Dear EPDP Team, In relation to agenda item #4, please find hereby the proposed categorization developed by the small team of volunteers (Milton, Margie, Brian and Chris) for your consideration: Group 1: Criminal Law enforcement/national or public security LEA 1, LEA 2, IP 1, IP 2 Group 2: Non-LE investigations and civil claims BC1/2, BC 3, BC 5, SSAC 3, ALAC 2, IP 3, IP 4 Group 3: Need for redacted data for a third party to contact registrant BC 7, SSAC 1 Group 4: Consumer protection, abuse prevention, digital service provider (DSP) and network security SSAC 2, BC 9, ALAC 1 Group 5: Registered Name Holder consent or contract BC 4, BC 6, BC 8, IP 5 Do note that some of the use cases, such as BC8, may need to be further modified to better fit their category. Hereunder you find the use cases legend. Best regards, Caitlin, Berry and Marika LEGEND LEA 1 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller. LEA 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a local data controller. SSAC 1 When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.) SSAC 2 Determine “Reputation” of domain name and/or elements associated with domain name registrations. SSAC 3 Investigation of criminal activity where domain names are used. Typical specific example: phishing attack. IP 1 Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement IP 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 3 Investigation of criminal activity in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 4 Copyright owners requesting data in the establishment, exercise or defense of legal claims for copyright infringement IP 5 Providers requesting access required to facilitate due process in the UDRP and URS BC1/2 Initial investigation of criminal activity against a victim and/or secondary victim where domain names are used in the commission of the crime BC 3 Identify owner of abusive domains and other related domains involved in civil legal claims related to phishing, malware, botnets, and other fraudulent activities BC 4 Maintaining the domain name registration by the Registered Name Holder BC 5 The establishment, exercise or defense of a legal claim involving a registrant of a domain name BC 6 M&A name portfolio due diligence or purchase of domain name from bankrupt entity or other seller BC 7 Contacting the Registrant to resolve a Technical or Operational Issue with a Domain Name BC 8 Help a certification authority determine and validate the identity of the entity associated with a domain name that will be bound to an SSL/TLS certificate BC 9 Search Engines, Messaging Services & Social Media Platforms seeking to confirm the authenticity of businesses advertising or Posting News on its Platform ALAC 1 Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves ALAC 2 Consumer protection organizations From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Marika Konings <marika.konings@icann.org> Date: Monday, July 22, 2019 at 10:02 To: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] Proposed agenda EPDP Team Meeting #10 Thursday 25 July at 14.00 UTC Dear EPDP Team, Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 25 July at 14.00 UTC. As a reminder: Action Due Date EPDP Team to finish reviewing the LEA use case offline, beginning at subcategory g and identify questions to the list in writing (if any) by Tuesday, 23 July. Tuesday, 23 July 2019 Alan Greenberg to draft proposed legal question regarding the trustworthiness of the requestor and send to Leon and EPDP Leadership. Thursday, 25 July 2019 Chris Lewis-Evans, with the help of GAC colleagues (as applicable) to consider any questions identified and propose corresponding edits/clarifications to the use case. Thursday, 25 July 2019 Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions. 25 July 2019 Best regards, Caitlin, Berry and Marika =========== EPDP Phase 2 - Meeting #10 Proposed Agenda Thursday, 25 July 2019 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (10 minutes) * Update from Legal Committee * Early input review status (deadline 25 July) 4. Use Cases Categorization (10 minutes) * Review proposed categorization put forward by small team * Confirm proposed categorization * Confirm new ranking survey & deadline to determine most representative use case in each category 5. Use case – first reading: Investigation of criminal activity where domain names are used. Typical specific example: phishing attack<https://community.icann.org/download/attachments/111386876/SSAC%20Crime-Abus...> (60 minutes) * Introduction of use case (SSAC) * Input from EPDP Team – questions, concerns, proposed modifications * Confirm next steps 6. Use case – final reading: Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller<https://community.icann.org/download/attachments/111386876/Use%20Case%20-%20...> (30 minutes) * Provide overview of changes made in response to comments / questions * Consider any further concerns / issues expressed on the mailing list prior to the meeting * Preliminary agreement on use case * Confirm next steps, if any 7. Any other business (5 minutes) * Priority 2 small team meetings update a) Accuracy and WHOIS ARS (see https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5V...) b) Input received on other priority 2 items from RrSG (see https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html) c) Leadership to recommend next steps via mailing list * Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-d...). EPDP Team to provide input on the mailing list. Confirm deadline for input. 8. Wrap and confirm next EPDP Team meeting on Thursday 1 August 2019 at 14.00 UTC (5 minutes) * Confirm action items * Confirm questions for ICANN Org, if any Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>.
