To quickly respond to Greg's point, I think we are way beyond the point of understanding the spirit of the requests. As previously noted we would not be sitting at this table if we did not all patently understand the "why"; our point remains that even the most worthy of reasons may fall foul of an inadequate form, explanation or justification . The law has set out the principles and we must devise policy that respects that law - need I also remind, we did not write the law, we, (and for clarity the WE here is the contracted parties and not the 3rd party requester) are the ones that must follow it here in the first instance. All the good intentions in the world will not remedy illegality in our policy. To echo the sentiment of the CPH letter sent on Tuesday, and noting Janis has indicated that he hopes that the Zero Version report shall start that path, I will reiterated that we need to create policy that is aimed at expecting and glean the type of information required in a request, and not merely provide 'standard' request formats based on 'Case Study 1 through *∞* . Every request received will be unique - the policy/ process on how to deal with each unique request - is what we should be trying to standardize. Therefore to answer Mark's question as to what concrete steps I'm talking about , using our 'use case' discussion and indeed my own reasoning when reviewing them,I have thrown together a *really rough draft *of the process which, when we cut through the concept of justifying angles, and actually critically identify the process necessary in a 6(1)f situation - This was merely an exercise of taking the process we are going through in our heads in our deliberations, and writing it down for posterity. So I have tried to focus on the process elements, which I go through in assessing the individual "case study" - we need to take a step back to viewing a case study (singular) as raw material to see what process steps we take to treat that material, and come up with an answer - either 1)release 2)request more info or 3)decline. I hope it helps! Alan PS : to be clear this is my document not a RYSG or CPH doc [image: Donuts Inc.] <http://donuts.domains> Alan Woods Senior Compliance & Policy Manager, Donuts Inc. ------------------------------ The Victorians, 15-18 Earlsfort Terrace Dublin 2, County Dublin Ireland <https://www.facebook.com/donutstlds> <https://twitter.com/DonutsInc> <https://www.linkedin.com/company/donuts-inc> Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you. On Mon, Aug 12, 2019 at 5:44 PM Mark Svancarek (CELA) <marksv@microsoft.com> wrote:

*Alan*, your advice seems reasonable, but I am not sure I am understanding what you are suggesting in actual practice.

Regarding:

“The past 2 use cases we have considered, although we appreciate the work that was undertaken to present to us in such detail, both requests were ultimately based on the same process of a 6(1)f. Our task must be to see-past the window dressing and consider the similarities and commonalities of the underlying process involved; this is after all, our goal. We seem to have slipped back into scrambling to getting our ‘interests’ and our ‘claims’ on the record for fear they somehow will not be accepted from consideration; we would again like to assert, that in the interests of time and resources, that the team should be prioritizing review of contrasting use cases, ones that require differing approaches, to further anticipate the breadth of the policy required, and not merely rehashing the same process from a different angle. “

What should we have done differently, and how would you propose to handle it going forward? Some specificity would be helpful.

*From:* Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Alan Woods *Sent:* Monday, August 12, 2019 1:37 AM *To:* James M. Bladel <jbladel@godaddy.com> *Cc:* gnso-epdp-team@icann.org *Subject:* Re: [Gnso-epdp-team] On the subject of ICANN's Bylaws...

Dear Colleagues,

The RYSG would like to support and thank James for his excellent response. We appreciate especially the reminder that the context in our discussions is key and we must resist, however how inadvertently, layering our own interpretations on top of settled, and defined concepts. Needless to say we support his reasoning wholeheartedly.

We would further like to note 2 things. We do believe that this creep of the legal vs natural discussion back into our agenda, as was already very well responded to by Volker earlier today, is tending to be again, a large distraction to our focus on other legitimate use cases that help establish the process – At this point, and noting the calls for speed and structure from all quarters, we would kindly request that the discussion on legal vs. natural should only occur as part of the priority 2 discussions, as has been agreed to by the group.

Secondly, we must also remind the group, that the point of these uses cases is not so that we can create a cookie cutter responses in specific cases, e.g. the security researcher or even in the case of the consumer. The past 2 use cases we have considered, although we appreciate the work that was undertaken to present to us in such detail, both requests were ultimately based on the same process of a 6(1)f. Our task must be to see-past the window dressing and consider the similarities and commonalities of the underlying process involved; this is after all, our goal. We seem to have slipped back into scrambling to getting our ‘interests’ and our ‘claims’ on the record for fear they somehow will not be accepted from consideration; we would again like to assert, that in the interests of time and resources, that the team should be prioritizing review of contrasting use cases, ones that require differing approaches, to further anticipate the breadth of the policy required, and not merely rehashing the same process from a different angle.

