PPSAI IRT colleagues, In advance of our discussion tomorrow on Specification 5, the Intellectual Property Disclosure Framework Specification, I offer a handful of copy edits/typo corrections in the attached document. Mainly this involves substituting the word "Specification" for "Policy" and "RDDS" for "Whois." In case you have trouble distinguishing these copy edits from the ICANN staff's redlines, note that the only sections I have touched are the following: 1.3, 1.4, 2.2.2, 2.2.7.4, 2.3.2, 3.1.2.1. In addition, I suggest we find the appropriate place in this Specification for implementation of the following paragraph from the Illustrative Disclosure Framework adopted by the PDP Working Group: "Given the balance that this Policy attempts to strike, evidence of the use of high-volume, automated electronic processes for sending Requests or responses to Requests (without human review) to the systems of Requesters, Providers, or Customers in performing any of the steps in the processes outlined in this Policy shall create a rebuttable presumption of non-compliance with this Policy." Looking forward to our discussion tomorrow. Steve Metalitz [image001] Steven J. Metalitz | Partner, through his professional corporation T: 202.355.7902 | met@msk.com<mailto:met@msk.com> Mitchell Silberberg & Knupp LLP | www.msk.com<http://www.msk.com/> 1818 N Street NW, 8th Floor, Washington, DC 20036 THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU. From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces@icann.org] On Behalf Of Amy Bivins Sent: Tuesday, January 23, 2018 2:53 PM To: gdd-gnso-ppsai-impl@icann.org Subject: [Gdd-gnso-ppsai-impl] Final IRT Feedback Due EOD Sunday 28 Jan: draft LEA framework Dear Colleagues, Thanks so much for your active participation on today's Privacy/Proxy Accreditation Program IRT call. If you were unable to attend, I encourage you to listen to the recording. Today, we continued discussing the LEA disclosure framework specification in the draft PPAA (pp. 50-54 of the draft contract, attached). The discussion today confirmed that there is continued uncertainty regarding two items in the draft framework. Please submit any final feedback that you have on these topics to the list this week. After this final feedback period, if this issue/these issues are unresolved, they will be specifically identified as unresolved in the call for public comments. Section 3.1: As drafted, this section requires Providers to publish on their websites the designated LEA contact (e.g. email address, telephone number, form or other means for LEA to obtain the designated LEA contact information). Summary of Issue: Many members of the IRT support the deletion of the requirement that this contact (or a means to obtain this contact) appear on the Provider's website. The RAA does not require registrars to publish the registrar LEA contact on the registrar website (See RAA 3.18.2). There appear to be at least a few possible paths forward: 1. Keep language as-is. 2. Delete the second sentence of 3.1, which requires that this information be posted on the Provider website. 3. Replace the second sentence of 3.1 with language such as that suggested by Steve Metalitz, "Provider shall provide to LEA an appropriate means for LEA to obtain the designated LEA contact information." 4. Language from Section 3.18.2 of the RAA could be adapted for this agreement by changing "Registrar" to "Provider" or by making additional edits: 3.18.2 Registrar shall establish and maintain a dedicated abuse point of contact, including a dedicated email address and telephone number that is monitored 24 hours a day, seven days a week, to receive reports of Illegal Activity by law enforcement, consumer protection, quasi-governmental or other similar authorities designated from time to time by the national or territorial government of the jurisdiction in which the Registrar is established or maintains a physical office. 5. We could keep the language as-is for now, note any remaining disagreement about whether the contact (or a way to obtain it) should be posted on the Provider's website during the public comment period, and request community feedback on potential paths forward. 6. Some other path (please explain). Timeline for Providers to Action "High Priority" Requests From LEA Summary of Issue: The current PPAA draft contains a two-step process for Providers upon receipt of a request from LEA. (1) Within two business days, the Provider must review the request and confirm to the LEA requester that it has been received and contains the relevant information required to meet the minimum standard for acceptance (See 3.2.1). (2) The Provider must then action the request in accordance with the priority level (within 24 hours for "high priority" requests (4.1.2); or within the timeline requested by LEA, if possible, for other requests (See 4.1.3). Note 1: The RAA requires (See Section 3.18.2) that "Well-founded reports of Illegal Activity submitted to these [dedicated LEA] contacts must be reviewed within 24 hours by an individual who is empowered by Registrar to take necessary and appropriate actions in response to the report." Note 2: There is some uncertainty, as this is currently drafted, as to whether the 2 business day review period applies before the 24 hour response time for "high priority" requests. Section 4.1.1 states that "Upon completion of the Receipt Process Specified in Section 3 of this Specification, Provider will action, in accordance with Sections 4.2 and 4.3 of this Specification, the disclosure request in accordance with the Priority Level." Upon the resolution of the issue below, we will review the specification as a whole to ensure it reflects the intended result. IRT questions: 1. Should Providers be required to action all "high priority" requests within 24 hours of receipt, as recommended by PSWG (and not apply the 2 business day "receipt period" first)? 2. If no, do you see a compromise short of applying the current 2 business day receipt period prior to the 24-hour period for actioning a "high priority" request? Thanks so much for your continued input on these topics. Next week, we will pick up our discussion with the IP Disclosure Framework Specification. Best, Amy Amy E. Bivins Registrar Services and Engagement Senior Manager Registrar Services and Industry Relations Internet Corporation for Assigned Names and Numbers (ICANN) Direct: +1 (202) 249-7551 Fax: +1 (202) 789-0104 Email: amy.bivins@icann.org<mailto:amy.bivins@icann.org> www.icann.org<http://www.icann.org>