Thanks, Marika. I think we will find a lot of commonalities between Group 2 and Group 4. For example Group 4’s “network security” and “abuse prevention” are flavors of what’s in Group 2. A usual task involved in security is performing investigation. One approach would be to re-order them: do Group 2, then Group 4, then Group 3. All best, --Greg From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Tuesday, July 23, 2019 11:55 AM To: gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] Agenda item #4 Dear EPDP Team, In relation to agenda item #4, please find hereby the proposed categorization developed by the small team of volunteers (Milton, Margie, Brian and Chris) for your consideration: Group 1: Criminal Law enforcement/national or public security LEA 1, LEA 2, IP 1, IP 2 Group 2: Non-LE investigations and civil claims BC1/2, BC 3, BC 5, SSAC 3, ALAC 2, IP 3, IP 4 Group 3: Need for redacted data for a third party to contact registrant BC 7, SSAC 1 Group 4: Consumer protection, abuse prevention, digital service provider (DSP) and network security SSAC 2, BC 9, ALAC 1 Group 5: Registered Name Holder consent or contract BC 4, BC 6, BC 8, IP 5 Do note that some of the use cases, such as BC8, may need to be further modified to better fit their category. Hereunder you find the use cases legend. Best regards, Caitlin, Berry and Marika LEGEND LEA 1 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller. LEA 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a local data controller. SSAC 1 When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.) SSAC 2 Determine “Reputation” of domain name and/or elements associated with domain name registrations. SSAC 3 Investigation of criminal activity where domain names are used. Typical specific example: phishing attack. IP 1 Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement IP 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 3 Investigation of criminal activity in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 4 Copyright owners requesting data in the establishment, exercise or defense of legal claims for copyright infringement IP 5 Providers requesting access required to facilitate due process in the UDRP and URS BC1/2 Initial investigation of criminal activity against a victim and/or secondary victim where domain names are used in the commission of the crime BC 3 Identify owner of abusive domains and other related domains involved in civil legal claims related to phishing, malware, botnets, and other fraudulent activities BC 4 Maintaining the domain name registration by the Registered Name Holder BC 5 The establishment, exercise or defense of a legal claim involving a registrant of a domain name BC 6 M&A name portfolio due diligence or purchase of domain name from bankrupt entity or other seller BC 7 Contacting the Registrant to resolve a Technical or Operational Issue with a Domain Name BC 8 Help a certification authority determine and validate the identity of the entity associated with a domain name that will be bound to an SSL/TLS certificate BC 9 Search Engines, Messaging Services & Social Media Platforms seeking to confirm the authenticity of businesses advertising or Posting News on its Platform ALAC 1 Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves ALAC 2 Consumer protection organizations From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org <mailto:gnso-epdp-team-bounces@icann.org> > on behalf of Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org> > Date: Monday, July 22, 2019 at 10:02 To: "gnso-epdp-team@icann.org <mailto:gnso-epdp-team@icann.org> " <gnso-epdp-team@icann.org <mailto:gnso-epdp-team@icann.org> > Subject: [Gnso-epdp-team] Proposed agenda EPDP Team Meeting #10 Thursday 25 July at 14.00 UTC Dear EPDP Team, Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 25 July at 14.00 UTC. As a reminder: Action Due Date EPDP Team to finish reviewing the LEA use case offline, beginning at subcategory g and identify questions to the list in writing (if any) by Tuesday, 23 July. Tuesday, 23 July 2019 Alan Greenberg to draft proposed legal question regarding the trustworthiness of the requestor and send to Leon and EPDP Leadership. Thursday, 25 July 2019 Chris Lewis-Evans, with the help of GAC colleagues (as applicable) to consider any questions identified and propose corresponding edits/clarifications to the use case. Thursday, 25 July 2019 Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions. 25 July 2019 Best regards, Caitlin, Berry and Marika =========== EPDP Phase 2 - Meeting #10 Proposed Agenda Thursday, 25 July 2019 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (10 minutes) * Update from Legal Committee * Early input review status (deadline 25 July) 4. Use Cases Categorization (10 minutes) * Review proposed categorization put forward by small team * Confirm proposed categorization * Confirm new ranking survey & deadline to determine most representative use case in each category 5. Use case – first reading: <https://community.icann.org/download/attachments/111386876/SSAC%20Crime-Abus...> Investigation of criminal activity where domain names are used. Typical specific example: phishing attack (60 minutes) * Introduction of use case (SSAC) * Input from EPDP Team – questions, concerns, proposed modifications * Confirm next steps 6. Use case – final reading: <https://community.icann.org/download/attachments/111386876/Use%20Case%20-%20...> Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller (30 minutes) * Provide overview of changes made in response to comments / questions * Consider any further concerns / issues expressed on the mailing list prior to the meeting * Preliminary agreement on use case * Confirm next steps, if any 7. Any other business (5 minutes) * Priority 2 small team meetings update a) Accuracy and WHOIS ARS (see <https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5V...> https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5V...) b) Input received on other priority 2 items from RrSG (see <https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html> https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html) c) Leadership to recommend next steps via mailing list * Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see <https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-d...> https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-d...). EPDP Team to provide input on the mailing list. Confirm deadline for input. 8. Wrap and confirm next EPDP Team meeting on Thursday 1 August 2019 at 14.00 UTC (5 minutes) * Confirm action items * Confirm questions for ICANN Org, if any Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org <mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...> .
