Re: [Gnso-epdp-team] [Ext] Purpose O (Research) - informal small group
* Team copied * Dear Thomas, Thank you for speaking with me yesterday about the Research purpose. In answer to your second question, I have clarified in the document that the registry will pseudonymise registration data before it is transmitted to ICANN. Regarding your first question, I have spoken to both current and former members of the OCTO team. They have provided the following additional input: "Octo used registration data as part of LE [Law Enforcement] training. Like other opsec [operational security] practitioners we used reg[istration] data when collaborating with public/private sector investigators. We also used it when we were invited to work with Compliance on a particular complaint." and "[we] used full whois when we initiated our own investigations but that activity was self-directed not explicitly part of SSR role and remit. I also used whois to report phishing and brand infringements against ICANN. Lastly I used whois as part of research into bulk registrations and other consensus policy or registrar practices that had undesirable or unintended consequences." I should note that prior to 25th May, OCTO used public whois data. Since then, this work is on hold. Lastly, I’m sorry that this document is reaching you at the 11th hour. I have been waiting for guidance from ICANN before sending it, which was requested over a month ago. Best, Benedict.
On 5 Nov 2018, at 21:36, Thomas Rickert <thomas@rickert.net> wrote:
Thanks, Benedict!
Let me reiterate my input, which I think needs to make its way into the document or in a covering note. To be clear, I am not questioning that we need to look into ways to enable ICANN to do research, but I am still unclear as to what their requirements are do to research.
* More input from those conducting the research is required, especially on the questions: What data is actually required for research purposes? Would it not be sufficient to have pseundonymized data? *
Best, Thomas
Am 05.11.2018 um 22:29 schrieb Berry Cobb <mail@berrycobb.com <mailto:mail@berrycobb.com>>:
Hi Benedict, <>
Thank you for the update. I think it will be important to get this to the list for the full group’s consideration. Afterwards, I’ll make a few cosmetic updates and post on the wiki.
Thank you.
B
Berry Cobb GNSO Policy Consultant @berrycobb
From: Benedict Addis [mailto:bee@theale.co.uk <mailto:bee@theale.co.uk>] Sent: Monday, November 5, 2018 15:38 To: Berry Cobb Cc: farzaneh badii; Marika Konings; Thomas Rickert; Anderson, Marc; Emily Taylor; matt@brandsight.com <mailto:matt@brandsight.com>; Amr Elsadr; Kurt Pritz; Caitlin Tubergen Subject: Re: [Ext] Purpose O (Research) - informal small group
Dear Berry,
Thanks for your message, and thank you everyone for your time.
I’ve updated the workbook to incorporate the feedback from Farzaneh and Thomas.
Essentially, I have clarified that the registry will pseudoymise registration data before it is transmitted to ICANN.
Best, Benedict.
Somewhat related to OCTO's use, as a result of the first WHOIS Review ICANN instituted an Accuracy Reporting System to track WHOIS accuracy. The program has been on hold since May and we need to consider what can be done to re-institute it. With the general lack of WHOIS visibility, this program is even more important. I mentioned this in LA, but it seems to have dropped between the cracks. Alan At 15/11/2018 09:54 PM, Benedict Addis wrote: * Team copied * Dear Thomas, Thank you for speaking with me yesterday about the Research purpose. In answer to your second question, I have clarified in the document that the registry will pseudonymise registration data before it is transmitted to ICANN. Regarding your first question, I have spoken to both current and former members of the OCTO team. They have provided the following additional input: "Octo used registration data as part of LE [Law Enforcement] training. Like other opsec [operational security] practitioners we used reg[istration] data when collaborating with public/private sector investigators. We also used it when we were invited to work with Compliance on a particular complaint." and "[we] used full whois when we initiated our own investigations but that activity was self-directed not explicitly part of SSR role and remit. I also used whois to report phishing and brand infringements against ICANN. Lastly I used whois as part of research into bulk registrations and other consensus policy or registrar practices that had undesirable or unintended consequences." I should note that prior to 25th May, OCTO used public whois data. Since then, this work is on hold. Lastly, I’m sorry that this document is reaching you at the 11th hour. I have been waiting for guidance from ICANN before sending it, which was requested over a month ago. Best, Benedict. On 5 Nov 2018, at 21:36, Thomas Rickert <thomas@rickert.net<mailto:thomas@rickert.net>> wrote: Thanks, Benedict! Let me reiterate my input, which I think needs to make its way into the document or in a covering note. To be clear, I am not questioning that we need to look into ways to enable ICANN to do research, but I am still unclear as to what their requirements are do to research. * More input from those conducting the research is required, especially on the questions: What data is actually required for research purposes? Would it not be sufficient to have pseundonymized data? * Best, Thomas Am 05.11.2018 um 22:29 schrieb Berry Cobb <mail@berrycobb.com<mailto:mail@berrycobb.com>>: Hi Benedict, Thank you for the update. I think it will be important to get this to the list for the full group’s consideration. Afterwards, I’ll make a few cosmetic updates and post on the wiki. Thank you. B Berry Cobb GNSO Policy Consultant @berrycobb From: Benedict Addis [mailto:bee@theale.co.uk] Sent: Monday, November 5, 2018 15:38 To: Berry Cobb Cc: farzaneh badii; Marika Konings; Thomas Rickert; Anderson, Marc; Emily Taylor; matt@brandsight.com<mailto:matt@brandsight.com>; Amr Elsadr; Kurt Pritz; Caitlin Tubergen Subject: Re: [Ext] Purpose O (Research) - informal small group Dear Berry, Thanks for your message, and thank you everyone for your time. I’ve updated the workbook to incorporate the feedback from Farzaneh and Thomas. Essentially, I have clarified that the registry will pseudoymise registration data before it is transmitted to ICANN. Best, Benedict. Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="Purpose O - Data_Elements_Processing_Workbook - 5 November" 2018_clean.docx" Content-Description: Purpose O - Data_Elements_Processing_Workbook - 5 November 2018_clean.docx Content-Disposition: attachment; filename="Purpose O - Data_Elements_Processing_Workbook - 5 November" 2018_clean.docx"; size=46244; creation-date="Fri, 16 Nov 2018 02:54:40 GMT"; modification-date="Fri, 16 Nov 2018 02:54:40 GMT" Content-ID: <40D88555A48696478B1752C828D12DFF@CANPRD01.PROD.OUTLOOK.COM>
Hi – I think this is a very important issue that should be called out in the Initial Report. The Purpose O discussion should be written to note the concern regarding ICANN ‘s ability to continue publishing for the reports from the Accuracy Reporting System in the manner that was possible before May 25th, and to note OCTO’s use of the data before May 25th, and to ask the question of whether the purposes listed in the report enable or should enable this continued use by OCTO and by ICANN. Margie From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Alan Greenberg <alan.greenberg@mcgill.ca> Date: Thursday, November 15, 2018 at 8:03 PM To: Benedict Addis <bee@theale.co.uk>, Thomas Rickert <thomas@rickert.net> Cc: GNSO EPDP <gnso-epdp-team@icann.org>, Emily Taylor <emily@emilytaylor.eu> Subject: Re: [Gnso-epdp-team] [Ext] Purpose O (Research) - informal small group Somewhat related to OCTO's use, as a result of the first WHOIS Review ICANN instituted an Accuracy Reporting System to track WHOIS accuracy. The program has been on hold since May and we need to consider what can be done to re-institute it. With the general lack of WHOIS visibility, this program is even more important. I mentioned this in LA, but it seems to have dropped between the cracks. Alan At 15/11/2018 09:54 PM, Benedict Addis wrote: * Team copied * Dear Thomas, Thank you for speaking with me yesterday about the Research purpose. In answer to your second question, I have clarified in the document that the registry will pseudonymise registration data before it is transmitted to ICANN. Regarding your first question, I have spoken to both current and former members of the OCTO team. They have provided the following additional input: "Octo used registration data as part of LE [Law Enforcement] training. Like other opsec [operational security] practitioners we used reg[istration] data when collaborating with public/private sector investigators. We also used it when we were invited to work with Compliance on a particular complaint." and "[we] used full whois when we initiated our own investigations but that activity was self-directed not explicitly part of SSR role and remit. I also used whois to report phishing and brand infringements against ICANN. Lastly I used whois as part of research into bulk registrations and other consensus policy or registrar practices that had undesirable or unintended consequences." I should note that prior to 25th May, OCTO used public whois data. Since then, this work is on hold. Lastly, I’m sorry that this document is reaching you at the 11th hour. I have been waiting for guidance from ICANN before sending it, which was requested over a month ago. Best, Benedict. On 5 Nov 2018, at 21:36, Thomas Rickert <thomas@rickert.net<mailto:thomas@rickert.net>> wrote: Thanks, Benedict! Let me reiterate my input, which I think needs to make its way into the document or in a covering note. To be clear, I am not questioning that we need to look into ways to enable ICANN to do research, but I am still unclear as to what their requirements are do to research. * More input from those conducting the research is required, especially on the questions: What data is actually required for research purposes? Would it not be sufficient to have pseundonymized data? * Best, Thomas Am 05.11.2018 um 22:29 schrieb Berry Cobb <mail@berrycobb.com<mailto:mail@berrycobb.com>>: Hi Benedict, Thank you for the update. I think it will be important to get this to the list for the full group’s consideration. Afterwards, I’ll make a few cosmetic updates and post on the wiki. Thank you. B Berry Cobb GNSO Policy Consultant @berrycobb From: Benedict Addis [mailto:bee@theale.co.uk] Sent: Monday, November 5, 2018 15:38 To: Berry Cobb Cc: farzaneh badii; Marika Konings; Thomas Rickert; Anderson, Marc; Emily Taylor; matt@brandsight.com<mailto:matt@brandsight.com>; Amr Elsadr; Kurt Pritz; Caitlin Tubergen Subject: Re: [Ext] Purpose O (Research) - informal small group Dear Berry, Thanks for your message, and thank you everyone for your time. I’ve updated the workbook to incorporate the feedback from Farzaneh and Thomas. Essentially, I have clarified that the registry will pseudoymise registration data before it is transmitted to ICANN. Best, Benedict. Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="Purpose O - Data_Elements_Processing_Workbook - 5 November" 2018_clean.docx" Content-Description: Purpose O - Data_Elements_Processing_Workbook - 5 November 2018_clean.docx Content-Disposition: attachment; filename="Purpose O - Data_Elements_Processing_Workbook - 5 November" 2018_clean.docx"; size=46244; creation-date="Fri, 16 Nov 2018 02:54:40 GMT"; modification-date="Fri, 16 Nov 2018 02:54:40 GMT" Content-ID: <40D88555A48696478B1752C828D12DFF@CANPRD01.PROD.OUTLOOK.COM>
participants (3)
-
Alan Greenberg -
Benedict Addis -
Margie Milam