FW: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments
From: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> Date: Tuesday, December 5, 2017 at 5:40 AM To: Caitlin Tubergen <caitlin.tubergen@icann.org>, "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> Subject: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments Good morning all – I have a few additional comments on the draft: Overall – this agreement seems to misunderstand the point of having a high priority request mechanism. High priority requests are usually emergencies where victims are moments away from danger. Not requiring immediate responses to these requests renders them moot. A request that is answered within 24 hours, but 20 hours after the victim is dead, does not respect the importance of the request or the imminence of the danger. 3.12.2 - If the abuse contact point is not monitored 24/7, how are providers going to respond to high priority requests in time? SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK SPECIFICATION 3.1 – This is the same issue as for 3.12.2 in the main bod of the agreement, if the point of contact is not required to be available 24/7, it defeats the purpose of the high priority requests. 3.2.1 – This part of the receipt process combined with 4.1 creates a two day window before providers have to even address whether a request is high priority, again defeating the purpose of having a high priority request. 4.1.1 – By waiting to respond until after the Receipt Process is complete, which can take up to two days under 3.2.1, the agreement renders the high priority request provisions moot. 4.1.2 – Responding to high priority requests within 24 hours is not sufficient. A request that is answered within 24 hours, but 20 hours after the victim is dead, does not respect the importance of the request or the imminence of the danger. High priority requests need to be responded to more or less immediately. 4.3.2 – The Provider should be required to disclose changes to the timeframe for notification of the Customer to LEA Requestors with current requests (i.e., “should” should be “must”). If the Customer is a target, notifying the Customer without alerting LEA can lead to the Customer destroying evidence, fleeing, or even threatening or killing informants who led law enforcement to the Customer’s account in the first place. 5.1 – I do not understand the purpose of this provision. LEA is not a party to this agreement and the agreement has no ability to bind LEA actions if the Provider fails to respond to a request. 6.2 – I do not understand the purpose of this provision either. LEA is not a party to this agreement and the agreement has no ability to bind LEA use of the evidence provided by the Provider. Peter Roman Senior Counsel Computer Crime & Intellectual Property Section Criminal Division Department of Justice 1301 New York Ave., NW Washington, DC 20530 (202) 305-1323 peter.roman@usdoj.gov From: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] Sent: Monday, December 4, 2017 11:36 PM To: gdd-gnso-ppsai-impl@icann.org Cc: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> Subject: Agenda + Updated Draft PPAA with IRT comments Greetings, Colleagues. Thank you for all of your input on the draft Privacy and Proxy Service Provider Accreditation Agreement (“PPAA”). Attached, you will find an updated PPAA, which incorporates the comments received. I am also working on updating the issues list and will be distributing the list some time tomorrow. For tomorrow’s call, we can begin by discussing some of the high-level issues some of the IRT members have raised. Specifically: The concern that the text of the PPAA does not match the WG’s recommendations The idea of having two PPAAs: one for affiliated providers and one for unaffiliated providers The IRT’s preferred path forward for dealing with the comments received Additionally, I’d like to note two things. First, further to Darcy’s message today, the GNSO Council recently voted to move the Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I believe the Council directed this issue to be discussed during the public comment period. Darcy, please feel free to add additional context either on the list or on tomorrow’s call. Lastly, there have been several mentions of GDPR as a potential issue/barrier to the PPSAI implementation. I would like to note that ICANN has engaged legal experts to analyze the impact the European Union General Data Protection Regulation (“GDPR”) will have on various data processing activities under ICANN policies and contracts. Such policies and contracts require or permit various entities that participate in the gTLD domain name system, including registries and registrars, to collect, create, retain, escrow, and publish a variety of personal data elements related to registry/registrar operations, domain name registrations, and registrants. The legal review and analysis is being conducted in iterative phases, and ICANN gathered questions from community discussions and submissions to submit to the legal experts for possible discussion in Part 2 of the analysis. One of the questions included the following: “ICANN org is working with the community to develop implementation details for consensus policy recommendations governing the accreditation of privacy and proxy providers. How should GDPR requirements be factored into developing the accreditation process?” We will certainly keep you apprised of any feedback we receive. See you on our call tomorrow. Kind regards, Caitlin
Hi Caitlin, Are Peters comments going to be added to the draft so we can discuss them? Thanks, Theo Caitlin Tubergen schreef op 2017-12-05 04:07 PM:
FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> DATE: Tuesday, December 5, 2017 at 5:40 AM TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments
Good morning all –
I have a few additional comments on the draft:
Overall – this agreement seems to misunderstand the point of having a high priority request mechanism. High priority requests are usually emergencies where victims are moments away from danger. Not requiring immediate responses to these requests renders them moot. A request that is answered within 24 hours, but 20 hours after the victim is dead, does not respect the importance of the request or the imminence of the danger.
3.12.2 - If the abuse contact point is not monitored 24/7, how are providers going to respond to high priority requests in time?
SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK SPECIFICATION
3.1 – This is the same issue as for 3.12.2 in the main bod of the agreement, if the point of contact is not required to be available 24/7, it defeats the purpose of the high priority requests.
3.2.1 – This part of the receipt process combined with 4.1 creates a two day window before providers have to even address whether a request is high priority, again defeating the purpose of having a high priority request.
4.1.1 – By waiting to respond until after the Receipt Process is complete, which can take up to two days under 3.2.1, the agreement renders the high priority request provisions moot.
4.1.2 – Responding to high priority requests within 24 hours is not sufficient. A request that is answered within 24 hours, but 20 hours after the victim is dead, does not respect the importance of the request or the imminence of the danger. High priority requests need to be responded to more or less immediately.
4.3.2 – The Provider should be required to disclose changes to the timeframe for notification of the Customer to LEA Requestors with current requests (i.e., “should” should be “must”). If the Customer is a target, notifying the Customer without alerting LEA can lead to the Customer destroying evidence, fleeing, or even threatening or killing informants who led law enforcement to the Customer’s account in the first place.
5.1 – I do not understand the purpose of this provision. LEA is not a party to this agreement and the agreement has no ability to bind LEA actions if the Provider fails to respond to a request.