Agree with Greg on this. My original grouping combined most of the what is now Group 2 and 4, except I had a separate category for BC 8 and 9 But the small team could agree on this categorization as a starting point, so we will see how it goes. --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Greg Aaron Sent: Tuesday, July 23, 2019 12:21 PM To: 'Marika Konings' <marika.konings@icann.org>; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Agenda item #4 Thanks, Marika. I think we will find a lot of commonalities between Group 2 and Group 4. For example Group 4’s “network security” and “abuse prevention” are flavors of what’s in Group 2. A usual task involved in security is performing investigation. One approach would be to re-order them: do Group 2, then Group 4, then Group 3. All best, --Greg From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of Marika Konings Sent: Tuesday, July 23, 2019 11:55 AM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] Agenda item #4 Dear EPDP Team, In relation to agenda item #4, please find hereby the proposed categorization developed by the small team of volunteers (Milton, Margie, Brian and Chris) for your consideration: Group 1: Criminal Law enforcement/national or public security LEA 1, LEA 2, IP 1, IP 2 Group 2: Non-LE investigations and civil claims BC1/2, BC 3, BC 5, SSAC 3, ALAC 2, IP 3, IP 4 Group 3: Need for redacted data for a third party to contact registrant BC 7, SSAC 1 Group 4: Consumer protection, abuse prevention, digital service provider (DSP) and network security SSAC 2, BC 9, ALAC 1 Group 5: Registered Name Holder consent or contract BC 4, BC 6, BC 8, IP 5 Do note that some of the use cases, such as BC8, may need to be further modified to better fit their category. Hereunder you find the use cases legend. Best regards, Caitlin, Berry and Marika LEGEND LEA 1 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller. LEA 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a local data controller. SSAC 1 When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.) SSAC 2 Determine “Reputation” of domain name and/or elements associated with domain name registrations. SSAC 3 Investigation of criminal activity where domain names are used. Typical specific example: phishing attack. IP 1 Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement IP 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 3 Investigation of criminal activity in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 4 Copyright owners requesting data in the establishment, exercise or defense of legal claims for copyright infringement IP 5 Providers requesting access required to facilitate due process in the UDRP and URS BC1/2 Initial investigation of criminal activity against a victim and/or secondary victim where domain names are used in the commission of the crime BC 3 Identify owner of abusive domains and other related domains involved in civil legal claims related to phishing, malware, botnets, and other fraudulent activities BC 4 Maintaining the domain name registration by the Registered Name Holder BC 5 The establishment, exercise or defense of a legal claim involving a registrant of a domain name BC 6 M&A name portfolio due diligence or purchase of domain name from bankrupt entity or other seller BC 7 Contacting the Registrant to resolve a Technical or Operational Issue with a Domain Name BC 8 Help a certification authority determine and validate the identity of the entity associated with a domain name that will be bound to an SSL/TLS certificate BC 9 Search Engines, Messaging Services & Social Media Platforms seeking to confirm the authenticity of businesses advertising or Posting News on its Platform ALAC 1 Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves ALAC 2 Consumer protection organizations From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Date: Monday, July 22, 2019 at 10:02 To: "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: [Gnso-epdp-team] Proposed agenda EPDP Team Meeting #10 Thursday 25 July at 14.00 UTC Dear EPDP Team, Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 25 July at 14.00 UTC. As a reminder: Action Due Date EPDP Team to finish reviewing the LEA use case offline, beginning at subcategory g and identify questions to the list in writing (if any) by Tuesday, 23 July. Tuesday, 23 July 2019 Alan Greenberg to draft proposed legal question regarding the trustworthiness of the requestor and send to Leon and EPDP Leadership. Thursday, 25 July 2019 Chris Lewis-Evans, with the help of GAC colleagues (as applicable) to consider any questions identified and propose corresponding edits/clarifications to the use case. Thursday, 25 July 2019 Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions. 25 July 2019 Best regards, Caitlin, Berry and Marika =========== EPDP Phase 2 - Meeting #10 Proposed Agenda Thursday, 25 July 2019 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (10 minutes) · Update from Legal Committee · Early input review status (deadline 25 July) 4. Use Cases Categorization (10 minutes) · Review proposed categorization put forward by small team · Confirm proposed categorization · Confirm new ranking survey & deadline to determine most representative use case in each category 5. Use case – first reading: Investigation of criminal activity where domain names are used. Typical specific example: phishing attack<https://community.icann.org/download/attachments/111386876/SSAC%20Crime-Abus...> (60 minutes) · Introduction of use case (SSAC) · Input from EPDP Team – questions, concerns, proposed modifications · Confirm next steps 6. Use case – final reading: Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller<https://community.icann.org/download/attachments/111386876/Use%20Case%20-%20...> (30 minutes) · Provide overview of changes made in response to comments / questions · Consider any further concerns / issues expressed on the mailing list prior to the meeting · Preliminary agreement on use case · Confirm next steps, if any 7. Any other business (5 minutes) · Priority 2 small team meetings update a) Accuracy and WHOIS ARS (see https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5V...) b) Input received on other priority 2 items from RrSG (see https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html) c) Leadership to recommend next steps via mailing list · Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-d...). EPDP Team to provide input on the mailing list. Confirm deadline for input. 8. Wrap and confirm next EPDP Team meeting on Thursday 1 August 2019 at 14.00 UTC (5 minutes) · Confirm action items · Confirm questions for ICANN Org, if any Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>.