Kind regards,

Alan Woods

[image: Donuts Inc.] <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.doma...>

*Alan Woods*

Senior Compliance & Policy Manager, Donuts Inc. ------------------------------

The Victorians,

15-18 Earlsfort Terrace Dublin 2, County Dublin Ireland

<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebo...>

<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.co...>

<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linked...>

Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you.

On Fri, Aug 9, 2019 at 4:47 PM James M. Bladel <jbladel@godaddy.com> wrote:

Good morning, Colleagues-

During yesterday’s call, a few folks mentioned that ICANN’s Bylaws contain commitments to uphold “Competition” and “Consumer Choice/Consumer Trust”. These references to the Bylaws were offered in support of the proposed Use Case that RDS data should be a primary resource for consumers who are seeking to verify the operator of a website, or check the reputation of business, or to dispute a commercial transaction.

For clarity, it’s worth noting that the predominant context for “competition” in ICANN’s Bylaws is specific to the domain name industry, esp. Registries and Registrars. And this makes sense, given that the industry prior to ICANN had no concept of “competition” or “consumer choice”; all domain transactions were handled by a single provider.

Additionally, mentions of “consumer protection”, “consumer choice”, and “consumer trust” within the Bylaws are contained within Section 4.6(d), which outlines the “Periodic Reviews”, and are an element of the 2012 New gTLD program. These sections were ported to the Bylaws from the Affirmation of Commitments, and were drafted when many feared that new gTLDs would confuse consumers and undermine trust/confidence in the DNS.

Taken together, it’s not correct to conclude that WHOIS/RDS data is intended to replace or preempt more widely recognized alternative tools for online consumers, like:

- SSL certificates, verified by Certificate Authorities (CA) and supported by all modern browsers - Trust certificates (issued by organizations like the Better Business Bureau, Trustwave, McAffee, SiteLock, and card processors like Visa/Mastercard) - Reputation/review services like Google ratings, Yelp, and Facebook or Amazon reviews, and - The “About Us” or “Contact Us” or “Customer Support” links on merchant websites, which are omnipresent for legitimate businesses and required by law in many areas.

But if this is still a point of divergence among the EPDP members, then perhaps we could consult ICANN Legal about the extent of their “Competition” and “Consumer Trust” mandate, and whether they believe ICANN is on the hook for the integrity & consumer satisfaction for all commercial activity taking place anywhere on the Internet.

J.

-------------

*James Bladel*

*GoDaddy*

_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.o...> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann....>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann....>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