6.2 – I do not understand the purpose of this provision either. LEA is not a party to this agreement and the agreement has no ability to bind LEA use of the evidence provided by the Provider.
Peter Roman
Senior Counsel
Computer Crime & Intellectual Property Section
Criminal Division
Department of Justice
1301 New York Ave., NW Washington, DC 20530 (202) 305-1323
peter.roman@usdoj.gov
FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] SENT: Monday, December 4, 2017 11:36 PM TO: gdd-gnso-ppsai-impl@icann.org CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> SUBJECT: Agenda + Updated Draft PPAA with IRT comments
Greetings, Colleagues.
Thank you for all of your input on the draft Privacy and Proxy Service Provider Accreditation Agreement (“PPAA”).
Attached, you will find an updated PPAA, which incorporates the comments received. I am also working on updating the issues list and will be distributing the list some time tomorrow.
For tomorrow’s call, we can begin by discussing some of the high-level issues some of the IRT members have raised. Specifically:
* The concern that the text of the PPAA does not match the WG’s recommendations * The idea of having two PPAAs: one for affiliated providers and one for unaffiliated providers * The IRT’s preferred path forward for dealing with the comments received
Additionally, I’d like to note two things. First, further to Darcy’s message today, the GNSO Council recently voted to move the Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I believe the Council directed this issue to be discussed during the public comment period. Darcy, please feel free to add additional context either on the list or on tomorrow’s call.
Lastly, there have been several mentions of GDPR as a potential issue/barrier to the PPSAI implementation. I would like to note that ICANN has engaged legal experts to analyze the impact the European Union General Data Protection Regulation (“GDPR”) will have on various data processing activities under ICANN policies and contracts. Such policies and contracts require or permit various entities that participate in the gTLD domain name system, including registries and registrars, to collect, create, retain, escrow, and publish a variety of personal data elements related to registry/registrar operations, domain name registrations, and registrants.
The legal review and analysis is being conducted in iterative phases, and ICANN gathered questions from community discussions and submissions to submit to the legal experts for possible discussion in Part 2 of the analysis. One of the questions included the following: “ICANN org is working with the community to develop implementation details for consensus policy recommendations governing the accreditation of privacy and proxy providers. How should GDPR requirements be factored into developing the accreditation process?” We will certainly keep you apprised of any feedback we receive.
See you on our call tomorrow.
Kind regards,
Caitlin _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
Hi Theo, Thank you for the question. Attached, please find the updated draft PPAA, which includes Peter’s comments. I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly. Kind regards, Caitlin On 12/6/17, 4:12 AM, "gtheo" <gtheo@xs4all.nl> wrote: Hi Caitlin, Are Peters comments going to be added to the draft so we can discuss them? Thanks, Theo Caitlin Tubergen schreef op 2017-12-05 04:07 PM: > FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> > DATE: Tuesday, December 5, 2017 at 5:40 AM > TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, > "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> > SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments > > Good morning all – > > I have a few additional comments on the draft: > > Overall – this agreement seems to misunderstand the point of having > a high priority request mechanism. High priority requests are usually > emergencies where victims are moments away from danger. Not requiring > immediate responses to these requests renders them moot. A request > that is answered within 24 hours, but 20 hours after the victim is > dead, does not respect the importance of the request or the imminence > of the danger. > > 3.12.2 - If the abuse contact point is not monitored 24/7, how are > providers going to respond to high priority requests in time? > > SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK > SPECIFICATION > > 3.1 – This is the same issue as for 3.12.2 in the main bod of the > agreement, if the point of contact is not required to be available > 24/7, it defeats the purpose of the high priority requests. > > 3.2.1 – This part of the receipt process combined with 4.1 creates a > two day window before providers have to even address whether a request > is high priority, again defeating the purpose of having a high > priority request. > > 4.1.1 – By waiting to respond until after the Receipt Process is > complete, which can take up to two days under 3.2.1, the agreement > renders the high priority request provisions moot. > > 4.1.2 – Responding to high priority requests within 24 hours is not > sufficient. A request that is answered within 24 hours, but 20 hours > after the victim is dead, does not respect the importance of the > request or the imminence of the danger. High priority requests need > to be responded to more or less immediately. > > 4.3.2 – The Provider should be required to disclose changes to the > timeframe for notification of the Customer to LEA Requestors with > current requests (i.e., “should” should be “must”). If the > Customer is a target, notifying the Customer without alerting LEA can > lead to the Customer destroying evidence, fleeing, or even threatening > or killing informants who led law enforcement to the Customer’s > account in the first place. > > 5.1 – I do not understand the purpose of this provision. LEA is not > a party to this agreement and the agreement has no ability to bind LEA > actions if the Provider fails to respond to a request. > > 6.2 – I do not understand the purpose of this provision either. LEA > is not a party to this agreement and the agreement has no ability to > bind LEA use of the evidence provided by the Provider. > > Peter Roman > > Senior Counsel > > Computer Crime & Intellectual Property Section > > Criminal Division > > Department of Justice > > 1301 New York Ave., NW > Washington, DC 20530 > (202) 305-1323 > > peter.roman@usdoj.gov > > FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] > SENT: Monday, December 4, 2017 11:36 PM > TO: gdd-gnso-ppsai-impl@icann.org > CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> > SUBJECT: Agenda + Updated Draft PPAA with IRT comments > > Greetings, Colleagues. > > Thank you for all of your input on the draft Privacy and Proxy Service > Provider Accreditation Agreement (“PPAA”). > > Attached, you will find an updated PPAA, which incorporates the > comments received. I am also working on updating the issues list and > will be distributing the list some time tomorrow. > > For tomorrow’s call, we can begin by discussing some of the > high-level issues some of the IRT members have raised. Specifically: > > * The concern that the text of the PPAA does not match the WG’s > recommendations > * The idea of having two PPAAs: one for affiliated providers and one > for unaffiliated providers > * The IRT’s preferred path forward for dealing with the comments > received > > Additionally, I’d like to note two things. First, further to > Darcy’s message today, the GNSO Council recently voted to move the > Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I > believe the Council directed this issue to be discussed during the > public comment period. Darcy, please feel free to add additional > context either on the list or on tomorrow’s call. > > Lastly, there have been several mentions of GDPR as a potential > issue/barrier to the PPSAI implementation. I would like to note that > ICANN has engaged legal experts to analyze the impact the European > Union General Data Protection Regulation (“GDPR”) will have on > various data processing activities under ICANN policies and contracts. > Such policies and contracts require or permit various entities that > participate in the gTLD domain name system, including registries and > registrars, to collect, create, retain, escrow, and publish a variety > of personal data elements related to registry/registrar operations, > domain name registrations, and registrants. > > The legal review and analysis is being conducted in iterative phases, > and ICANN gathered questions from community discussions and > submissions to submit to the legal experts for possible discussion in > Part 2 of the analysis. One of the questions included the following: > “ICANN org is working with the community to develop implementation > details for consensus policy recommendations governing the > accreditation of privacy and proxy providers. How should GDPR > requirements be factored into developing the accreditation process?” > We will certainly keep you apprised of any feedback we receive. > > See you on our call tomorrow. > > Kind regards, > > Caitlin > _______________________________________________ > Gdd-gnso-ppsai-impl mailing list > Gdd-gnso-ppsai-impl@icann.org > https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
Thanks, Caitlin! When can we expect the agenda and all related docs for the next meeting? Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:29 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Theo, Thank you for the question. Attached, please find the updated draft PPAA, which includes Peter’s comments. I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly. Kind regards, Caitlin On 12/6/17, 4:12 AM, "gtheo" <gtheo@xs4all.nl> wrote: Hi Caitlin, Are Peters comments going to be added to the draft so we can discuss them? Thanks, Theo Caitlin Tubergen schreef op 2017-12-05 04:07 PM: > FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> > DATE: Tuesday, December 5, 2017 at 5:40 AM > TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, > "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> > SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments > > Good morning all – > > I have a few additional comments on the draft: > > Overall – this agreement seems to misunderstand the point of having > a high priority request mechanism. High priority requests are usually > emergencies where victims are moments away from danger. Not requiring > immediate responses to these requests renders them moot. A request > that is answered within 24 hours, but 20 hours after the victim is > dead, does not respect the importance of the request or the imminence > of the danger. > > 3.12.2 - If the abuse contact point is not monitored 24/7, how are > providers going to respond to high priority requests in time? > > SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK > SPECIFICATION > > 3.1 – This is the same issue as for 3.12.2 in the main bod of the > agreement, if the point of contact is not required to be available > 24/7, it defeats the purpose of the high priority requests. > > 3.2.1 – This part of the receipt process combined with 4.1 creates a > two day window before providers have to even address whether a request > is high priority, again defeating the purpose of having a high > priority request. > > 4.1.1 – By waiting to respond until after the Receipt Process is > complete, which can take up to two days under 3.2.1, the agreement > renders the high priority request provisions moot. > > 4.1.2 – Responding to high priority requests within 24 hours is not > sufficient. A request that is answered within 24 hours, but 20 hours > after the victim is dead, does not respect the importance of the > request or the imminence of the danger. High priority requests need > to be responded to more or less immediately. > > 4.3.2 – The Provider should be required to disclose changes to the > timeframe for notification of the Customer to LEA Requestors with > current requests (i.e., “should” should be “must”). If the > Customer is a target, notifying the Customer without alerting LEA can > lead to the Customer destroying evidence, fleeing, or even threatening > or killing informants who led law enforcement to the Customer’s > account in the first place. > > 5.1 – I do not understand the purpose of this provision. LEA is not > a party to this agreement and the agreement has no ability to bind LEA > actions if the Provider fails to respond to a request. > > 6.2 – I do not understand the purpose of this provision either. LEA > is not a party to this agreement and the agreement has no ability to > bind LEA use of the evidence provided by the Provider. > > Peter Roman > > Senior Counsel > > Computer Crime & Intellectual Property Section > > Criminal Division > > Department of Justice > > 1301 New York Ave., NW > Washington, DC 20530 > (202) 305-1323 > > peter.roman@usdoj.gov > > FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] > SENT: Monday, December 4, 2017 11:36 PM > TO: gdd-gnso-ppsai-impl@icann.org > CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> > SUBJECT: Agenda + Updated Draft PPAA with IRT comments > > Greetings, Colleagues. > > Thank you for all of your input on the draft Privacy and Proxy Service > Provider Accreditation Agreement (“PPAA”). > > Attached, you will find an updated PPAA, which incorporates the > comments received. I am also working on updating the issues list and > will be distributing the list some time tomorrow. > > For tomorrow’s call, we can begin by discussing some of the > high-level issues some of the IRT members have raised. Specifically: > > * The concern that the text of the PPAA does not match the WG’s > recommendations > * The idea of having two PPAAs: one for affiliated providers and one > for unaffiliated providers > * The IRT’s preferred path forward for dealing with the comments > received > > Additionally, I’d like to note two things. First, further to > Darcy’s message today, the GNSO Council recently voted to move the > Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I > believe the Council directed this issue to be discussed during the > public comment period. Darcy, please feel free to add additional > context either on the list or on tomorrow’s call. > > Lastly, there have been several mentions of GDPR as a potential > issue/barrier to the PPSAI implementation. I would like to note that > ICANN has engaged legal experts to analyze the impact the European > Union General Data Protection Regulation (“GDPR”) will have on > various data processing activities under ICANN policies and contracts. > Such policies and contracts require or permit various entities that > participate in the gTLD domain name system, including registries and > registrars, to collect, create, retain, escrow, and publish a variety > of personal data elements related to registry/registrar operations, > domain name registrations, and registrants. > > The legal review and analysis is being conducted in iterative phases, > and ICANN gathered questions from community discussions and > submissions to submit to the legal experts for possible discussion in > Part 2 of the analysis. One of the questions included the following: > “ICANN org is working with the community to develop implementation > details for consensus policy recommendations governing the > accreditation of privacy and proxy providers. How should GDPR > requirements be factored into developing the accreditation process?” > We will certainly keep you apprised of any feedback we receive. > > See you on our call tomorrow. > > Kind regards, > > Caitlin > _______________________________________________ > Gdd-gnso-ppsai-impl mailing list > Gdd-gnso-ppsai-impl@icann.org > https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
