion of individuals / sole-owner's privacy becoming a way for a malicious actor to abuse his or her status as an individual and operate his or her webspace in an exploitative manner affetivng many, with immunity by anonymity
00:48:23 Greg Shatan: That is unfortunately a feature and not a bug.
00:50:56 Sivasubramanian M: It is not only expolitative business activity with impunity, but also of various forms of abuse concerns.
00:52:25 Sivasubramanian M: By extension, at some future point of time, sellers with subdomains (for example amazon.com/individualname) may also have to be classed under the business category, and not as individuals.
00:52:32 christopher wilkinson: Are the GNSO Council meetings open to other ICANN participants?
00:53:11 John McCormac - HosterStats.com: How will this deal with historical WHOIS registrations?
00:53:43 hadia Elminiawi: it sets the technical base
00:54:04 Sivasubramanian M: Making it optional will have only one effect. The legitimate businesses / legal persons will comply, they will fill in, and the bad actors will conveniently ignore.
00:54:17 hadia Elminiawi: but the usage is not there yet
00:54:21 Roberto Gaetano: @CW normally they are
00:54:33 John McCormac - HosterStats.com: Could it be folded in at the renewal stage for a domain name? That would help bring most of the domain names up to spec quite quickly?
00:56:12 christopher wilkinson: @Alan: GDPR is a REGULATION, NOT A DIRECTIVE. Thus National implementation legislation is NOT required.
00:58:00 Heidi Ullrich: Thank you, CW. Here is the EU explanation on regulations, directives and decisions: https://europa.eu/european-union/law/legal-acts_en
00:58:14 alangreenberg: @Christopher, I was talking about NIS2 which WILL require national legislation to implement.
00:58:34 christopher wilkinson: I.e. as in the EU jargon: DIRECTLY APPLICABLE.
01:00:17 Sivasubramanian M: @Alan The comapny name including an Executive's name and WORK address, a work phone, work email is not personal information. If Google argues that it does not have one individual who agrees to be known by his or her name, then there is something wrong.
01:00:29 Sivasubramanian M: Google = any business entity.
01:01:36 John McCormac - HosterStats.com: @Alan The sole trader issue (where someone is doing business in their own name) is of more concern than an incorporated company (a legal person).
01:03:02 Sivasubramanian M: How does a sole trader trade in the real world with invisiblity?
01:03:10 Greg Shatan: Siva, that's not the way the law works.
01:04:07 Matthias M. Hudobnik: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/do-data-protection-rules-apply-data-about-company_en
01:04:24 Sivasubramanian M: @Greg Yes there are nuances. But this can't become a huge loophole.
01:04:37 Maureen Hilyard: I have to leave now..
01:04:40 Matthias M. Hudobnik: @alan here the one person company issue
01:05:09 christopher wilkinson: Good night. Thankyou, All. CW
01:05:18 Sivasubramanian M: Good night CW
01:05:39 Alfredo Lopez CTPD: Gracias. Buen dia
01:06:56 Cheryl Langdon-Orr: Thank you @Lianna
01:10:30 Sivasubramanian M: @Matthias "However, information in relation to one-person companies may constitute personal data where it allows the identification of a natural person." and goes on to practically exclude employess in a legal entity
01:10:57 Sivasubramanian M: Complicated, but it requires a solution
01:11:19 Chokri Ben Romdhane: Thank you all
01:11:48 Cheryl Langdon-Orr: Bye for now then....
01:12:00 hadia Elminiawi: Thank you all - bye
01:12:03 John McCormac - HosterStats.com: Later all.
01:12:04 Lianna Galstyan: Thanks everyone and bye
01:12:10 Evin Erdogdu - ICANN Org: Thank you all!
01:12:12 Sivasubramanian M: Thank you.
01:12:13 Herb Waye: Take care everyone, stay safe and be kind
01:12:16 Harold Arcos: thank you all
01:12:18 Evin Erdogdu - ICANN Org: Happy birthday to Jonathan…[birthday cake]
01:12:20 Matthias M. Hudobnik: Bye
01:12:23 Matthias M. Hudobnik: Thx
