Public Comment CloseStatement
Name 

Status

Assignee(s)

Call for
Comments Open
Call for
Comments
Close 
Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number

04 May 2018

IPC/BC Accreditation & Access Model for Non-Public Data

NOT SUBMITTED



Hide the information below, please click here 


FINAL VERSION TO BE SUBMITTED IF RATIFIED

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 




FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.




FIRST DRAFT SUBMITTED

The first draft submitted will be placed here before the call for comments begins.

The At-Large Advisory Committee (ALAC) appreciates the opportunity to comment on the Draft Accreditation and Access Model. At the heart of the matter is the notion of “purpose” versus “use.” There are those within the ICANN community that believe we should venture back 30 years in our quest for purpose, while others believe the unforeseen growth of the Internet requires a broader definition of purpose, in which “security and stability” includes some measure of consumer protection. End user surveys suggest that the majority of end users rely on all of the actors outlined in the proposed model to protect their interests. 

Consequently, use and purpose can be difficult to distinguish in the modern era. The ALAC agrees with the ICANN Org presumption that the current model for data collection is the path forward in the near term. The nuance, at present, is in designing a model of accreditation and access. The ALAC understands that tiered access is the most probable solution to ensuring compliance with the General Data Protection Regulation (GDPR), but we do have serious concerns as to the structure of this proposed model. Within the current draft, the model provides an all-or-nothing approach to the data sought, where the petitioner’s request and purpose may only justify access to specific non-public data. Furthermore, specific data requests may require a higher bar (for example judicial) for access. We recommend a three-dimensional access model of accreditation akin to that of receiving security clearance in the United States: 1) identity of the petitioner; 2) determining the petitioner’s purpose; and 3) requesting information on how they will use that data. At its core, the mission of the accreditation model should be to provide a reliable and trusted domain name system (DNS) and the ALAC feels these considerations will propel the ICANN community further in that direction.

Identity of the Petitioner 

As noted above, the first stage is to identify who is requesting the information. The ALAC recommends that the ICANN community should develop a system in which certain members or entities have levels of access to non-public information. The system should be very much analogous to obtaining a security clearance in the United States. Thus, depending level of access for which you qualify, determines what type of non-public data you or your organization will have access to.

In equity and efficiency, until such an assessment is made, the ALAC recommends that ICANN should look into the use of anonymized emails to address most of the concerns related to third-party access of such data so long as the petitioner has made a prima facia case that they seek the data for a legitimate purpose. We believe it serves as a way for those whom feel as though their various rights have been violated to reach out to the necessary party, while not disclosing any personal information. Concurrently, it allows the petitioning party to go through the accreditation process to seek the relevant data.

Defining Legitimate Purpose 

The ALAC understands that the purpose of this draft model is to provide a temporary solution to comply with the E.U.’s GDPR that will be in full effect on May 25, 2018. Maintaining the integrity of an individual’s personal information, either within the E.U. or outside of it, is a priority to the ALAC. WHOIS is a multifunctional system that is invaluable for those attempting to conduct research as well as protect consumers from fraud, phishing and other illegal enterprises. ICANN should promulgate a solution that balances the equities between GDPR compliant protection of personal information and the other essential functions of WHOIS. The ALAC believes that all the actors described in the proposed accreditation model play a legitimate role in consumer protection.

In its letter, WP29 lists out various amount of criticism of ICANN’s interim model and provides what it feels are measures by which ICANN can accommodate these criticisms. For example, on issue of purpose specification, the WP29 believes the phrase “legitimate access…[to] accurate, reliable and uniform registration data” within the interim model’s text is too broad and would, thus, violate Article 5(1)(b) of the GDPR. WP29 recommends that ICANN better define the term “purposes” and take out the term “include” in this context to ensure that ICANN’s interim model meets the comprehensive-and-exhaustive standard under Article 5. Even though we believe that WP29’s recommendation is vague, the ALAC recommends that ICANN should reiterate its considerations for legitimate purposes under in its interim model, like allowing registrars to perform basic administrative functions, research and specific forms of consumer protection including IP enforcement.

Petitioner’s Disclosure of their Intended Use of the Non-Public Data

The ALAC recommends that, before a petitioner is granted access to the non-public WHOIS data, they must disclose in detail how they will use the data and disclose whether they intend to give access of such information to third-parties. This will ensure the integrity of the potential data subject’s rights and provide ICANN with better information to avoid unwanted or unintended disclosures that may run afoul to certain provisions of the GDPR.  Furthermore, a “purpose tier” creates another axis to balance privacy and consumer protection, allowing for different criteria for data access depending on intended use.

We appreciate the opportunity to share our views on this matter. Thank you in advance for your time and consideration on this important issue.


5 Comments

  1. From: Holly Raiche
    Date: Sun, 8 Apr 2018 15:41:46 +1000
    To: ALAC
    Subject: [ALAC] ALAC Comment on IPC/BC Access Model

    Folks

     As we said in the ALAC Statement on the GDPR – now being voted upon – one of the outstanding critical issues will be accreditation of those who are given access to personal information from the Whois database. 