Hi Sara, I will be sending the updated issues list by the end of today. As far as the agenda for the next meeting, we will be going through the issues in the order in which they appear on the issues list. It is hard to determine how many issues we will get through during next Tuesday’s meeting, as that is largely dependent on the complexity and accompanying discussion of each issue. I hope that is helpful. Kind regards, Caitlin On 12/6/17, 11:31 AM, "Gdd-gnso-ppsai-impl on behalf of Sara Bockey" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of sbockey@godaddy.com> wrote: Thanks, Caitlin! When can we expect the agenda and all related docs for the next meeting? Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:29 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Theo, Thank you for the question. Attached, please find the updated draft PPAA, which includes Peter’s comments. I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly. Kind regards, Caitlin On 12/6/17, 4:12 AM, "gtheo" <gtheo@xs4all.nl> wrote: Hi Caitlin, Are Peters comments going to be added to the draft so we can discuss them? Thanks, Theo Caitlin Tubergen schreef op 2017-12-05 04:07 PM: > FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> > DATE: Tuesday, December 5, 2017 at 5:40 AM > TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, > "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> > SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments > > Good morning all – > > I have a few additional comments on the draft: > > Overall – this agreement seems to misunderstand the point of having > a high priority request mechanism. High priority requests are usually > emergencies where victims are moments away from danger. Not requiring > immediate responses to these requests renders them moot. A request > that is answered within 24 hours, but 20 hours after the victim is > dead, does not respect the importance of the request or the imminence > of the danger. > > 3.12.2 - If the abuse contact point is not monitored 24/7, how are > providers going to respond to high priority requests in time? > > SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK > SPECIFICATION > > 3.1 – This is the same issue as for 3.12.2 in the main bod of the > agreement, if the point of contact is not required to be available > 24/7, it defeats the purpose of the high priority requests. > > 3.2.1 – This part of the receipt process combined with 4.1 creates a > two day window before providers have to even address whether a request > is high priority, again defeating the purpose of having a high > priority request. > > 4.1.1 – By waiting to respond until after the Receipt Process is > complete, which can take up to two days under 3.2.1, the agreement > renders the high priority request provisions moot. > > 4.1.2 – Responding to high priority requests within 24 hours is not > sufficient. A request that is answered within 24 hours, but 20 hours > after the victim is dead, does not respect the importance of the > request or the imminence of the danger. High priority requests need > to be responded to more or less immediately. > > 4.3.2 – The Provider should be required to disclose changes to the > timeframe for notification of the Customer to LEA Requestors with > current requests (i.e., “should” should be “must”). If the > Customer is a target, notifying the Customer without alerting LEA can > lead to the Customer destroying evidence, fleeing, or even threatening > or killing informants who led law enforcement to the Customer’s > account in the first place. > > 5.1 – I do not understand the purpose of this provision. LEA is not > a party to this agreement and the agreement has no ability to bind LEA > actions if the Provider fails to respond to a request. > > 6.2 – I do not understand the purpose of this provision either. LEA > is not a party to this agreement and the agreement has no ability to > bind LEA use of the evidence provided by the Provider. > > Peter Roman > > Senior Counsel > > Computer Crime & Intellectual Property Section > > Criminal Division > > Department of Justice > > 1301 New York Ave., NW > Washington, DC 20530 > (202) 305-1323 > > peter.roman@usdoj.gov > > FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] > SENT: Monday, December 4, 2017 11:36 PM > TO: gdd-gnso-ppsai-impl@icann.org > CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> > SUBJECT: Agenda + Updated Draft PPAA with IRT comments > > Greetings, Colleagues. > > Thank you for all of your input on the draft Privacy and Proxy Service > Provider Accreditation Agreement (“PPAA”). > > Attached, you will find an updated PPAA, which incorporates the > comments received. I am also working on updating the issues list and > will be distributing the list some time tomorrow. > > For tomorrow’s call, we can begin by discussing some of the > high-level issues some of the IRT members have raised. Specifically: > > * The concern that the text of the PPAA does not match the WG’s > recommendations > * The idea of having two PPAAs: one for affiliated providers and one > for unaffiliated providers > * The IRT’s preferred path forward for dealing with the comments > received > > Additionally, I’d like to note two things. First, further to > Darcy’s message today, the GNSO Council recently voted to move the > Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I > believe the Council directed this issue to be discussed during the > public comment period. Darcy, please feel free to add additional > context either on the list or on tomorrow’s call. > > Lastly, there have been several mentions of GDPR as a potential > issue/barrier to the PPSAI implementation. I would like to note that > ICANN has engaged legal experts to analyze the impact the European > Union General Data Protection Regulation (“GDPR”) will have on > various data processing activities under ICANN policies and contracts. > Such policies and contracts require or permit various entities that > participate in the gTLD domain name system, including registries and > registrars, to collect, create, retain, escrow, and publish a variety > of personal data elements related to registry/registrar operations, > domain name registrations, and registrants. > > The legal review and analysis is being conducted in iterative phases, > and ICANN gathered questions from community discussions and > submissions to submit to the legal experts for possible discussion in > Part 2 of the analysis. One of the questions included the following: > “ICANN org is working with the community to develop implementation > details for consensus policy recommendations governing the > accreditation of privacy and proxy providers. How should GDPR > requirements be factored into developing the accreditation process?” > We will certainly keep you apprised of any feedback we receive. > > See you on our call tomorrow. > > Kind regards, > > Caitlin > _______________________________________________ > Gdd-gnso-ppsai-impl mailing list > Gdd-gnso-ppsai-impl@icann.org > https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