Thanks Marika. I think there is a typo in the Grouping (assuming I understand it). If the Legend labeling is correct: Group 1 should include IP 2 and IP 3 Group 2 should include IP 1 and IP 4 Thanks! Alex ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009 On Tue, Jul 23, 2019 at 8:55 AM Marika Konings <marika.konings@icann.org> wrote:
Dear EPDP Team,
In relation to agenda item #4, please find hereby the proposed categorization developed by the small team of volunteers (Milton, Margie, Brian and Chris) for your consideration:
Group 1: Criminal Law enforcement/national or public security
LEA 1, LEA 2, IP 1, IP 2
Group 2: Non-LE investigations and civil claims
BC1/2, BC 3, BC 5, SSAC 3, ALAC 2, IP 3, IP 4
Group 3: Need for redacted data for a third party to contact registrant
BC 7, SSAC 1
Group 4: Consumer protection, abuse prevention, digital service provider (DSP) and network security
SSAC 2, BC 9, ALAC 1
Group 5: Registered Name Holder consent or contract
BC 4, BC 6, BC 8, IP 5
Do note that some of the use cases, such as BC8, may need to be further modified to better fit their category. Hereunder you find the use cases legend.
Best regards,
Caitlin, Berry and Marika
*LEGEND*
LEA 1
Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller.
LEA 2
Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a local data controller.
SSAC 1
When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.)
SSAC 2
Determine “Reputation” of domain name and/or elements associated with domain name registrations.
SSAC 3
Investigation of criminal activity where domain names are used. Typical specific example: phishing attack.
IP 1
Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement
IP 2
Investigation of criminal activity against a victim in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller.
IP 3
Investigation of criminal activity in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller.
IP 4
Copyright owners requesting data in the establishment, exercise or defense of legal claims for copyright infringement
IP 5
Providers requesting access required to facilitate due process in the UDRP and URS
BC1/2
Initial investigation of criminal activity against a victim and/or secondary victim where domain names are used in the commission of the crime
BC 3
Identify owner of abusive domains and other related domains involved in civil legal claims related to phishing, malware, botnets, and other fraudulent activities
BC 4
Maintaining the domain name registration by the Registered Name Holder
BC 5
The establishment, exercise or defense of a legal claim involving a registrant of a domain name
BC 6
M&A name portfolio due diligence or purchase of domain name from bankrupt entity or other seller
BC 7
Contacting the Registrant to resolve a Technical or Operational Issue with a Domain Name
BC 8
Help a certification authority determine and validate the identity of the entity associated with a domain name that will be bound to an SSL/TLS certificate
BC 9
Search Engines, Messaging Services & Social Media Platforms seeking to confirm the authenticity of businesses advertising or Posting News on its Platform
ALAC 1
Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves
ALAC 2
Consumer protection organizations
*From: *Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Marika Konings <marika.konings@icann.org> *Date: *Monday, July 22, 2019 at 10:02 *To: *"gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> *Subject: *[Gnso-epdp-team] Proposed agenda EPDP Team Meeting #10 Thursday 25 July at 14.00 UTC
Dear EPDP Team,
Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 25 July at 14.00 UTC.
As a reminder:
*Action*
*Due Date*
EPDP Team to finish reviewing the LEA use case offline, beginning at subcategory g and identify questions to the list in writing (if any) by *Tuesday, 23 July*.
*Tuesday, 23 July 2019*
Alan Greenberg to draft proposed legal question regarding the trustworthiness of the requestor and send to Leon and EPDP Leadership.
*Thursday, 25 July 2019*
Chris Lewis-Evans, with the help of GAC colleagues (as applicable) to consider any questions identified and propose corresponding edits/clarifications to the use case.
*Thursday, 25 July 2019*
Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions.
*25 July 2019*
Best regards,
Caitlin, Berry and Marika
===========
*EPDP Phase 2 - Meeting #10 *
*Proposed Agenda*
Thursday, 25 July 2019 at 14.00 UTC
1. Roll Call & SOI Updates (5 minutes)
2. Confirmation of agenda (Chair)
3. Welcome and housekeeping issues (Chair) (10 minutes)
- Update from Legal Committee - Early input review status (deadline 25 July)
4. Use Cases Categorization (10 minutes)
- Review proposed categorization put forward by small team - Confirm proposed categorization - Confirm new ranking survey & deadline to determine most representative use case in each category
5. Use case – first reading: Investigation of criminal activity where domain names are used. Typical specific example: phishing attack <https://community.icann.org/download/attachments/111386876/SSAC%20Crime-Abus...> (60 minutes)
- Introduction of use case (SSAC) - Input from EPDP Team – questions, concerns, proposed modifications - Confirm next steps
6. Use case – final reading: Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller <https://community.icann.org/download/attachments/111386876/Use%20Case%20-%20...> (30 minutes)
- Provide overview of changes made in response to comments / questions - Consider any further concerns / issues expressed on the mailing list prior to the meeting - Preliminary agreement on use case - Confirm next steps, if any
7. Any other business (5 minutes)
- Priority 2 small team meetings update
a) Accuracy and WHOIS ARS (see https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5V...)
b) Input received on other priority 2 items from RrSG (see https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html)
c) Leadership to recommend next steps via mailing list
- Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-d...). EPDP Team to provide input on the mailing list. Confirm deadline for input.