All: Let me provide some background about Greg’s favorite section of the bylaws. He is fixated on the presence of three words he likes (global public interest) and not the actual meaning of the section. That core value emerged from a debate about the extent to which “the global public interest” was a meaningful guide to policy making. Those of us with extensive experience with regulatory systems around the world know that “public interest” is a blanket term that can be used to justify almost anything, from completely shutting down the internet to martial law to rate regulation. We knew as we were debating this that anyone can, and everyone does, claim that whatever policy they want is “in the public interest.” We did not want the Board to have the discretion to “divine” the public interest and use that divination to make policy unilaterally. There was, therefore a desire to carefully limit and bound public interest claims. Now look at what 1.2(b)iii actually says. It does NOT say that ICANN’s authority over Internet activity pertains to anything and everything that might be in the global public interest. It says that insofar as an ICANN policy is determined to be in the public interest, it must be so determined by a _bottom up, multistakeholder policy process_ and that such process must be _accountable and transparent_. In other words, this section of the bylaws only tells us _how_ the public interest in any given policy domain is to be ascertained. It does not expand ICANN’s mandate to include anything anyone thinks might be in the public interest. --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Greg Aaron Sent: Monday, August 12, 2019 10:41 AM To: 'James M. Bladel' <jbladel@godaddy.com>; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Dear James: Thank you for your note. I can only speak to the comments I made in Thursday’s call. I did not reference ICANN’s Bylaws about “Competition and Consumer Trust” at all. Your references to Bylaws 4.6 are not relevant to my comments. Some members had stated that the ALAC use case should not even be discussed, because its premise is out of ICANN scope. I stated that it’s our obligation to talk about such issues. I referenced Bylaws 1.2(b)iii -- in the Core Values section – which says that the point of ICANN “policy development and decision-making [is] to ensure that the bottom-up, multistakeholder policy development process is used to ascertain the global public interest and that those processes are accountable and transparent”. My point was that as policy-makers, we are all obliged to apply that principle, especially since this working group is making decisions that will affect millions (if not billions) of people. It is a reminder for us to keep the big picture in mind, and that we’re here to ascertain what’s good for the Internet and discern what options exist within the law to serve that greater purpose. The SSAC has previously encouraged the ePDP to consider the impacts on how registrants and users interact for contactability, problem-solving, the avoidance of fraud, etc. In any case, the CCT Reviews you reference in Bylaws Section 4.6(d) are not the place to shunt all items that involve public impacts. According to the Bylaws, the CCT Reviews exist to examine only a limited set of things – basically CCT issues coming out of the new gTLD program. Instead, any PDP can consider impacts on registrants and users as those issues come up within a WG’s charter. AFAIK our charter does not prohibit such. Your points below about alternate means are a contribution to the substantive debate, and thanks for them. But again, we can only have that debate if we all remember our main decision-making principles, and if issues are on the table in the first place, rather than kept off the table for some reason. All best, --Greg From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of James M. Bladel Sent: Friday, August 9, 2019 11:47 AM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Good morning, Colleagues- During yesterday’s call, a few folks mentioned that ICANN’s Bylaws contain commitments to uphold “Competition” and “Consumer Choice/Consumer Trust”. These references to the Bylaws were offered in support of the proposed Use Case that RDS data should be a primary resource for consumers who are seeking to verify the operator of a website, or check the reputation of business, or to dispute a commercial transaction. For clarity, it’s worth noting that the predominant context for “competition” in ICANN’s Bylaws is specific to the domain name industry, esp. Registries and Registrars. And this makes sense, given that the industry prior to ICANN had no concept of “competition” or “consumer choice”; all domain transactions were handled by a single provider. Additionally, mentions of “consumer protection”, “consumer choice”, and “consumer trust” within the Bylaws are contained within Section 4.6(d), which outlines the “Periodic Reviews”, and are an element of the 2012 New gTLD program. These sections were ported to the Bylaws from the Affirmation of Commitments, and were drafted when many feared that new gTLDs would confuse consumers and undermine trust/confidence in the DNS. Taken together, it’s not correct to conclude that WHOIS/RDS data is intended to replace or preempt more widely recognized alternative tools for online consumers, like: * SSL certificates, verified by Certificate Authorities (CA) and supported by all modern browsers * Trust certificates (issued by organizations like the Better Business Bureau, Trustwave, McAffee, SiteLock, and card processors like Visa/Mastercard) * Reputation/review services like Google ratings, Yelp, and Facebook or Amazon reviews, and * The “About Us” or “Contact Us” or “Customer Support” links on merchant websites, which are omnipresent for legitimate businesses and required by law in many areas. But if this is still a point of divergence among the EPDP members, then perhaps we could consult ICANN Legal about the extent of their “Competition” and “Consumer Trust” mandate, and whether they believe ICANN is on the hook for the integrity & consumer satisfaction for all commercial activity taking place anywhere on the Internet. J. ------------- James Bladel GoDaddy