That is helpful. Thank you! sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:46 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Sara, I will be sending the updated issues list by the end of today. As far as the agenda for the next meeting, we will be going through the issues in the order in which they appear on the issues list. It is hard to determine how many issues we will get through during next Tuesday’s meeting, as that is largely dependent on the complexity and accompanying discussion of each issue. I hope that is helpful. Kind regards, Caitlin On 12/6/17, 11:31 AM, "Gdd-gnso-ppsai-impl on behalf of Sara Bockey" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of sbockey@godaddy.com> wrote: Thanks, Caitlin! When can we expect the agenda and all related docs for the next meeting? Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:29 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Theo, Thank you for the question. Attached, please find the updated draft PPAA, which includes Peter’s comments. I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly. Kind regards, Caitlin On 12/6/17, 4:12 AM, "gtheo" <gtheo@xs4all.nl> wrote: Hi Caitlin, Are Peters comments going to be added to the draft so we can discuss them? Thanks, Theo Caitlin Tubergen schreef op 2017-12-05 04:07 PM: > FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> > DATE: Tuesday, December 5, 2017 at 5:40 AM > TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, > "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> > SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments > > Good morning all – > > I have a few additional comments on the draft: > > Overall – this agreement seems to misunderstand the point of having > a high priority request mechanism. High priority requests are usually > emergencies where victims are moments away from danger. Not requiring > immediate responses to these requests renders them moot. A request > that is answered within 24 hours, but 20 hours after the victim is > dead, does not respect the importance of the request or the imminence > of the danger. > > 3.12.2 - If the abuse contact point is not monitored 24/7, how are > providers going to respond to high priority requests in time? > > SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK > SPECIFICATION > > 3.1 – This is the same issue as for 3.12.2 in the main bod of the > agreement, if the point of contact is not required to be available > 24/7, it defeats the purpose of the high priority requests. > > 3.2.1 – This part of the receipt process combined with 4.1 creates a > two day window before providers have to even address whether a request > is high priority, again defeating the purpose of having a high > priority request. > > 4.1.1 – By waiting to respond until after the Receipt Process is > complete, which can take up to two days under 3.2.1, the agreement > renders the high priority request provisions moot. > > 4.1.2 – Responding to high priority requests within 24 hours is not > sufficient. A request that is answered within 24 hours, but 20 hours > after the victim is dead, does not respect the importance of the > request or the imminence of the danger. High priority requests need > to be responded to more or less immediately. > > 4.3.2 – The Provider should be required to disclose changes to the > timeframe for notification of the Customer to LEA Requestors with > current requests (i.e., “should” should be “must”). If the > Customer is a target, notifying the Customer without alerting LEA can > lead to the Customer destroying evidence, fleeing, or even threatening > or killing informants who led law enforcement to the Customer’s > account in the first place. > > 5.1 – I do not understand the purpose of this provision. LEA is not > a party to this agreement and the agreement has no ability to bind LEA > actions if the Provider fails to respond to a request. > > 6.2 – I do not understand the purpose of this provision either. LEA > is not a party to this agreement and the agreement has no ability to > bind LEA use of the evidence provided by the Provider. > > Peter Roman > > Senior Counsel > > Computer Crime & Intellectual Property Section > > Criminal Division > > Department of Justice > > 1301 New York Ave., NW > Washington, DC 20530 > (202) 305-1323 > > peter.roman@usdoj.gov > > FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] > SENT: Monday, December 4, 2017 11:36 PM > TO: gdd-gnso-ppsai-impl@icann.org > CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> > SUBJECT: Agenda + Updated Draft PPAA with IRT comments > > Greetings, Colleagues. > > Thank you for all of your input on the draft Privacy and Proxy Service > Provider Accreditation Agreement (“PPAA”). > > Attached, you will find an updated PPAA, which incorporates the > comments received. I am also working on updating the issues list and > will be distributing the list some time tomorrow. > > For tomorrow’s call, we can begin by discussing some of the > high-level issues some of the IRT members have raised. Specifically: > > * The concern that the text of the PPAA does not match the WG’s > recommendations > * The idea of having two PPAAs: one for affiliated providers and one > for unaffiliated providers > * The IRT’s preferred path forward for dealing with the comments > received > > Additionally, I’d like to note two things. First, further to > Darcy’s message today, the GNSO Council recently voted to move the > Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I > believe the Council directed this issue to be discussed during the > public comment period. Darcy, please feel free to add additional > context either on the list or on tomorrow’s call. > > Lastly, there have been several mentions of GDPR as a potential > issue/barrier to the PPSAI implementation. I would like to note that > ICANN has engaged legal experts to analyze the impact the European > Union General Data Protection Regulation (“GDPR”) will have on > various data processing activities under ICANN policies and contracts. > Such policies and contracts require or permit various entities that > participate in the gTLD domain name system, including registries and > registrars, to collect, create, retain, escrow, and publish a variety > of personal data elements related to registry/registrar operations, > domain name registrations, and registrants. > > The legal review and analysis is being conducted in iterative phases, > and ICANN gathered questions from community discussions and > submissions to submit to the legal experts for possible discussion in > Part 2 of the analysis. One of the questions included the following: > “ICANN org is working with the community to develop implementation > details for consensus policy recommendations governing the > accreditation of privacy and proxy providers. How should GDPR > requirements be factored into developing the accreditation process?” > We will certainly keep you apprised of any feedback we receive. > > See you on our call tomorrow. > > Kind regards, > > Caitlin > _______________________________________________ > Gdd-gnso-ppsai-impl mailing list > Gdd-gnso-ppsai-impl@icann.org > https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
Hi Caitlin, I note that my comments re spec 2 (now spec 1) do not appear in the new redline re the PPAA, I presume they will at least be memorialized in the issues list. Please confirm. Thanks, Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:47 PM, "Sara Bockey" <sbockey@godaddy.com> wrote: That is helpful. Thank you! sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:46 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Sara, I will be sending the updated issues list by the end of today. As far as the agenda for the next meeting, we will be going through the issues in the order in which they appear on the issues list. It is hard to determine how many issues we will get through during next Tuesday’s meeting, as that is largely dependent on the complexity and accompanying discussion of each issue. I hope that is helpful. Kind regards, Caitlin On 12/6/17, 11:31 AM, "Gdd-gnso-ppsai-impl on behalf of Sara Bockey" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of sbockey@godaddy.com> wrote: Thanks, Caitlin! When can we expect the agenda and all related docs for the next meeting? Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:29 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Theo, Thank you for the question. Attached, please find the updated draft PPAA, which includes Peter’s comments. I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly. Kind regards, Caitlin On 12/6/17, 4:12 AM, "gtheo" <gtheo@xs4all.nl> wrote: Hi Caitlin, Are Peters comments going to be added to the draft so we can discuss them? Thanks, Theo Caitlin Tubergen schreef op 2017-12-05 04:07 PM: > FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> > DATE: Tuesday, December 5, 2017 at 5:40 AM > TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, > "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> > SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments > > Good morning all – > > I have a few additional comments on the draft: > > Overall – this agreement seems to misunderstand the point of having > a high priority request mechanism. High priority requests are usually > emergencies where victims are moments away from danger. Not requiring > immediate responses to these requests renders them moot. A request > that is answered within 24 hours, but 20 hours after the victim is > dead, does not respect the importance of the request or the imminence > of the danger. > > 3.12.2 - If the abuse contact point is not monitored 24/7, how are > providers going to respond to high priority requests in time? > > SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK > SPECIFICATION > > 3.1 – This is the same issue as for 3.12.2 in the main bod of the > agreement, if the point of contact is not required to be available > 24/7, it defeats the purpose of the high priority requests. > > 3.2.1 – This part of the receipt process combined with 4.1 creates a > two day window before providers have to even address whether a request > is high priority, again defeating the purpose of having a high > priority request. > > 4.1.1 – By waiting to respond until after the Receipt Process is > complete, which can take up to two days under 3.2.1, the agreement > renders the high priority request provisions moot. > > 4.1.2 – Responding to high priority requests within 24 hours is not > sufficient. A request that is answered within 24 hours, but 20 hours > after the victim is dead, does not respect the importance of the > request or the imminence of the danger. High priority requests need > to be responded to more or less immediately. > > 4.3.2 – The Provider should be required to disclose changes to the > timeframe for notification of the Customer to LEA Requestors with > current requests (i.e., “should” should be “must”). If the > Customer is a target, notifying the Customer without alerting LEA can > lead to the Customer destroying evidence, fleeing, or even threatening > or killing informants who led law enforcement to the Customer’s > account in the first place. > > 5.1 – I do not understand the purpose of this provision. LEA is not > a party to this agreement and the agreement has no ability to bind LEA > actions if the Provider fails to respond to a request. > > 6.2 – I do not understand the purpose of this provision either. LEA > is not a party to this agreement and the agreement has no ability to > bind LEA use of the evidence provided by the Provider. > > Peter Roman > > Senior Counsel > > Computer Crime & Intellectual Property Section > > Criminal Division > > Department of Justice > > 1301 New York Ave., NW > Washington, DC 20530 > (202) 305-1323 > > peter.roman@usdoj.gov > > FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] > SENT: Monday, December 4, 2017 11:36 PM > TO: gdd-gnso-ppsai-impl@icann.org > CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> > SUBJECT: Agenda + Updated Draft PPAA with IRT comments > > Greetings, Colleagues. > > Thank you for all of your input on the draft Privacy and Proxy Service > Provider Accreditation Agreement (“PPAA”). > > Attached, you will find an updated PPAA, which incorporates the > comments received. I am also working on updating the issues list and > will be distributing the list some time tomorrow. > > For tomorrow’s call, we can begin by discussing some of the > high-level issues some of the IRT members have raised. Specifically: > > * The concern that the text of the PPAA does not match the WG’s > recommendations > * The idea of having two PPAAs: one for affiliated providers and one > for unaffiliated providers > * The IRT’s preferred path forward for dealing with the comments > received > > Additionally, I’d like to note two things. First, further to > Darcy’s message today, the GNSO Council recently voted to move the > Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I > believe the Council directed this issue to be discussed during the > public comment period. Darcy, please feel free to add additional > context either on the list or on tomorrow’s call. > > Lastly, there have been several mentions of GDPR as a potential > issue/barrier to the PPSAI implementation. I would like to note that > ICANN has engaged legal experts to analyze the impact the European > Union General Data Protection Regulation (“GDPR”) will have on > various data processing activities under ICANN policies and contracts. > Such policies and contracts require or permit various entities that > participate in the gTLD domain name system, including registries and > registrars, to collect, create, retain, escrow, and publish a variety > of personal data elements related to registry/registrar operations, > domain name registrations, and registrants. > > The legal review and analysis is being conducted in iterative phases, > and ICANN gathered questions from community discussions and > submissions to submit to the legal experts for possible discussion in > Part 2 of the analysis. One of the questions included the following: > “ICANN org is working with the community to develop implementation > details for consensus policy recommendations governing the > accreditation of privacy and proxy providers. How should GDPR > requirements be factored into developing the accreditation process?” > We will certainly keep you apprised of any feedback we receive. > > See you on our call tomorrow. > > Kind regards, > > Caitlin > _______________________________________________ > Gdd-gnso-ppsai-impl mailing list > Gdd-gnso-ppsai-impl@icann.org > https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
Dear Colleagues, Thank you for your participation on yesterday’s call. For those of you who were unable to attend, I encourage you to review the recording and accompanying materials here: https://community.icann.org/display/IRT/05+December+2017. Attached, please find an updated PPAA, which includes Sara’s inadvertently-omitted comment. Additionally, please find an updated issues list, which incorporates the comments in the draft PPAA as well as previous feedback received on the referenced issues (if any). On our next call on Tuesday, 12 December, we will be going through the issues in the order in which they appear on the list. Per the issues list, we will be begin discussing the definitional issues on Tuesday. If you provided feedback or have concerns about the definitions section of the draft PPAA, please try to attend Tuesday’s call. I am also in the process of compiling the requested table, which will break down requirements that only apply to unaffiliated providers and requirements that apply to both unaffiliated and affiliated providers. I will send the table to the list when it is ready; I anticipate it will be ready to share on Friday of this week or Monday of next week. Thank you again for all of your feedback, and I look forward to speaking with you on Tuesday’s call. Please let me know if there is anything else I can do to better assist your review of the draft PPAA. Kind regards, Caitlin On 12/6/17, 12:12 PM, "Gdd-gnso-ppsai-impl on behalf of Sara Bockey" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of sbockey@godaddy.com> wrote: Hi Caitlin, I note that my comments re spec 2 (now spec 1) do not appear in the new redline re the PPAA, I presume they will at least be memorialized in the issues list. Please confirm. Thanks, Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:47 PM, "Sara Bockey" <sbockey@godaddy.com> wrote: That is helpful. Thank you! sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:46 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Sara, I will be sending the updated issues list by the end of today. As far as the agenda for the next meeting, we will be going through the issues in the order in which they appear on the issues list. It is hard to determine how many issues we will get through during next Tuesday’s meeting, as that is largely dependent on the complexity and accompanying discussion of each issue. I hope that is helpful. Kind regards, Caitlin On 12/6/17, 11:31 AM, "Gdd-gnso-ppsai-impl on behalf of Sara Bockey" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of sbockey@godaddy.com> wrote: Thanks, Caitlin! When can we expect the agenda and all related docs for the next meeting? Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. On 12/6/17, 12:29 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote: Hi Theo, Thank you for the question. Attached, please find the updated draft PPAA, which includes Peter’s comments. I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly. Kind regards, Caitlin On 12/6/17, 4:12 AM, "gtheo" <gtheo@xs4all.nl> wrote: Hi Caitlin, Are Peters comments going to be added to the draft so we can discuss them? Thanks, Theo Caitlin Tubergen schreef op 2017-12-05 04:07 PM: > FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> > DATE: Tuesday, December 5, 2017 at 5:40 AM > TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, > "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> > SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments > > Good morning all – > > I have a few additional comments on the draft: > > Overall – this agreement seems to misunderstand the point of having > a high priority request mechanism. High priority requests are usually > emergencies where victims are moments away from danger. Not requiring > immediate responses to these requests renders them moot. A request > that is answered within 24 hours, but 20 hours after the victim is > dead, does not respect the importance of the request or the imminence > of the danger. > > 3.12.2 - If the abuse contact point is not monitored 24/7, how are > providers going to respond to high priority requests in time? > > SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK > SPECIFICATION > > 3.1 – This is the same issue as for 3.12.2 in the main bod of the > agreement, if the point of contact is not required to be available > 24/7, it defeats the purpose of the high priority requests. > > 3.2.1 – This part of the receipt process combined with 4.1 creates a > two day window before providers have to even address whether a request > is high priority, again defeating the purpose of having a high > priority request. > > 4.1.1 – By waiting to respond until after the Receipt Process is > complete, which can take up to two days under 3.2.1, the agreement > renders the high priority request provisions moot. > > 4.1.2 – Responding to high priority requests within 24 hours is not > sufficient. A request that is answered within 24 hours, but 20 hours > after the victim is dead, does not respect the importance of the > request or the imminence of the danger. High priority requests need > to be responded to more or less immediately. > > 4.3.2 – The Provider should be required to disclose changes to the > timeframe for notification of the Customer to LEA Requestors with > current requests (i.e., “should” should be “must”). If the > Customer is a target, notifying the Customer without alerting LEA can > lead to the Customer destroying evidence, fleeing, or even threatening > or killing informants who led law enforcement to the Customer’s > account in the first place. > > 5.1 – I do not understand the purpose of this provision. LEA is not > a party to this agreement and the agreement has no ability to bind LEA > actions if the Provider fails to respond to a request. > > 6.2 – I do not understand the purpose of this provision either. LEA > is not a party to this agreement and the agreement has no ability to > bind LEA use of the evidence provided by the Provider. > > Peter Roman > > Senior Counsel > > Computer Crime & Intellectual Property Section > > Criminal Division > > Department of Justice > > 1301 New York Ave., NW > Washington, DC 20530 > (202) 305-1323 > > peter.roman@usdoj.gov > > FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] > SENT: Monday, December 4, 2017 11:36 PM > TO: gdd-gnso-ppsai-impl@icann.org > CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> > SUBJECT: Agenda + Updated Draft PPAA with IRT comments > > Greetings, Colleagues. > > Thank you for all of your input on the draft Privacy and Proxy Service > Provider Accreditation Agreement (“PPAA”). > > Attached, you will find an updated PPAA, which incorporates the > comments received. I am also working on updating the issues list and > will be distributing the list some time tomorrow. > > For tomorrow’s call, we can begin by discussing some of the > high-level issues some of the IRT members have raised. Specifically: > > * The concern that the text of the PPAA does not match the WG’s > recommendations > * The idea of having two PPAAs: one for affiliated providers and one > for unaffiliated providers > * The IRT’s preferred path forward for dealing with the comments > received > > Additionally, I’d like to note two things. First, further to > Darcy’s message today, the GNSO Council recently voted to move the > Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I > believe the Council directed this issue to be discussed during the > public comment period. Darcy, please feel free to add additional > context either on the list or on tomorrow’s call. > > Lastly, there have been several mentions of GDPR as a potential > issue/barrier to the PPSAI implementation. I would like to note that > ICANN has engaged legal experts to analyze the impact the European > Union General Data Protection Regulation (“GDPR”) will have on > various data processing activities under ICANN policies and contracts. > Such policies and contracts require or permit various entities that > participate in the gTLD domain name system, including registries and > registrars, to collect, create, retain, escrow, and publish a variety > of personal data elements related to registry/registrar operations, > domain name registrations, and registrants. > > The legal review and analysis is being conducted in iterative phases, > and ICANN gathered questions from community discussions and > submissions to submit to the legal experts for possible discussion in > Part 2 of the analysis. One of the questions included the following: > “ICANN org is working with the community to develop implementation > details for consensus policy recommendations governing the > accreditation of privacy and proxy providers. How should GDPR > requirements be factored into developing the accreditation process?” > We will certainly keep you apprised of any feedback we receive. > > See you on our call tomorrow. > > Kind regards, > > Caitlin > _______________________________________________ > Gdd-gnso-ppsai-impl mailing list > Gdd-gnso-ppsai-impl@icann.org > https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
Thanks Caitlin, Where can I get the transcript of this weeks call if available? And I am sorry I won't be able to attend next weeks call also. Thanks, Theo On 6-12-2017 20:46, Caitlin Tubergen wrote:
Hi Sara,
I will be sending the updated issues list by the end of today. As far as the agenda for the next meeting, we will be going through the issues in the order in which they appear on the issues list. It is hard to determine how many issues we will get through during next Tuesday’s meeting, as that is largely dependent on the complexity and accompanying discussion of each issue.
I hope that is helpful.
Kind regards,
Caitlin
On 12/6/17, 11:31 AM, "Gdd-gnso-ppsai-impl on behalf of Sara Bockey" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of sbockey@godaddy.com> wrote:
Thanks, Caitlin!