8. Wrap and confirm next EPDP Team meeting on Thursday 1 August 2019 at 14.00 UTC (5 minutes)
- Confirm action items - Confirm questions for ICANN Org, if any
*Marika Konings*
*Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) *
*Email: marika.konings@icann.org <marika.konings@icann.org> *
*Follow the GNSO via Twitter @ICANN_GNSO*
*Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>. *
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Alex is right – my mistake on the IP use case numbering. Thanks! Brian J. King Director of Internet Policy and Industry Affairs T +1 443 761 3726 markmonitor.com<http://www.markmonitor.com> MarkMonitor Protecting companies and consumers in a digital world From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Alex Deacon Sent: Tuesday, July 23, 2019 2:28 PM To: Marika Konings <marika.konings@icann.org> Cc: gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Agenda item #4 Thanks Marika. I think there is a typo in the Grouping (assuming I understand it). If the Legend labeling is correct: Group 1 should include IP 2 and IP 3 Group 2 should include IP 1 and IP 4 Thanks! Alex ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com<mailto:alex@colevalleyconsulting.com> +1.415.488.6009 On Tue, Jul 23, 2019 at 8:55 AM Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: Dear EPDP Team, In relation to agenda item #4, please find hereby the proposed categorization developed by the small team of volunteers (Milton, Margie, Brian and Chris) for your consideration: Group 1: Criminal Law enforcement/national or public security LEA 1, LEA 2, IP 1, IP 2 Group 2: Non-LE investigations and civil claims BC1/2, BC 3, BC 5, SSAC 3, ALAC 2, IP 3, IP 4 Group 3: Need for redacted data for a third party to contact registrant BC 7, SSAC 1 Group 4: Consumer protection, abuse prevention, digital service provider (DSP) and network security SSAC 2, BC 9, ALAC 1 Group 5: Registered Name Holder consent or contract BC 4, BC 6, BC 8, IP 5 Do note that some of the use cases, such as BC8, may need to be further modified to better fit their category. Hereunder you find the use cases legend. Best regards, Caitlin, Berry and Marika LEGEND LEA 1 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller. LEA 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a local data controller. SSAC 1 When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.) SSAC 2 Determine “Reputation” of domain name and/or elements associated with domain name registrations. SSAC 3 Investigation of criminal activity where domain names are used. Typical specific example: phishing attack. IP 1 Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement IP 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 3 Investigation of criminal activity in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 4 Copyright owners requesting data in the establishment, exercise or defense of legal claims for copyright infringement IP 5 Providers requesting access required to facilitate due process in the UDRP and URS BC1/2 Initial investigation of criminal activity against a victim and/or secondary victim where domain names are used in the commission of the crime BC 3 Identify owner of abusive domains and other related domains involved in civil legal claims related to phishing, malware, botnets, and other fraudulent activities BC 4 Maintaining the domain name registration by the Registered Name Holder BC 5 The establishment, exercise or defense of a legal claim involving a registrant of a domain name BC 6 M&A name portfolio due diligence or purchase of domain name from bankrupt entity or other seller BC 7 Contacting the Registrant to resolve a Technical or Operational Issue with a Domain Name BC 8 Help a certification authority determine and validate the identity of the entity associated with a domain name that will be bound to an SSL/TLS certificate BC 9 Search Engines, Messaging Services & Social Media Platforms seeking to confirm the authenticity of businesses advertising or Posting News on its Platform ALAC 1 Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves ALAC 2 Consumer protection organizations From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Date: Monday, July 22, 2019 at 10:02 To: "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: [Gnso-epdp-team] Proposed agenda EPDP Team Meeting #10 Thursday 25 July at 14.00 UTC Dear EPDP Team, Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 25 July at 14.00 UTC. As a reminder: Action Due Date EPDP Team to finish reviewing the LEA use case offline, beginning at subcategory g and identify questions to the list in writing (if any) by Tuesday, 23 July. Tuesday, 23 July 2019 Alan Greenberg to draft proposed legal question regarding the trustworthiness of the requestor and send to Leon and EPDP Leadership. Thursday, 25 July 2019 Chris Lewis-Evans, with the help of GAC colleagues (as applicable) to consider any questions identified and propose corresponding edits/clarifications to the use case. Thursday, 25 July 2019 Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions. 25 July 2019 Best regards, Caitlin, Berry and Marika =========== EPDP Phase 2 - Meeting #10 Proposed Agenda Thursday, 25 July 2019 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (10 minutes) · Update from Legal Committee · Early input review status (deadline 25 July) 4. Use Cases Categorization (10 minutes) * Review proposed categorization put forward by small team * Confirm proposed categorization * Confirm new ranking survey & deadline to determine most representative use case in each category 5. Use case – first reading: Investigation of criminal activity where domain names are used. Typical specific example: phishing attack<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_dow...