I wish our positions were compatible. But I don’t think they are. Hadia (and Greg if I am not mistaken) are saying that the ALAC use case is justified because consumer protection is “in the global public interest.” My view, and apparently that of James Bladel and Alan Woods, is that the ALAC case seems to extend ICANN authority to general consumer protection which is outside the scope of ICANN’s mission. Actually there is an even stronger reason to discard this use case. In effect, advocates of this use case are saying that a consumer’s curiosity about who is behind a domain is sufficient cause to disclose protected data. I think this fails the 6.1.f balancing test prima facie. Curiosity does not outweigh a fundamental right, ever. Note well: the advocates of this use case are NOT saying that this is a remedy for fraud or some other form of actual consumer abuse. They say they need to expose this data BEFORE a transaction takes place, before fraud is even possible, because a consumer may be curious or feel uncertain about who is behind it. This is a very, very, very weak rationale, and I see no way that it passes a balancing test. Indeed, if that is a valid justification for disclosure, then we are back in the realm of the pre-GDPR Whois, because it means that anyone for any reason can be curious about who is behind a domain and might benefit from knowing the private data of the registrant. If we accept the ALAC 2 as a valid use case, we are back to pre-temp spec Whois. We all know that is not legal or acceptable. Dr. Milton L Mueller Georgia Institute of Technology School of Public Policy From: Mark Svancarek (CELA) <marksv@microsoft.com> Sent: Monday, August 12, 2019 12:40 PM To: Mueller, Milton L <milton@gatech.edu>; Greg Aaron <greg@illumintel.com>; gnso-epdp-team@icann.org Subject: RE: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Milton, aren’t you and Greg (in this narrow topic) saying compatible things? - MiMu: Public interest is to be determined within MSM - GrAa: Let’s discuss this topic within EPDP From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of Mueller, Milton L Sent: Monday, August 12, 2019 9:33 AM To: Greg Aaron <greg@illumintel.com<mailto:greg@illumintel.com>>; gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] On the subject of ICANN's Bylaws... All: Let me provide some background about Greg’s favorite section of the bylaws. He is fixated on the presence of three words he likes (global public interest) and not the actual meaning of the section. That core value emerged from a debate about the extent to which “the global public interest” was a meaningful guide to policy making. Those of us with extensive experience with regulatory systems around the world know that “public interest” is a blanket term that can be used to justify almost anything, from completely shutting down the internet to martial law to rate regulation. We knew as we were debating this that anyone can, and everyone does, claim that whatever policy they want is “in the public interest.” We did not want the Board to have the discretion to “divine” the public interest and use that divination to make policy unilaterally. There was, therefore a desire to carefully limit and bound public interest claims. Now look at what 1.2(b)iii actually says. It does NOT say that ICANN’s authority over Internet activity pertains to anything and everything that might be in the global public interest. It says that insofar as an ICANN policy is determined to be in the public interest, it must be so determined by a _bottom up, multistakeholder policy process_ and that such process must be _accountable and transparent_. In other words, this section of the bylaws only tells us _how_ the public interest in any given policy domain is to be ascertained. It does not expand ICANN’s mandate to include anything anyone thinks might be in the public interest. --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of Greg Aaron Sent: Monday, August 12, 2019 10:41 AM To: 'James M. Bladel' <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>; gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Dear James: Thank you for your note. I can only speak to the comments I made in Thursday’s call. I did not reference ICANN’s Bylaws about “Competition and Consumer Trust” at all. Your references to Bylaws 4.6 are not relevant to my comments. Some members had stated that the ALAC use case should not even be discussed, because its premise is out of ICANN scope. I stated that it’s our obligation to talk about such issues. I referenced Bylaws 1.2(b)iii -- in the Core Values section – which says that the point of ICANN “policy development and decision-making [is] to ensure that the bottom-up, multistakeholder policy development process is used to ascertain the global public interest and that those processes are accountable and transparent”. My point was that as policy-makers, we are all obliged to apply that principle, especially since this working group is making decisions that will affect millions (if not billions) of people. It is a reminder for us to keep the big picture in mind, and that we’re here to ascertain what’s good for the Internet and discern what options exist within the law to serve that greater purpose. The SSAC has previously encouraged the ePDP to consider the impacts on how registrants and users interact for contactability, problem-solving, the avoidance of fraud, etc. In any case, the CCT Reviews you reference in Bylaws Section 4.6(d) are not the place to shunt all items that involve public impacts. According to the Bylaws, the CCT Reviews exist to examine only a limited set of things – basically CCT issues coming out of the new gTLD program. Instead, any PDP can consider impacts on registrants and users as those issues come up within a WG’s charter. AFAIK our charter does not prohibit such. Your points below about alternate means are a contribution to the substantive debate, and thanks for them. But again, we can only have that debate if we all remember our main decision-making principles, and if issues are on the table in the first place, rather than kept off the table for some reason. All best, --Greg From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of James M. Bladel Sent: Friday, August 9, 2019 11:47 AM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Good morning, Colleagues- During yesterday’s call, a few folks mentioned that ICANN’s Bylaws contain commitments to uphold “Competition” and “Consumer Choice/Consumer Trust”. These references to the Bylaws were offered in support of the proposed Use Case that RDS data should be a primary resource for consumers who are seeking to verify the operator of a website, or check the reputation of business, or to dispute a commercial transaction. For clarity, it’s worth noting that the predominant context for “competition” in ICANN’s Bylaws is specific to the domain name industry, esp. Registries and Registrars. And this makes sense, given that the industry prior to ICANN had no concept of “competition” or “consumer choice”; all domain transactions were handled by a single provider. Additionally, mentions of “consumer protection”, “consumer choice”, and “consumer trust” within the Bylaws are contained within Section 4.6(d), which outlines the “Periodic Reviews”, and are an element of the 2012 New gTLD program. These sections were ported to the Bylaws from the Affirmation of Commitments, and were drafted when many feared that new gTLDs would confuse consumers and undermine trust/confidence in the DNS. Taken together, it’s not correct to conclude that WHOIS/RDS data is intended to replace or preempt more widely recognized alternative tools for online consumers, like: * SSL certificates, verified by Certificate Authorities (CA) and supported by all modern browsers * Trust certificates (issued by organizations like the Better Business Bureau, Trustwave, McAffee, SiteLock, and card processors like Visa/Mastercard) * Reputation/review services like Google ratings, Yelp, and Facebook or Amazon reviews, and * The “About Us” or “Contact Us” or “Customer Support” links on merchant websites, which are omnipresent for legitimate businesses and required by law in many areas. But if this is still a point of divergence among the EPDP members, then perhaps we could consult ICANN Legal about the extent of their “Competition” and “Consumer Trust” mandate, and whether they believe ICANN is on the hook for the integrity & consumer satisfaction for all commercial activity taking place anywhere on the Internet. J. ------------- James Bladel GoDaddy