When can we expect the agenda and all related docs for the next meeting?
Sara
sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com 480-366-3616 skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
On 12/6/17, 12:29 PM, "Gdd-gnso-ppsai-impl on behalf of Caitlin Tubergen" <gdd-gnso-ppsai-impl-bounces@icann.org on behalf of caitlin.tubergen@icann.org> wrote:
Hi Theo,
Thank you for the question.
Attached, please find the updated draft PPAA, which includes Peter’s comments.
I will be sending additional materials to the IRT (link to recording, issues list, etc.) shortly.
Kind regards,
Caitlin
On 12/6/17, 4:12 AM, "gtheo" <gtheo@xs4all.nl> wrote:
Hi Caitlin,
Are Peters comments going to be added to the draft so we can discuss them?
Thanks,
Theo
Caitlin Tubergen schreef op 2017-12-05 04:07 PM: > FROM: "Roman, Peter (CRM)" <Peter.Roman@usdoj.gov> > DATE: Tuesday, December 5, 2017 at 5:40 AM > TO: Caitlin Tubergen <caitlin.tubergen@icann.org>, > "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> > SUBJECT: [Ext] RE: Agenda + Updated Draft PPAA with IRT comments > > Good morning all – > > I have a few additional comments on the draft: > > Overall – this agreement seems to misunderstand the point of having > a high priority request mechanism. High priority requests are usually > emergencies where victims are moments away from danger. Not requiring > immediate responses to these requests renders them moot. A request > that is answered within 24 hours, but 20 hours after the victim is > dead, does not respect the importance of the request or the imminence > of the danger. > > 3.12.2 - If the abuse contact point is not monitored 24/7, how are > providers going to respond to high priority requests in time? > > SPECIFICATION 5: LAW ENFORCEMENT AUTHORITY DISCLOSURE FRAMEWORK > SPECIFICATION > > 3.1 – This is the same issue as for 3.12.2 in the main bod of the > agreement, if the point of contact is not required to be available > 24/7, it defeats the purpose of the high priority requests. > > 3.2.1 – This part of the receipt process combined with 4.1 creates a > two day window before providers have to even address whether a request > is high priority, again defeating the purpose of having a high > priority request. > > 4.1.1 – By waiting to respond until after the Receipt Process is > complete, which can take up to two days under 3.2.1, the agreement > renders the high priority request provisions moot. > > 4.1.2 – Responding to high priority requests within 24 hours is not > sufficient. A request that is answered within 24 hours, but 20 hours > after the victim is dead, does not respect the importance of the > request or the imminence of the danger. High priority requests need > to be responded to more or less immediately. > > 4.3.2 – The Provider should be required to disclose changes to the > timeframe for notification of the Customer to LEA Requestors with > current requests (i.e., “should” should be “must”). If the > Customer is a target, notifying the Customer without alerting LEA can > lead to the Customer destroying evidence, fleeing, or even threatening > or killing informants who led law enforcement to the Customer’s > account in the first place. > > 5.1 – I do not understand the purpose of this provision. LEA is not > a party to this agreement and the agreement has no ability to bind LEA > actions if the Provider fails to respond to a request. > > 6.2 – I do not understand the purpose of this provision either. LEA > is not a party to this agreement and the agreement has no ability to > bind LEA use of the evidence provided by the Provider. > > Peter Roman > > Senior Counsel > > Computer Crime & Intellectual Property Section > > Criminal Division > > Department of Justice > > 1301 New York Ave., NW > Washington, DC 20530 > (202) 305-1323 > > peter.roman@usdoj.gov > > FROM: Caitlin Tubergen [mailto:caitlin.tubergen@icann.org] > SENT: Monday, December 4, 2017 11:36 PM > TO: gdd-gnso-ppsai-impl@icann.org > CC: Roman, Peter (CRM) <Peter.Roman@CRM.USDOJ.GOV> > SUBJECT: Agenda + Updated Draft PPAA with IRT comments > > Greetings, Colleagues. > > Thank you for all of your input on the draft Privacy and Proxy Service > Provider Accreditation Agreement (“PPAA”). > > Attached, you will find an updated PPAA, which incorporates the > comments received. I am also working on updating the issues list and > will be distributing the list some time tomorrow. > > For tomorrow’s call, we can begin by discussing some of the > high-level issues some of the IRT members have raised. Specifically: > > * The concern that the text of the PPAA does not match the WG’s > recommendations > * The idea of having two PPAAs: one for affiliated providers and one > for unaffiliated providers > * The IRT’s preferred path forward for dealing with the comments > received > > Additionally, I’d like to note two things. First, further to > Darcy’s message today, the GNSO Council recently voted to move the > Transfer Policy (IRTP-C) issue for discussion within the PPSAI IRT. I > believe the Council directed this issue to be discussed during the > public comment period. Darcy, please feel free to add additional > context either on the list or on tomorrow’s call. > > Lastly, there have been several mentions of GDPR as a potential > issue/barrier to the PPSAI implementation. I would like to note that > ICANN has engaged legal experts to analyze the impact the European > Union General Data Protection Regulation (“GDPR”) will have on > various data processing activities under ICANN policies and contracts. > Such policies and contracts require or permit various entities that > participate in the gTLD domain name system, including registries and > registrars, to collect, create, retain, escrow, and publish a variety > of personal data elements related to registry/registrar operations, > domain name registrations, and registrants. > > The legal review and analysis is being conducted in iterative phases, > and ICANN gathered questions from community discussions and > submissions to submit to the legal experts for possible discussion in > Part 2 of the analysis. One of the questions included the following: > “ICANN org is working with the community to develop implementation > details for consensus policy recommendations governing the > accreditation of privacy and proxy providers. How should GDPR > requirements be factored into developing the accreditation process?” > We will certainly keep you apprised of any feedback we receive. > > See you on our call tomorrow. > > Kind regards, > > Caitlin > _______________________________________________ > Gdd-gnso-ppsai-impl mailing list > Gdd-gnso-ppsai-impl@icann.org > https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
_______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
participants (4)
-
Caitlin Tubergen -
gtheo -
Sara Bockey -
theo geurts