> (60 minutes) * Introduction of use case (SSAC) * Input from EPDP Team – questions, concerns, proposed modifications * Confirm next steps 6. Use case – final reading: Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_dow...> (30 minutes) * Provide overview of changes made in response to comments / questions * Consider any further concerns / issues expressed on the mailing list prior to the meeting * Preliminary agreement on use case * Confirm next steps, if any 7. Any other business (5 minutes) * Priority 2 small team meetings update a) Accuracy and WHOIS ARS (see https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5VJuw/edit<https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com_document_d_1pS9Pibanj-2DHp6LztZpeERtxdoLsnp4y-5F-2Ddo0vU5VJuw_edit&d=DwMFaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=Y06UjKhyVR8bFH5pagh7P4eHxZxh1-U4WfyvnZzzAA8&s=wlOfBJx_2-ZYfo-aJuEglUTKUDXQ_B--EfOiEaYNvVU&e=>) b) Input received on other priority 2 items from RrSG (see https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_pipermail_gnso-2Depdp-2Dteam_2019-2DJune_002174.html&d=DwMFaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=Y06UjKhyVR8bFH5pagh7P4eHxZxh1-U4WfyvnZzzAA8&s=PPmc9kN_0XRADxcJJAdyptwnegD6Aa1twBlxklOH5wM&e=>) c) Leadership to recommend next steps via mailing list * Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-drazek-21jun19-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_sites_default_files_file_field-2Dfile-2Dattach_marby-2Dto-2Ddrazek-2D21jun19-2Den.pdf&d=DwMFaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=Y06UjKhyVR8bFH5pagh7P4eHxZxh1-U4WfyvnZzzAA8&s=uzCH0X_q6sSBn7oME58SDlCgPK4YkfFMuBICf3qOWtI&e=>). EPDP Team to provide input on the mailing list. Confirm deadline for input. 8. Wrap and confirm next EPDP Team meeting on Thursday 1 August 2019 at 14.00 UTC (5 minutes) * Confirm action items * Confirm questions for ICANN Org, if any Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=Y06UjKhyVR8bFH5pagh7P4eHxZxh1-U4WfyvnZzzAA8&s=5x2fMJ-ZpoerhfBhuAKTRhVNo4Hvs_q1jAReXyt1Mu4&e=> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMFaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=Y06UjKhyVR8bFH5pagh7P4eHxZxh1-U4WfyvnZzzAA8&s=xb643TLnntIzgK-u1PC_KXYGi-vKt5FY8CDVcowspbI&e=>) and the website Terms of Service (https://www.icann.org/privacy/tos<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMFaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=Y06UjKhyVR8bFH5pagh7P4eHxZxh1-U4WfyvnZzzAA8&s=k26AgJxikTzlP6Pr35lLf4NSvVxMHne0cbEu0tqnZ8Q&e=>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Alex is correct From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Alex Deacon Sent: Tuesday, July 23, 2019 2:28 PM To: Marika Konings <marika.konings@icann.org> Cc: gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Agenda item #4 Thanks Marika. I think there is a typo in the Grouping (assuming I understand it). If the Legend labeling is correct: Group 1 should include IP 2 and IP 3 Group 2 should include IP 1 and IP 4 Thanks! Alex ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com<mailto:alex@colevalleyconsulting.com> +1.415.488.6009 On Tue, Jul 23, 2019 at 8:55 AM Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: Dear EPDP Team, In relation to agenda item #4, please find hereby the proposed categorization developed by the small team of volunteers (Milton, Margie, Brian and Chris) for your consideration: Group 1: Criminal Law enforcement/national or public security LEA 1, LEA 2, IP 1, IP 2 Group 2: Non-LE investigations and civil claims BC1/2, BC 3, BC 5, SSAC 3, ALAC 2, IP 3, IP 4 Group 3: Need for redacted data for a third party to contact registrant BC 7, SSAC 1 Group 4: Consumer protection, abuse prevention, digital service provider (DSP) and network security SSAC 2, BC 9, ALAC 1 Group 5: Registered Name Holder consent or contract BC 4, BC 6, BC 8, IP 5 Do note that some of the use cases, such as BC8, may need to be further modified to better fit their category. Hereunder you find the use cases legend. Best regards, Caitlin, Berry and Marika LEGEND LEA 1 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller. LEA 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a local data controller. SSAC 1 When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.) SSAC 2 Determine “Reputation” of domain name and/or elements associated with domain name registrations. SSAC 3 Investigation of criminal activity where domain names are used. Typical specific example: phishing attack. IP 1 Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement IP 2 Investigation of criminal activity against a victim in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 3 Investigation of criminal activity in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller. IP 4 Copyright owners requesting data in the establishment, exercise or defense of legal claims for copyright infringement IP 5 Providers requesting access required to facilitate due process in the UDRP and URS BC1/2 Initial investigation of criminal activity against a victim and/or secondary victim where domain names are used in the commission of the crime BC 3 Identify owner of abusive domains and other related domains involved in civil legal claims related to phishing, malware, botnets, and other fraudulent activities BC 4 Maintaining the domain name registration by the Registered Name Holder BC 5 The establishment, exercise or defense of a legal claim involving a registrant of a domain name BC 6 M&A name portfolio due diligence or purchase of domain name from bankrupt entity or other seller BC 7 Contacting the Registrant to resolve a Technical or Operational Issue with a Domain Name BC 8 Help a certification authority determine and validate the identity of the entity associated with a domain name that will be bound to an SSL/TLS certificate BC 9 Search Engines, Messaging Services & Social Media Platforms seeking to confirm the authenticity of businesses advertising or Posting News on its Platform ALAC 1 Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves ALAC 2 Consumer protection organizations From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Date: Monday, July 22, 2019 at 10:02 To: "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: [Gnso-epdp-team] Proposed agenda EPDP Team Meeting #10 Thursday 25 July at 14.00 UTC Dear EPDP Team, Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 25 July at 14.00 UTC. As a reminder: Action Due Date EPDP Team to finish reviewing the LEA use case offline, beginning at subcategory g and identify questions to the list in writing (if any) by Tuesday, 23 July. Tuesday, 23 July 2019 Alan Greenberg to draft proposed legal question regarding the trustworthiness of the requestor and send to Leon and EPDP Leadership. Thursday, 25 July 2019 Chris Lewis-Evans, with the help of GAC colleagues (as applicable) to consider any questions identified and propose corresponding edits/clarifications to the use case. Thursday, 25 July 2019 Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions. 25 July 2019 Best regards, Caitlin, Berry and Marika =========== EPDP Phase 2 - Meeting #10 Proposed Agenda Thursday, 25 July 2019 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (10 minutes) · Update from Legal Committee · Early input review status (deadline 25 July) 4. Use Cases Categorization (10 minutes) * Review proposed categorization put forward by small team * Confirm proposed categorization * Confirm new ranking survey & deadline to determine most representative use case in each category 5. Use case – first reading: Investigation of criminal activity where domain names are used. Typical specific example: phishing attack<https://community.icann.org/download/attachments/111386876/SSAC%20Crime-Abus...> (60 minutes) * Introduction of use case (SSAC) * Input from EPDP Team – questions, concerns, proposed modifications * Confirm next steps 6. Use case – final reading: Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller<https://community.icann.org/download/attachments/111386876/Use%20Case%20-%20...> (30 minutes) * Provide overview of changes made in response to comments / questions * Consider any further concerns / issues expressed on the mailing list prior to the meeting * Preliminary agreement on use case * Confirm next steps, if any 7. Any other business (5 minutes) * Priority 2 small team meetings update a) Accuracy and WHOIS ARS (see https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5V...) b) Input received on other priority 2 items from RrSG (see https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html) c) Leadership to recommend next steps via mailing list * Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-d...). EPDP Team to provide input on the mailing list. Confirm deadline for input. 8. Wrap and confirm next EPDP Team meeting on Thursday 1 August 2019 at 14.00 UTC (5 minutes) * Confirm action items * Confirm questions for ICANN Org, if any Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
One more nit - The description of IP 1 and IP 2 in the legend is is missing specificity. I assume IP 2 is the criminal trademark use case and IP 3 is the criminal copyright use case. Alex ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009 On Tue, Jul 23, 2019 at 12:44 PM Mueller, Milton L <milton@gatech.edu> wrote:
Alex is correct
*From:* Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Alex Deacon *Sent:* Tuesday, July 23, 2019 2:28 PM *To:* Marika Konings <marika.konings@icann.org> *Cc:* gnso-epdp-team@icann.org *Subject:* Re: [Gnso-epdp-team] Agenda item #4
Thanks Marika.
I think there is a typo in the Grouping (assuming I understand it). If the Legend labeling is correct:
Group 1 should include IP 2 and IP 3
Group 2 should include IP 1 and IP 4
Thanks!
Alex
___________
*Alex Deacon*
Cole Valley Consulting
alex@colevalleyconsulting.com
+1.415.488.6009
On Tue, Jul 23, 2019 at 8:55 AM Marika Konings <marika.konings@icann.org> wrote:
Dear EPDP Team,
In relation to agenda item #4, please find hereby the proposed categorization developed by the small team of volunteers (Milton, Margie, Brian and Chris) for your consideration:
Group 1: Criminal Law enforcement/national or public security
LEA 1, LEA 2, IP 1, IP 2
Group 2: Non-LE investigations and civil claims
BC1/2, BC 3, BC 5, SSAC 3, ALAC 2, IP 3, IP 4
Group 3: Need for redacted data for a third party to contact registrant
BC 7, SSAC 1
Group 4: Consumer protection, abuse prevention, digital service provider (DSP) and network security
SSAC 2, BC 9, ALAC 1
Group 5: Registered Name Holder consent or contract
BC 4, BC 6, BC 8, IP 5
Do note that some of the use cases, such as BC8, may need to be further modified to better fit their category. Hereunder you find the use cases legend.
