FW: [Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team
Thanks, Benedict. Given the proximity to ICANN63, we took the liberty of sending this language to the full team so that we can discuss in Barcelona. Thanks again for taking the lead on this! Best regards, Marika, Berry and Caitlin From: Benedict Addis <bee@theale.co.uk> Date: Tuesday, October 16, 2018 at 6:21 AM To: Kurt Pritz <kurt@kjpritz.com> Cc: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, Thomas Rickert <epdp@gdpr.ninja>, Lindsay Hamilton-Reid <lindsay.hamilton-reid@fasthosts.com>, Caitlin Tubergen <caitlin.tubergen@icann.org>, "gnso-epdp-lead@icann.org" <gnso-epdp-lead@icann.org> Subject: [Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team Dear all, On Kurt’s suggestion, I propose the following Purpose B that relies directly on the language in Recitals 47, 49 and 50. [ICANN requires that registration data is processed for the purpose of...] maintaining the security, stability and resiliency of the Domain Name System. This will involve the disclosure of existing registration data to legitimate third parties, for the following reasons only: 1) fraud prevention; 2) network and information security; and 3) indicating possible criminal acts, or threats to public security. I think that for ICANN, disclosure will happen under 6(1)f. Third parties will require a lawful basis of their own for their processing, governed by a common set of standards that we’ll discuss when we come to the access discussion. Thoughts? B
Dear All Thanks for suggestion For me the text is clear, precise and concise . We should try to retain it as much as possible and not to expand since any additional text could have over engineering the purpose Kavouss Sent from my iPhone
On 17 Oct 2018, at 06:28, Caitlin Tubergen <caitlin.tubergen@icann.org> wrote:
Thanks, Benedict.
Given the proximity to ICANN63, we took the liberty of sending this language to the full team so that we can discuss in Barcelona.
Thanks again for taking the lead on this!
Best regards,
Marika, Berry and Caitlin
From: Benedict Addis <bee@theale.co.uk> Date: Tuesday, October 16, 2018 at 6:21 AM To: Kurt Pritz <kurt@kjpritz.com> Cc: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, Thomas Rickert <epdp@gdpr.ninja>, Lindsay Hamilton-Reid <lindsay.hamilton-reid@fasthosts.com>, Caitlin Tubergen <caitlin.tubergen@icann.org>, "gnso-epdp-lead@icann.org" <gnso-epdp-lead@icann.org> Subject: [Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team
Dear all,
On Kurt’s suggestion, I propose the following Purpose B that relies directly on the language in Recitals 47, 49 and 50.
[ICANN requires that registration data is processed for the purpose of...]
maintaining the security, stability and resiliency of the Domain Name System. This will involve the disclosure of existing registration data to legitimate third parties, for the following reasons only: 1) fraud prevention; 2) network and information security; and 3) indicating possible criminal acts, or threats to public security.
I think that for ICANN, disclosure will happen under 6(1)f. Third parties will require a lawful basis of their own for their processing, governed by a common set of standards that we’ll discuss when we come to the access discussion.
Thoughts? B
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
This purpose description seems to be a significant case of mission creep by including non-technical uses under the commitment of section 1.2(a)(i), which should remain focussed on the technical role of ICANN of maintaining a secure, stable and resiliant DNS. Adding in fraud or crime prevention expends the scope beyond that contemplated in the bylaws and should be rejected. The best definition of this purpose is included in the bylaws under the scope of the Security, Stability, and Resiliency Review as well as the Annexes G1 and G2, none of which provide for such a broad interpretation of this purpose. This purpose is a technical function with some elements regulating the behaviour of those parties that a delegated elements of this technical functions, e.g. the contracted parties, with regard to this technical function. Best, Volker Am 16.10.2018 um 23:28 schrieb Caitlin Tubergen:
Thanks, Benedict.
Given the proximity to ICANN63, we took the liberty of sending this language to the full team so that we can discuss in Barcelona.
Thanks again for taking the lead on this!
