Hi Greg et al, Just a follow-up observation (or three.) 1. It must be clear (in scoping) that the IRT will not only review the timeline but will also review the GAC PSWG proposed authentication methods. Reg from Tucows will be participating in the PSWG group (Owen is dropping out) but whoever is appointed to the reconstituted IRT may have thoughts/comments. 2. Yesterday in the meeting with the GAC and the Board, Becky Burr answered a question about "How Soon" this would all happen. She mentioned our Council meeting today as the "trigger" but I note that IRTs are actually convened by the Board, not the GNSO Council (at least this is what I think). So in terms of next steps, are we saying that Council will somehow correspond with the Board saying that it agrees the Board should instruct ICANN Org to reconvene the IRT and specify some scope considerations in that letter to the Board? Will the reconvened IRT be open +hybrid. Will new members be able to join etc? 3. Please note that the GAC rep from India complained about how long this is taking and asked Becky if the Board could do something to get things done more quickly and specifically made a reference to a concern that the GNSO Council should be prevented from "stalling". Of course the Council would have control over initiation and scoping of a GGP but that would ultimately have to feed into a reconvened IRT anyway so perhaps the IRT is the most efficient approach. Anne Anne Aikman-Scalese GNSO Councilor NomCom Non-Voting 2022-2026 anneicanngnso@gmail.com On Mon, Mar 10, 2025 at 1:50 PM DiBiase, Gregory <dibiase@amazon.com> wrote:
Thanks Anne.
The sections you referenced are from a previous version of the Registration Data Policy. The language is from the version that was posted for public comment in July 2023 <https://icann-community.atlassian.net/wiki/pages/viewpageattachments.action?...>. The current version of the Registration Data Policy <https://www.icann.org/resources/pages/registration-data-policy-2024-02-21-en>, which comes into full effect in August 2025, does not include all of the cited language (although it does include section 10.1).
This is because the Board expressed concerns that language re: Urgent Requests may not be fit for purpose and that it was *necessary to revisit Policy Recommendation 18* concerning requests for registrant data made in the context of situations that pose an imminent threat to life, serious bodily harm, infrastructure, or child exploitation (see Board letter <https://gnso.icann.org/sites/default/files/policy/2024/correspondence/tsinha...> ).
*For urgent requests (Rec 18), the policy recommendation language did not define the response timeline and left it open for the implementation team to determine.*
During its December 2024 meeting <https://icann.zoom.us/rec/play/eneFW35eS_CYC4BncLpbvkoWKkfuEuOONQ0mjquBmaRUO...>, the GNSO Council considered the IRT’s previous discussions regarding the separate timeline for urgent requests and noted the IRT could not agree to a timeline, in part, because of the lack of a global authentication mechanism. Now, in light of GAC`s work on an authentication mechanism, reviewing the timeline again would not constitute policy development as defined in Annex A of Bylaws (the GNSO PDP) but rather, would be continued implementation work on Recommendation 18 of the EPDP Phase 1 Final Report.
Councilors may feel other policy work may be warranted, but thus far, we have only signaled that we would review the timeline in light of GAC’s work on an authentication mechanism.
Thanks,
Greg
*From:* Anne ICANN <anneicanngnso@gmail.com> *Sent:* Sunday, March 9, 2025 4:42 PM *To:* Council@icann.org; DiBiase, Gregory <dibiase@amazon.com>; Terri Agnew via cou. <council@gnso.icann.org>; Steve Chan <steve.chan@icann.org>; Caitlin Tubergen <caitlin.tubergen@icann.org>; Saewon Lee < saewon.lee@icann.org>; Tomslin Samme-Nlar <mesumbeslin@gmail.com>; Nacho Amadoz <nacho@amadoz.cat> *Subject:* [EXTERNAL] Urgent Requests - work done by the IRT but not implemented
*CAUTION*: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
Leadership and Steve,
Regarding the upcoming Council discussion on next steps for "Urgent Requests", below is what I understand to have been the Registration Data Policy IRT work that was not implemented even though the policy re urgent requests in Recommendation 18 was in fact adopted by the Board. *It would be great if staff could confirm before Wednesday that the sections below are consistent with staff's understanding of the IRT work that was done:*
DEFINITION AND CONDITIONS FOR APPLYING TIMELINES
3.8 “Urgent Requests for Lawful Disclosure” are limited to circumstances that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation in cases where disclosure of the data is necessary in combatting or addressing this threat. Critical infrastructure means the physical and cyber systems that are vital in that their incapacity or destruction would have a debilitating impact on economic security or public safety.
FORM AND TIMING OF DISCLOSURE REQUESTS
10.1 Registrar and Registry Operator MUST publish on their homepage (a publicly available webpage where their domain name services are offered) a direct link to a page where the mechanism and process for submitting Disclosure Requests is detailed. The mechanism and process MUST specify (a) the required format and content of requests, (b) the means of providing a response to the requestor, and (c) the anticipated timeline for responses.
10.6 For Urgent Requests for Lawful Disclosure, Registrar and Registry Operator MUST respond, as defined in Section 10.7, without undue delay, generally within 24 hours of receipt.
10.6.1 If Registrar or Registry Operator cannot respond to an Urgent Request for Lawful Disclosure within 24 hours, it MUST notify the requestor within 24 hours of receipt of an Urgent Request for Lawful Disclosure of the need for an extension to respond. Registrar or Registry Operator’s extension notification to the requestor MUST include (a) confirmation that it has reviewed and considered the Urgent Request for Lawful Disclosure on its merits and determined additional time to respond is needed, (b) rationale for why additional time is needed, and
(c) the time frame it will respond, as required by Section 10.7, which cannot exceed two (2) business days from the time of the initial receipt of the request.
10.6.2 In addition to the extension provided for in Section 10.6.1, if responding to an Urgent Request for Lawful Disclosure is complex, or a large number of requests are received by Registrar or Registry Operator, it MAY extend the time for response up to an additional one (1) business day provided it notifies the requestor within (2) business days from the time of the initial receipt of the request of the updated time frame to respond explaining the need for an additional extension of time.
There are also some footnotes clarifying some issues in relation to requests that come on non-business days, etc.
Thank you,
Anne
Anne Aikman-Scalese
GNSO Councilor
NomCom Non-Voting 2022-2026
anneicanngnso@gmail.com