All,

 

A quick additional response to the comments in the LEA specification: 

 

Note 7 says that “Registrar members of the IRT contend that the 24-hour period recommended by the PSWG is unworkable; PSWG members contend that 24 hours should be the maximum allowable time for a request to be actioned in an emergency situation.”

 

This is a complete misrepresentation of the PSWG position.  The PSWG has maintained from the beginning of the conversation on emergency requests that they needed to be “actioned” immediately.  The PSWG does NOT recommend the 24-hour period, the PSWG is willing to COMPROMISE to the 24 hour period. 

 

The PSWG is NOT willing to compromise to the one business day response time.  One business day, as the providers have explained it, means that an emergency request delivered to the provider on Friday afternoon does not need to be responded to until Monday afternoon.  So, one business day means 72 hours or more.  In an emergency, this is completely useless response time.  By that time, people are dead.  An imminent threat to life means that somebody is going to die any moment without this information. 

 

I hope that you never have to respond to one of these requests but I also hope that if you do, you will not ignore it until you get to it the next business day.

 

 

 

Please see in-line feedback below regarding some of Sara’s points on the LEA specification.

 

 

 

Thanks, Sara and Steve, for your comments on this draft thus far. I’ve updated the draft to address your last point, Sara, and in line with Steve’s comment about separating out standard and high priority requests. I’ve left the comments in the draft from Tuesday’s call for now. Absent any strong opposition to the inclusion of the other edits proposed by Sara, as noted in the draft, these will be accepted in the next draft.

 

I encourage all IRT members to review the draft again when you are able and provide any further feedback no later than the end of next week.

 

I don’t have any further information or materials for you today for next week’s meeting, but I hope to have something for you soon (I’ll send it as soon as I have it).

 

Best,

Amy

 

 

 

Regarding Section 4.2.2 “without limitations” is necessary to ensure legitimate instances not yet listed or thought of are covered.  Examples of additional causes beyond the control of the Provider:  war, terrorism, riots, power outage, internet outage, internet failure, server failure, foreign gov’t changes, labor disputes, etc.

 

Steve’s comment:  (I think this refers to 4.1.2 of the revised document Amy sent out 4/17. ) This strikes me as a reasonable list of reasons why a provider would not be able to respond in a timely fashion to an LEA disclosure request (whether High Priority or Standard Priority), but not of reasons to deny altogether a request that otherwise meets the requirements of the specification.  Should we append this list to what is now 4.1.4 (following “acts of nature”)?  I would be much more comfortable  including “without limitations” there rather than in 4.1.2.

 

Regarding Section 4.2.2.5 – I see no issue with redundancy and there is no harm in including this.  If anything, it protects against potential abuse (in parts of the world that are less democratic)

 

Steve’s comment:  This refers to the “well founded” phrasing in 4.1.2.5.  I still have trouble understanding what would make a request that meets all the requirements of the specification not “well founded,” and believe I pointed out on the April 17 call why this situation differs from RAA 3.18.2 where “well-founded” appears (in short, that the RAA does not define what needs to go into an actionable LE request, and this specification does).  Can Sara or others provide an example of when this ground for refusal of an LEA request might come into play?  

 

Regarding Section 4.2.6 – Not redundant and 100% necessary.  Particularly for providers in parts of the world that are less democratic.  We must remember this will be applied globally.  Belt and suspenders!  At ICANN61 this addition gave registrars that spoke with me the most comfort.

 

Steve’s comment (this refers to the “due process” language now appearing in 4.1.6):  I think it is redundant and for that reason do not object to it.  “Foregoing due process within its applicable jurisdiction” is really a subset of 4.1.2.2, disclosure in contravention of applicable law.   Regarding the legitimate concerns about “less democratic” jurisdictions: remember that this entire specification only applies to disclosure requests received from LE authorities within the provider’s own jurisdiction.  If you choose to establish the provider within a “less democratic” jurisdiction, that provider still has to follow the laws of that jurisdiction, including the laws that define what process is due in a particular situation.     

 

Finally, I note that Staff is using the 24-hr timeframe as the default in the document instead of one business day as agreed by the registrars.  Since one business day is what the registrars have agreed to, should it not be the default until otherwise determined?

 

Steve’s comments:  I have suggested putting the two options in square brackets, don’t care which one is listed first.

 

Dear Colleagues,

 

Thank you for your participation on today’s privacy/proxy IRT call. For those who could not attend, I regret that we were unable to record this meeting (an issue with a new internal recording policy), but this was a one-time issue and all future meetings will be recorded. I’ve done my best to annotate the LEA specification document with the items we discussed, and have also attached the chat transcript.

 

IRT Action Items

We are nearing the completion of discussions on the LEA Specification. Other than the item of clear disagreement among members of the IRT—the time period for high priority requests—we are largely in the refining stage. To that end, we have a few final proposed edits for the group to review and comment on—including some edits that were originally suggested by Sara Bockey a few weeks ago and supported by many registrar members of the IRT. If we don’t hear any opposition to these edits that would warrant further discussion, we will make these edits as requested in the draft we publish for comment.

 

Today, we considered whether the LEA Framework Specification would be clearer if we reorganized it slightly, to make more clear where processes apply to high priority requests and when they don’t. I’ve included two versions of the draft—the one with “orig” at the end of the title—which includes the proposed edits without reorganizing, and the “reorganized” one. Please review both and respond to the list with your thoughts about the proposed reorganizing of this.

 

Please provide any additional input you have on this draft no later than next Friday, 27 April. Please note, specifically, questions in the following sections:

Original Numbering	Reorganized Version
Section 2.1.10 (addition of “except in high priority” language at beginning of edit)	Same section
Section 3.2.1 (addition of the words “Standard Priority” to make clear this 2 business day receipt process doesn’t apply in high priority cases)	Moved to Section 3.2.2
Section 4.2.2 (inclusion of “without limitations” language, plus input about and question from Steve Metalitz—any other reasons that registrars feel would be reasonable for refusing disclosure?); Also see feedback, generally, from PSWG liaison, in meeting chat transcript (most pasted into specification document but cuts off at the end)	Same section
Section 4.2.2.5 (is this redundant? )	Same section
Section 4.2.6 (is this redundant?)	Same section

 

I’m also attaching the most recent draft de-accreditation procedure document. As mentioned on the list last week, upon further consideration on the ICANN org side we think we should add back in the proposed transition procedure for customers impacted by the de-accreditation or termination of a third-party provider (section 4). Please review and provide any further comments on this no later than 27 April.

 

For next week, we are hoping to have the requested fees information ready for you to discuss. I’ll update you as soon as I can.

 

Best,

Amy

 

Amy E. Bivins

Registrar Services and Engagement Senior Manager

Registrar Services and Industry Relations

Internet Corporation for Assigned Names and Numbers (ICANN)

Direct: +1 (202) 249-7551

Fax:  +1 (202) 789-0104

Email: amy.bivins@icann.org

www.icann.org