Best regards,
Marika, Berry and Caitlin
*From: *Benedict Addis <bee@theale.co.uk> *Date: *Tuesday, October 16, 2018 at 6:21 AM *To: *Kurt Pritz <kurt@kjpritz.com> *Cc: *Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, Thomas Rickert <epdp@gdpr.ninja>, Lindsay Hamilton-Reid <lindsay.hamilton-reid@fasthosts.com>, Caitlin Tubergen <caitlin.tubergen@icann.org>, "gnso-epdp-lead@icann.org" <gnso-epdp-lead@icann.org> *Subject: *[Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team
Dear all,
On Kurt’s suggestion, I propose the following Purpose B that relies directly on the language in Recitals 47, 49 and 50.
[ICANN requires that registration data is processed for the purpose of...]
maintaining the security, stability and resiliency of the Domain Name System. This will involve the disclosure of existing registration data to legitimate third parties, for the following reasons only: 1) fraud prevention; 2) network and information security; and 3) indicating possible criminal acts, or threats to public security.
I think that for ICANN, disclosure will happen under 6(1)f. Third parties will require a lawful basis of their own for their processing, governed by a common set of standards that we’ll discuss when we come to the access discussion.
Thoughts?
B
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-- Volker A. Greimann General Counsel and Policy Manager KEY-SYSTEMS GMBH T: +49 6894 9396901 F: +49 6894 9396851 W: www.key-systems.net Key-systems is a company registered in Germany with Registration No.: HR B 18835 - Saarbruecken: CEO: Alexander Siffrin Registered Offices: Im Oberen Werk 1, DE-66386 St. Ingbert, Germany Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.
Hi Benedict, Volker and all, Thanks for the suggested language, Benedict. I think this really needs to be discussed with the entire team. Given ICANN’s limited mandate, the purpose needs to be tied to the scope of the bylaws. Notwithstanding that, contracted parties could claim to pursue such purpose and base their own processing on that, so I think we need to discuss this and have a clear demarcation between what ICANN’s role is and what interests the contracted parties might pursue. Best Thomas
Am 17.10.2018 um 10:29 schrieb Volker Greimann <vgreimann@key-systems.net>:
This purpose description seems to be a significant case of mission creep by including non-technical uses under the commitment of section 1.2(a)(i), which should remain focussed on the technical role of ICANN of maintaining a secure, stable and resiliant DNS.
Adding in fraud or crime prevention expends the scope beyond that contemplated in the bylaws and should be rejected.
The best definition of this purpose is included in the bylaws under the scope of the Security, Stability, and Resiliency Review as well as the Annexes G1 and G2, none of which provide for such a broad interpretation of this purpose.
This purpose is a technical function with some elements regulating the behaviour of those parties that a delegated elements of this technical functions, e.g. the contracted parties, with regard to this technical function.
Best,
Volker
Am 16.10.2018 um 23:28 schrieb Caitlin Tubergen:
Thanks, Benedict.
Given the proximity to ICANN63, we took the liberty of sending this language to the full team so that we can discuss in Barcelona.
Thanks again for taking the lead on this!
Best regards,
Marika, Berry and Caitlin
From: Benedict Addis <bee@theale.co.uk> <mailto:bee@theale.co.uk> Date: Tuesday, October 16, 2018 at 6:21 AM To: Kurt Pritz <kurt@kjpritz.com> <mailto:kurt@kjpritz.com> Cc: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> <mailto:stephanie.perrin@mail.utoronto.ca>, Thomas Rickert <epdp@gdpr.ninja> <mailto:epdp@gdpr.ninja>, Lindsay Hamilton-Reid <lindsay.hamilton-reid@fasthosts.com> <mailto:lindsay.hamilton-reid@fasthosts.com>, Caitlin Tubergen <caitlin.tubergen@icann.org> <mailto:caitlin.tubergen@icann.org>, "gnso-epdp-lead@icann.org" <mailto:gnso-epdp-lead@icann.org> <gnso-epdp-lead@icann.org> <mailto:gnso-epdp-lead@icann.org> Subject: [Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team
Dear all,
On Kurt’s suggestion, I propose the following Purpose B that relies directly on the language in Recitals 47, 49 and 50.
