All The below is shared on behalf of representatives of the RrSG and RySG aka the CPH. Also attached as a PDF. == Use of the pandemic to inflate the seriousness of DNS abuse == Registries and registrars share concerns about the potential for increased online criminal activity and are taking action. Marie’s email refers to Göran’s recent blog where he thanked the contracted parties for “their efforts and actions aimed at helping to mitigate and minimize the abusive domain names being used to maliciously take advantage of the coronavirus pandemic. For example, the Registrar Stakeholder Group has posted a useful guide, entitled “Registrar approaches to the COVID-19 Crisis.” (https://rrsg.org/wp-content/uploads/2020/03/Registrar-approaches-to-the-COVI...) Registries and registrars have joined with security experts, law enforcement, Internet engineers, and others, in the COVID-19 Cyber Threat Coalition (CTC)( https://www.cyberthreatcoalition.org/ ). Many registrars have banned the registration of covid-related domains, a trend that is growing. Finally, a RySG working group is wrapping a year’s worth of work to improve the DAAR system so that the data reported is actionable, i.e., can be used to curtail abuse. It does little good to gainsay the tragedy of COVID-19 through hyperbole and rhetoric to circumvent laws and processes that were developed to withstand crises. It is more effective, we think, to support all the individual initiatives that are currently taking effect and can be implemented now. In addition, it is important to recognize that there is a primary role here for law enforcement and as is always the case registries and registrars are co-operating and are responsive to requests for assistance of action with law enforcement. We should also recognize the important role of governments to ensure that they are adequately educating their community about online fraud and scams that are occurring at this time. In addition, many businesses are stepping up to provide education and information. We think it is a time where we all should be focused at taking initiatives within our respective bailiwicks, rather than pointing to others as being inadequate. Let’s not make this an, “opportunistic way to progress agendas on the issue of DNS abuse.” We believe it is important to maintain the ‘business of ICANN.’ ICANN is one of the few areas where, due to our distributed and diverse nature, we can come close to business as usual. Let each entity contribute where it can. Let ICANN be a platform where we can learn from the examples of others. There is lot of good work going on in the industry and by governments around the world so let’s not lose sight of that. == Extension of EPDP Phase 2 timeline == The CPH has serious reservations about extending the EPDP timeline because of the COVID-19 pandemic. Further, we do not support the proposal to extend the EPDP timeline to address issues such as data accuracy or legal vs natural persons. We are sympathetic to those whose capacity participate in the EPDP have been affected as a result of this pandemic - we are all in the same boat, our businesses, our staff, our customers are all affected. But we believe this is time for us to show solidarity and resilience by honouring our commitment and wrapping up EPDP Phase 2 work as planned. In fact, as recent as last week, we were told that that another on-going PDP working group has not seen any decrease in participation. Thus, more facts and data are needed to make an informed and rational decision. • How many EPDP members are affected (and how are they affected) • Whether alternate members can step up? • Will an extension address the capacity problem? • What is the goal of an extension? • Will an extension achieve such goal? • How long should the extension be? Bear in mind COVID-19 may be around for a long time and travel restrictions may be in place for 2020 and beyond. == Accuracy and other issues == The GNSO Council has advised the EPDP on this so the matter should be closed for the EPDP. See email from GNSO Council Liaison to the EPDP https://mm.icann.org/pipermail/gnso-epdp-team/2020-March/003191.html. From the RrSG’s perspective, accuracy issue was never in-scope for the EPDP and we disagree it should be dealt with by the EPDP on extended timeline or otherwise. It is crystal clear from the Charter that the EPDP has a very specific and narrow scope, namely, to ensure the new registration data policy (based on the Temporary Specification) is compliant with GDPR and other privacy laws. The EPDP was not about more accurate data for access purpose or for combating abuse. We accept Article 5(1)(d) of the GDPR (the "Accuracy Principle") is relevant in this context but Bird & Bird has opined on this (see https://community.icann.org/download/attachments/102138857/ICANN - Memo on Accuracy.docx?version=1&modificationDate=1550152014000&api=v2). Our reading of the GDPR is consistent with the advice from Bird & Bird that the Accuracy Principle is about data subjects, not about third parties who use the data. As catalogued in the Bird & Bird memo, we are of the view that the existing contractual obligations regarding accuracy are sufficient. Indeed, we believe an accuracy scoping team would be duplicative of these existing efforts and long-standing accomplishments Any new initiative to review non-public data requires a sufficient legal justification, and without one is not permissible under GDPR and other privacy legislation. No legal basis or any significant need for such a review has yet been demonstrated. Additionally, before dedicating substantial resources to a policy initiative, the goal of such a policy initiative should be determined. It is not clear that complete accuracy of RDS data is possible, nor whether improved accuracy will result in any benefits (e.g. reducing DNS abuse), but if there are benefits or goals of increased RDS data accuracy they should be clearly documented prior to any policy undertakings. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845