Hi Brian,

On Aug 12, 2019, at 10:59 PM, King, Brian via Gnso-epdp-team <gnso-epdp-team@icann.org> wrote:

[SNIP]

While I’d love to hear that folks outside of CSG and the ACs support redacting only data pertaining to registrants who are subject to GDPR (therefore eliminating the need for such a request), previous conversations in this EPDP do not support such an assumption. Until that particular pig grows its wings, the ALAC use case has even clearer merit.

I’m not sure what you’re referring to here, so if you could clarify, I’d appreciate it. Recommendations 16 (differentiation based on a geo basis) and 17 (differentiation of legal vs natural persons) of phase 1 of the EPDP have somewhat settled the issue of applicability of GNSO recommendations to registrants, irrespective of wether or not they are subject to GDPR. There was good reason for these recommendations ending up the way they did. Obviously, we don’t all agree with this, but it is what it is. Granted, that there is still ongoing work on the legal vs natural issue, but like Alan Woods has said in his email…, that discussion should be taking place on the priority 2 workstream. In the meantime, I don’t see how previous conversations on “this EPDP” characterize the outcomes of phase 1 as assumptions. They’re better characterized as GNSO policy recommendations adopted by the Board, and in the process of being implemented. Thanks. Amr

In a way, Mark. But Milton did mischaracterize my remarks. I said debate the issues, in our multistakeholder policy process, and don’t quash discussion. I also said the group will then make decisions -- obviously people may disagree about that the public interest entails. But at least members are obliged to discuss the issues in the intended spirit. And that Core Value is not just a “how we do the work” statement.… it’s a statement about _why_ we do the work. --Greg From: Mark Svancarek (CELA) <marksv@microsoft.com> Sent: Monday, August 12, 2019 12:40 PM To: Mueller, Milton L <milton@gatech.edu>; Greg Aaron <greg@illumintel.com>; gnso-epdp-team@icann.org Subject: RE: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Milton, aren’t you and Greg (in this narrow topic) saying compatible things? * MiMu: Public interest is to be determined within MSM * GrAa: Let’s discuss this topic within EPDP From: Gnso-epdp-team < <mailto:gnso-epdp-team-bounces@icann.org> gnso-epdp-team-bounces@icann.org> On Behalf Of Mueller, Milton L Sent: Monday, August 12, 2019 9:33 AM To: Greg Aaron < <mailto:greg@illumintel.com> greg@illumintel.com>; <mailto:gnso-epdp-team@icann.org> gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] On the subject of ICANN's Bylaws... All: Let me provide some background about Greg’s favorite section of the bylaws. He is fixated on the presence of three words he likes (global public interest) and not the actual meaning of the section. That core value emerged from a debate about the extent to which “the global public interest” was a meaningful guide to policy making. Those of us with extensive experience with regulatory systems around the world know that “public interest” is a blanket term that can be used to justify almost anything, from completely shutting down the internet to martial law to rate regulation. We knew as we were debating this that anyone can, and everyone does, claim that whatever policy they want is “in the public interest.” We did not want the Board to have the discretion to “divine” the public interest and use that divination to make policy unilaterally. There was, therefore a desire to carefully limit and bound public interest claims. Now look at what 1.2(b)iii actually says. It does NOT say that ICANN’s authority over Internet activity pertains to anything and everything that might be in the global public interest. It says that insofar as an ICANN policy is determined to be in the public interest, it must be so determined by a _bottom up, multistakeholder policy process_ and that such process must be _accountable and transparent_. In other words, this section of the bylaws only tells us _how_ the public interest in any given policy domain is to be ascertained. It does not expand ICANN’s mandate to include anything anyone thinks might be in the public interest. --MM From: Gnso-epdp-team < <mailto:gnso-epdp-team-bounces@icann.org> gnso-epdp-team-bounces@icann.org> On Behalf Of Greg Aaron Sent: Monday, August 12, 2019 10:41 AM To: 'James M. Bladel' < <mailto:jbladel@godaddy.com> jbladel@godaddy.com>; <mailto:gnso-epdp-team@icann.org> gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Dear James: Thank you for your note. I can only speak to the comments I made in Thursday’s call. I did not reference ICANN’s Bylaws about “Competition and Consumer Trust” at all. Your references to Bylaws 4.6 are not relevant to my comments. Some members had stated that the ALAC use case should not even be discussed, because its premise is out of ICANN scope. I stated that it’s our obligation to talk about such issues. I referenced Bylaws 1.2(b)iii -- in the Core Values section – which says that the point of ICANN “policy development and decision-making [is] to ensure that the bottom-up, multistakeholder policy development process is used to ascertain the global public interest and that those processes are accountable and transparent”. My point was that as policy-makers, we are all obliged to apply that principle, especially since this working group is making decisions that will affect millions (if not billions) of people. It is a reminder for us to keep the big picture in mind, and that we’re here to ascertain what’s good for the Internet and discern what options exist within the law to serve that greater purpose. The SSAC has previously encouraged the ePDP to consider the impacts on how registrants and users interact for contactability, problem-solving, the avoidance of fraud, etc. In any case, the CCT Reviews you reference in Bylaws Section 4.6(d) are not the place to shunt all items that involve public impacts. According to the Bylaws, the CCT Reviews exist to examine only a limited set of things – basically CCT issues coming out of the new gTLD program. Instead, any PDP can consider impacts on registrants and users as those issues come up within a WG’s charter. AFAIK our charter does not prohibit such. Your points below about alternate means are a contribution to the substantive debate, and thanks for them. But again, we can only have that debate if we all remember our main decision-making principles, and if issues are on the table in the first place, rather than kept off the table for some reason. All best, --Greg From: Gnso-epdp-team < <mailto:gnso-epdp-team-bounces@icann.org> gnso-epdp-team-bounces@icann.org> On Behalf Of James M. Bladel Sent: Friday, August 9, 2019 11:47 AM To: <mailto:gnso-epdp-team@icann.org> gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] On the subject of ICANN's Bylaws... Good morning, Colleagues- During yesterday’s call, a few folks mentioned that ICANN’s Bylaws contain commitments to uphold “Competition” and “Consumer Choice/Consumer Trust”. These references to the Bylaws were offered in support of the proposed Use Case that RDS data should be a primary resource for consumers who are seeking to verify the operator of a website, or check the reputation of business, or to dispute a commercial transaction. For clarity, it’s worth noting that the predominant context for “competition” in ICANN’s Bylaws is specific to the domain name industry, esp. Registries and Registrars. And this makes sense, given that the industry prior to ICANN had no concept of “competition” or “consumer choice”; all domain transactions were handled by a single provider. Additionally, mentions of “consumer protection”, “consumer choice”, and “consumer trust” within the Bylaws are contained within Section 4.6(d), which outlines the “Periodic Reviews”, and are an element of the 2012 New gTLD program. These sections were ported to the Bylaws from the Affirmation of Commitments, and were drafted when many feared that new gTLDs would confuse consumers and undermine trust/confidence in the DNS. Taken together, it’s not correct to conclude that WHOIS/RDS data is intended to replace or preempt more widely recognized alternative tools for online consumers, like: * SSL certificates, verified by Certificate Authorities (CA) and supported by all modern browsers * Trust certificates (issued by organizations like the Better Business Bureau, Trustwave, McAffee, SiteLock, and card processors like Visa/Mastercard) * Reputation/review services like Google ratings, Yelp, and Facebook or Amazon reviews, and * The “About Us” or “Contact Us” or “Customer Support” links on merchant websites, which are omnipresent for legitimate businesses and required by law in many areas. But if this is still a point of divergence among the EPDP members, then perhaps we could consult ICANN Legal about the extent of their “Competition” and “Consumer Trust” mandate, and whether they believe ICANN is on the hook for the integrity & consumer satisfaction for all commercial activity taking place anywhere on the Internet. J. ------------- James Bladel GoDaddy