Hi Amy,

I reviewed the reporting requirements again and I have some concerns with the requirements.

I want to highlight the report generation of registries. Registries capture all their reporting requirements as part of the instructions they receive via EPP from registrars. Therefore they have all the information they need in their local databases, captured as a standard (EPP), and can easily perform database queries to fulfil the requirements of Specification 3 of the RA. Registrars do not have reporting requirements. Maybe this is because it is a cumbersome process to filter something out of a ticketing system, especially when that ticketing system queue is overloaded with false reports or just spam in general. Maybe its because there is no standard that outlines “how” to report queries to a registrar, so that a registrar can interpret the data using code.

When I think about implementing a ticketing system to cater for a “per registrar” and “per TLD” report”, I can’t afford the time to go through every query (of a potentially spam abused ticketing queue) and manually capture information across 2 reports; this is prone to a high degree of human error, so the data will not be reliable. In order for me to achieve the desired results, I would have to create a reporting email address per “requester” (LEA , IP or "other”), and for every “requester” I would have to ask for the “registrar”, and for each of those I would have to ask for the “TLD”. So for example I would have to create something along the lines of “disclosure-lea-registrar-TLD@mydisclosurerequests.com”. If I don’t do this then I will be sitting and manually capturing data into reports day in and day out. This will be even more difficult with regards to “high priority” LEA requests, because somebody has to manually capture the details of a request that may have happened over a phone call.

We are an implementation team, so let’s realistically think about how to implement this in the real world. I am all for a pre-defined form that a Provider can send to ICANN via email or API, where the form does not require “per registrar” or “per TLD” information, but rather take the “per registrar” report and make it holistic across the Provider. Leave the registrar and TLD component out, and let the Provider report on itself and its activities regarding disclosure requests. As for the frequency I am okay with any of the proposed times, but prefer quarterly or biannual.

Lastly, on the technical commands that your technical team provided, these only outline how to upload the file to a server through the API. The commands do not tackle the issues pertaining to report generation, accuracy or frequency. If a Provider wants to implement the API, they would need to do some development, and the development will not be primarily around “how to upload a file”, it will be around how to generate the file. So I definitely prefer to keep both options for uploading a file (API and via email).

Kind Regards,
Vlad Dinculescu
————————
DNS Africa Ltd

On 06 Mar 2018, at 8:23 PM, Amy Bivins <amy.bivins@icann.org> wrote:

Thanks, Michele!

To clarify, I misspoke in calling this the “monthly” reporting requirements. Monthly was originally proposed (and the current specification title) but there is a pretty clear consensus now among the IRT members that monthly reporting isn’t necessary to implement the final recommendation on this point. 

We are currently soliciting any additional feedback on report frequency-we have heard suggestions for annual, biannual and quarterly.

Sent from my iPhone

On Mar 6, 2018, at 6:16 PM, Michele Neylon - Blacknight <michele@blacknight.com> wrote:

Amy
 
Thanks for the update. 
I’ll ask our technical team to have a look over this, though I still think that monthly reporting is overkill.
 
Regards
 
Michele
 
 
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,
Ireland  Company No.: 370845
From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces@icann.org> on behalf of Amy Bivins <amy.bivins@icann.org>
Reply-To: "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org>
Date: Tuesday 6 March 2018 at 19:53
To: "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org>
Subject: [Gdd-gnso-ppsai-impl] Additional Background Re: Proposed PP Reporting Process
 
 
Following up on our discussion today about the processes for monthly reporting, I can now provide some additional information from our tech team.
 
I have attached two templates that can be used to  get a better idea of how the report contents are expected to look (using RRI) assuming 2 sample registrars and TLDs. These templates were created using our current internal working draft, so the fields don’t match the previous version of the specification you reviewed. Certain fields (in the top row) were tentatively deleted, and others added, pending further IRT input on the topic. If the IRT’s consensus was that reporting should not be broken out by category, the number of fields would be further reduced.
 
Providers would not be required under the current proposal to automate their end of the reporting and are allowed to generate the files manually if they prefer. Since RRI is a RESTful API, users may upload the report files using a simple command line, or even public web browser extensions that allow users to execute HTTP PUT requests as a REST Client.
 
For example, in a Unix based terminal this can be done by running the following commands replacing the highlighted fields with the corresponding value for the Provider credentials, file name, provider ID and reported date:
 
  • Upload Per Registrar report:
curl -u username:password --header "Content-Type:text/csv" --request PUT  --data-binary @PPSP-registrars-yyyymm.csv --dump-header - <base-url>/report/ppsp-activity-registrar/PPSP-ID/2018-03
 
  • Upload Per TLD report:
curl -u username:password --header "Content-Type:text/csv" --request PUT --data-binary @PPSP-tld-yyyymm.csv --dump-header - <base-url>/report/ppsp-activity-tld/PPSP-ID/2018-03
 
 
Some REST clients for browsers have similar looks to the screenshot below added for reference to show the ease of use, however ICANN does not provide support for third party software.
<image001.jpg>
 
Please let me know should there be any other questions.
 
Best,
Amy
 
Amy E. Bivins
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax:  +1 (202) 789-0104
 
_______________________________________________
Gdd-gnso-ppsai-impl mailing list
Gdd-gnso-ppsai-impl@icann.org
https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
<image001.jpg>_______________________________________________
Gdd-gnso-ppsai-impl mailing list
Gdd-gnso-ppsai-impl@icann.org
https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl