Hi Steve,

Thank you for your quick response and suggestion. This approach was not considered—we started with the approach taken in the statement of registrar accreditation policy, which includes Policy requirements that are further developed in the RAA, https://www.icann.org/resources/pages/policy-statement-2012-02-25-en#II.

However, that is not to say that we can’t take this approach, and your reasoning outlined below clearly explains the potential benefits.

What do others on the list think? I will also raise this internally today and hope to have some additional information to share with you tomorrow on the call.

If we end up taking this approach and decide to significantly reduce this section of the Policy, there are still many questions in the document that we can discuss tomorrow to aid in our drafting of the first versions of the contractual provisions for the IRT’s review.

Best,

Amy

Amy E. Bivins

Registrar Policy Services Manager

Registrar Services and Industry Relations

Internet Corporation for Assigned Names and Numbers (ICANN)

Direct: +1 (202) 249-7551

Fax: +1 (202) 789-0104

Email: amy.bivins@icann.org

www.icann.org

From: gdd-gnso-ppsai-impl-bounces@icann.org [mailto:gdd-gnso-ppsai-impl-bounces@icann.org] On Behalf Of Metalitz, Steven
Sent: Monday, January 23, 2017 1:06 PM
To: gdd-gnso-ppsai-impl@icann.org
Subject: Re: [Gdd-gnso-ppsai-impl] Materials and questions for 24 January PP IRT Call

Hello Amy and colleagues,

A threshold question regarding your draft of section II:

I am not clear on your distinction between the level of specificity in the document called “policy” and in the contract that accredited services would be asked to sign.

One approach would be for section II to read in its entirety:

“Privacy and Proxy Service providers SHALL enter into and maintain in effect Accreditation Agreements with ICANN that set out the terms and conditions of accreditation. The current standard Accreditation Agreement is attached as Attachment A. “

There could be at least two advantages to this approach. First, we would save the time required to set varying levels of specificity between the two documents. (For instance, as noted in your MS Word comment #9, deciding whether we agree or disagree with your belief that the triggering requirements for verification and reverification of customer information is “more appropriately included in the contract” than in the policy.) Second, this would avoid the situation in which there might be perceived (or real) discrepancies between the statement in this section of the Policy and the actual terms of the Agreement to which providers would be subject. In other words, more efficiency for this IRT and less ambiguity and confusion once the program is in place.

Was this approach considered, and if so , why was it rejected?

A variation on my suggestion would be for IRT to review a draft accreditation agreement first, and then turn to whether any of its provisions need to be summarized or specifically referenced in section II of the policy document.

Looking forward to your response. Thanks.

Steve Metalitz

From: gdd-gnso-ppsai-impl-bounces@icann.org [mailto:gdd-gnso-ppsai-impl-bounces@icann.org] On Behalf Of Amy Bivins
Sent: Sunday, January 22, 2017 2:17 PM
To: gdd-gnso-ppsai-impl@icann.org
Subject: [Gdd-gnso-ppsai-impl] Materials and questions for 24 January PP IRT Call

Dear Colleagues,

Attached are documents for discussion on Tuesday’s (24 January, 15:00 UTC) Privacy and Proxy Service Provider Accreditation Program IRT call: draft Policy sections 2, 5, and 6.

We will review as much of these documents as we can Tuesday, and continue with them next week, if needed. The poll results show a clear preference for weekly meetings, so we will be moving to that schedule—thank you for your participation in the poll! A meeting reminder will be distributed on Monday.

I want to flag some of the questions we have for you on Section 2, as noted in more detail in the attached:

1. The Final Report in some cases uses the word “SHOULD.” ICANN org requests the IRT’s feedback on the PDP WG’s intent in using the word (as SHOULD is defined here: http://www.ietf.org/rfc/rfc2119.txt), and whether “SHALL” was intended in any of these instances.

2. With respect to data reminders, did the PDP WG intend for these reminders to reference (a) any Customer information that appears in WHOIS, (b) the underlying Customer data, or (c) both?

3. With respect to data validation and verification, did the PDP WG intend for the requirement to apply to (a) any Customer data, as relevant, in WHOIS; (b) underlying Customer data, as relevant, or (c) both? (Additional questions in document)

4. Did the PDP WG intend for ICANN org to implement new requirements for Privacy and Proxy Service providers to escrow and retain data, distinct from the existing requirements in the RAA?

5. Did the PDP WG intend for this implementation to create minimum, mandatory criteria for all requests to Privacy and Proxy Service providers (See draft Section 2.J)?

We will also seek your feedback on the level of detail that is being proposed for the Policy versus the contract.

If you have any questions or want to begin to discussing these issues on-list before the call, please feel free to do so. I look forward to speaking with you on Tuesday.