     The IPC/BC community within the GNSO has developed a ‘Draft Accreditation and Access Model for non-public Whois Data’  which they are putting forward for discussion.  Indeed, they recently held a webinar on the model – at the usually impossible time for Australia. They have also set up a mailing list on the issue and the documents they used for the webinar are supposed to be available for those on the mailing list. (I haven’t seen them as yet)

     The first thing to note about that model is that is that it is very much the creature of the IPC/BC constituency.  The NCSG were not consulted and are developing their response to the accreditation model.  My understanding is that the Registries/Registrars also did not provide input into that model. We should also comment - either through a Google Doc or on the wiki, but - in a very short space of time - we should be developing at least some response to the IPC/BC proposal. No response to their model could otherwise be taken as tacit community consent to its proposals. 

     My two major issues with the model are as below. Please feel free to comment as well.

     My basic issue with their Access Model is that it confuses data ‘use’ with the ‘purpose’ of collection.  Under basic data protection law, personal information can only be collected for specified and legitimate purposesof the data collector  (ICANN and registrars) and not further processed in ways inconsistent  with the legitimate purpose(s).  The ALAC has suggested that feedback from the European DPAs will assist in determining the purposes consistent with ICANN and the Registries purpose in collection of that data. The purpose suggested in the Interim Model is not as broad as suggested by this Access Model and, in my view, preferable. (See Annex A, Access Model).

     The Access Model proposed suggests that, once parties are accredited, they would gain access to all the Whois Information.  In my view, any access to personal information should be in limited circumstances only-  that blanket access not be given.  In a law enforcement context, search warrants generally need some kind of judicial sanction, based on apprehension of possible criminality, before premises can be searched and/or persons apprehended. While an access request test probably would not be quite that stringent, I could not support access seekers being given blanket permission to access personal information generally; there should be a requirement for reasonable grounds to suspect unlawful or harmful action in specific circumstances (carefully defined) before access given. 

    Holly
    1. Blanket access to non-public data (NPD) should not be allowed. Requesting parties should provide a list of specific NPD items, i.e. name, address, DNS, etc. Each specific NPD item should be accompained with some sort of explanation as to why is needed and its intended use.   For example, if  NPD name and address is all that is needed, then that is what you get, not the whole thing. In addition, the requesting party should indicate a time frame when it will erase the requested NPD.


  2. From: León Felipe Sánchez Ambía 
    Date: Monday, April 9, 2018 at 12:54 AM
    To: Holly Raiche
    Cc: ALAC
    Subject: Re: [ALAC] ALAC Comment on IPC/BC Access Model

     

    Dear Holly and all,

     

    I think it’s of the essence that the ALAC is able to provide feedback and help shape whatever model is suggested. ICANN Org has been emphatic in that they will provide support to a community wide exercise that aims to shape a proposed model but it will not provide support to isolated efforts. 

     

    I have read different points of view regarding this proposed model and it feels like it doesn’t really have the support the BC/IPC thinks it has, hence the importance of having input from the ALAC and the rest of the community. 

     

    Maybe the BC/IPC proposal is a good starting point but we have to keep in mind it is just that: a starting point that should allow community wide feedback and go through a community wide process to find consensus on the end outcome. 

     

    Kind regards 

     

    León 

  3. I have not had the time to do a very thorough analysis but I do have several comments based on my review of the document and related to Holly's comments.

    I agree that this work to date is a creature of the BC/IPC and the parties that have commented to date. I APPLAUD that. I an many of us have been saying for several months (certainly starting before the Abu Dhabi meeting) that the accreditation model is an absolute key to moving forward. In fact, some of you may recall that in answer to the Board's question to us about do we have any suggestions to mitigate the problems associated with GDPR, the ALAC answered YES. The answer was that we need to stop working in slow steps and start parallel efforts on all aspects of the problem, the most important being the accreditation model. We were ignored.

    The BC/IPC have done something and put it down on paper. Bravo!

    Holly has pointed out that we can only collect data that we need. Correct. But my interpretation of our mission is to provide a reliable trusted DNS. To do that we MUST ensure that those who help ensure that the DNS meets that target have access to the tools (and data) that they need to do their jobs. That IS our business!!! If we do not ensure that necessary data is collected, it can never be used by those with legitimate need.

    We need to state that clearly. Ultimately if I understand the process, it may be the courts that decide whether our rationale for collecting data is sufficiently strong to out-weight the privacy aspects.

    That brings us to the accreditation model, since WHO can get access to WHAT data is critical to us making that argument.

    I think this model is a great start.

    I see problems with it, but we need to start the discussion somewhere. What do I see as problematic?

    • I think their provision to give access to "All users", while it would be nice for me personally, is more than a bit loose. We are going to need something MUCH stronger to grant access over and above the other accredited channels.
    • I agree with Holly that a single tier is not sufficient. There should be more granularity based on the uses. Perhaps we could start with this single and improve later, but my preference would be to use the use-cases we already built (and how we spent the first many months of this project) to provide a few tiers.
    • I look forward to the work that the document says the SSAC is doing regarding credentialization.
    • I STRONGLY support the comments from the Anti-Phishing Working Group (APWG). These comments make the model more effective and implementable.


  4. I agree with this statement