[ICANN requires that registration data is processed for the purpose of...]
maintaining the security, stability and resiliency of the Domain Name System. This will involve the disclosure of existing registration data to legitimate third parties, for the following reasons only: 1) fraud prevention; 2) network and information security; and 3) indicating possible criminal acts, or threats to public security.
I think that for ICANN, disclosure will happen under 6(1)f. Third parties will require a lawful basis of their own for their processing, governed by a common set of standards that we’ll discuss when we come to the access discussion.
Thoughts? B
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org <mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://mm.icann.org/mailman/listinfo/gnso-epdp-team> -- Volker A. Greimann General Counsel and Policy Manager KEY-SYSTEMS GMBH
T: +49 6894 9396901 F: +49 6894 9396851 W: www.key-systems.net <http://www.key-systems.net/>
Key-systems is a company registered in Germany with Registration No.: HR B 18835 - Saarbruecken: CEO: Alexander Siffrin Registered Offices: Im Oberen Werk 1, DE-66386 St. Ingbert, Germany
Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R 6AR. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org <mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://mm.icann.org/mailman/listinfo/gnso-epdp-team>
Thanks Benedict. I agree that this needs to be further discussed with the entire team. Until then here are my thoughts on the new language. First, as I mentioned in LA, many believe SSR issues do not cover issues related to IP so its not at all clear to me if the issues important to the IPC are covered. As for the use of the phrase "indicating possible criminal acts" it is to narrow (or specific) of a reason to cover the work that IP investigators do. Remember that the IP owner is responsible for "policing" their own content (and rights) and investigations start before "criminal acts" are claimed or determined. Also, I believe it is important that we be as specific as possible when describing "who" (with a legitimate interest) may get access to this data. The GDPR requires this and its been my experience that if we are not specific the question of "who" gets access to this data will be left up to interpretation - which in the end will result in an unevenly applied policy. Cleary we would like to avoid this. I also assume these purposes will be "re-purposed" into language that will be provided to the registrant during registration (or renewal) thus specificity is required. I am having a deja vu however - in LA there was discussion about creating a separate ICANN purpose for SSR issues. FWIW I wouldn't object to that. Finally, If you (we) remember from the LA meeting we agreed that Registries and Registrars would draft a Workbook for Purpose B for themselves and then we would discuss Purpose B from an ICANN point of view. Attached is a Workbook for ICANN Purpose B that several of us (another "small team" made up of IPC, BC and others) have been working on this week for consideration by the full team. (Apologies but It currently uses the old template.) I look forward to discussing this in Barcelona with all of you. Safe travels to all. Alex On Tue, Oct 16, 2018 at 2:28 PM Caitlin Tubergen <caitlin.tubergen@icann.org> wrote:
Thanks, Benedict.
Given the proximity to ICANN63, we took the liberty of sending this language to the full team so that we can discuss in Barcelona.
Thanks again for taking the lead on this!
Best regards,
Marika, Berry and Caitlin
*From: *Benedict Addis <bee@theale.co.uk> *Date: *Tuesday, October 16, 2018 at 6:21 AM *To: *Kurt Pritz <kurt@kjpritz.com> *Cc: *Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, Thomas Rickert <epdp@gdpr.ninja>, Lindsay Hamilton-Reid < lindsay.hamilton-reid@fasthosts.com>, Caitlin Tubergen < caitlin.tubergen@icann.org>, "gnso-epdp-lead@icann.org" < gnso-epdp-lead@icann.org> *Subject: *[Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team
Dear all,
On Kurt’s suggestion, I propose the following Purpose B that relies directly on the language in Recitals 47, 49 and 50.
[ICANN requires that registration data is processed for the purpose of...]
maintaining the security, stability and resiliency of the Domain Name System. This will involve the disclosure of existing registration data to legitimate third parties, for the following reasons only: 1) fraud prevention; 2) network and information security; and 3) indicating possible criminal acts, or threats to public security.
I think that for ICANN, disclosure will happen under 6(1)f. Third parties will require a lawful basis of their own for their processing, governed by a common set of standards that we’ll discuss when we come to the access discussion.
Thoughts?
B
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
participants (5)
-
Alex Deacon -
Arasteh -
Caitlin Tubergen -
Thomas Rickert -
Volker Greimann