Best regards,
Caitlin, Berry and Marika
*LEGEND*
LEA 1
Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller.
LEA 2
Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a local data controller.
SSAC 1
When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.)
SSAC 2
Determine “Reputation” of domain name and/or elements associated with domain name registrations.
SSAC 3
Investigation of criminal activity where domain names are used. Typical specific example: phishing attack.
IP 1
Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement
IP 2
Investigation of criminal activity against a victim in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller.
IP 3
Investigation of criminal activity in the jurisdiction of the investigating LEA requesting data from either a local a non-local data controller.
IP 4
Copyright owners requesting data in the establishment, exercise or defense of legal claims for copyright infringement
IP 5
Providers requesting access required to facilitate due process in the UDRP and URS
BC1/2
Initial investigation of criminal activity against a victim and/or secondary victim where domain names are used in the commission of the crime
BC 3
Identify owner of abusive domains and other related domains involved in civil legal claims related to phishing, malware, botnets, and other fraudulent activities
BC 4
Maintaining the domain name registration by the Registered Name Holder
BC 5
The establishment, exercise or defense of a legal claim involving a registrant of a domain name
BC 6
M&A name portfolio due diligence or purchase of domain name from bankrupt entity or other seller
BC 7
Contacting the Registrant to resolve a Technical or Operational Issue with a Domain Name
BC 8
Help a certification authority determine and validate the identity of the entity associated with a domain name that will be bound to an SSL/TLS certificate
BC 9
Search Engines, Messaging Services & Social Media Platforms seeking to confirm the authenticity of businesses advertising or Posting News on its Platform
ALAC 1
Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves
ALAC 2
Consumer protection organizations
*From: *Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Marika Konings <marika.konings@icann.org> *Date: *Monday, July 22, 2019 at 10:02 *To: *"gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> *Subject: *[Gnso-epdp-team] Proposed agenda EPDP Team Meeting #10 Thursday 25 July at 14.00 UTC
Dear EPDP Team,
Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 25 July at 14.00 UTC.
As a reminder:
*Action*
*Due Date*
EPDP Team to finish reviewing the LEA use case offline, beginning at subcategory g and identify questions to the list in writing (if any) by *Tuesday, 23 July*.
*Tuesday, 23 July 2019*
Alan Greenberg to draft proposed legal question regarding the trustworthiness of the requestor and send to Leon and EPDP Leadership.
*Thursday, 25 July 2019*
Chris Lewis-Evans, with the help of GAC colleagues (as applicable) to consider any questions identified and propose corresponding edits/clarifications to the use case.
*Thursday, 25 July 2019*
Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions.
*25 July 2019*
Best regards,
Caitlin, Berry and Marika
===========
*EPDP Phase 2 - Meeting #10 *
*Proposed Agenda*
Thursday, 25 July 2019 at 14.00 UTC
1. Roll Call & SOI Updates (5 minutes)
2. Confirmation of agenda (Chair)
3. Welcome and housekeeping issues (Chair) (10 minutes)
· Update from Legal Committee
· Early input review status (deadline 25 July)
4. Use Cases Categorization (10 minutes)
- Review proposed categorization put forward by small team - Confirm proposed categorization - Confirm new ranking survey & deadline to determine most representative use case in each category
5. Use case – first reading: Investigation of criminal activity where domain names are used. Typical specific example: phishing attack <https://community.icann.org/download/attachments/111386876/SSAC%20Crime-Abus...> (60 minutes)
- Introduction of use case (SSAC) - Input from EPDP Team – questions, concerns, proposed modifications - Confirm next steps
6. Use case – final reading: Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller <https://community.icann.org/download/attachments/111386876/Use%20Case%20-%20...> (30 minutes)
- Provide overview of changes made in response to comments / questions - Consider any further concerns / issues expressed on the mailing list prior to the meeting - Preliminary agreement on use case - Confirm next steps, if any
7. Any other business (5 minutes)
- Priority 2 small team meetings update
a) Accuracy and WHOIS ARS (see https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5V...)
b) Input received on other priority 2 items from RrSG (see https://mm.icann.org/pipermail/gnso-epdp-team/2019-June/002174.html)
c) Leadership to recommend next steps via mailing list
- Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-d...). EPDP Team to provide input on the mailing list. Confirm deadline for input.
8. Wrap and confirm next EPDP Team meeting on Thursday 1 August 2019 at 14.00 UTC (5 minutes)
- Confirm action items - Confirm questions for ICANN Org, if any
*Marika Konings*
*Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) *
*Email: marika.konings@icann.org <marika.konings@icann.org> *
*Follow the GNSO via Twitter @ICANN_GNSO*
*Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>. *
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (5)
-
Alex Deacon -
Greg Aaron -
King, Brian -
Marika Konings -
Mueller, Milton L