Hi All- I have added the points I introduced in the meeting this morning to the doc as well. From: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org> On Behalf Of John McElwaine Sent: Wednesday, October 05, 2022 6:19 AM To: Marika Konings <marika.konings@icann.org>; gnso-epdpp2-smallteam@icann.org Subject: RE: [EXTERNAL][GNSO-EPDPP2-SmallTeam] Remaining topics for discussion - EPDP Phase 2 Small Team meeting on Wednesday 5 October at 14.00 UTC CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Dear All, I had to miss one meeting, so these topics may have been covered. The IPC included the following in the Google document: 1. All requests must be logged and reported to the appropriate registrar or registry. (Supported also by BC, ALAC) 2. All registrars and all registries must participate in the WDS and strongly encouraged to do so via the Naming Services Portal. (Supported also by the GAC and the BC) 3. If a contracted party is not participating in the Naming Services Portal, then the system should send the request to them by email, and the requestor can update in due course with the outcome, so that these requests are not excluded. 4. There should be periodic publication of request and response data (not the personal data the subject of the request, but the info about number of requests; request outcomes; which Ry/Rr, etc.) 5. There should be a technical design so that there is the ability to request data and respond in common data elements, such as xml or json. (Supported also by SSAC) I am not sure where the small team stands on these 5 issues. Thanks, John From: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org<mailto:gnso-epdpp2-smallteam-bounces@icann.org>> On Behalf Of Marika Konings Sent: Wednesday, October 5, 2022 3:39 AM To: gnso-epdpp2-smallteam@icann.org<mailto:gnso-epdpp2-smallteam@icann.org> Subject: [GNSO-EPDPP2-SmallTeam] Remaining topics for discussion - EPDP Phase 2 Small Team meeting on Wednesday 5 October at 14.00 UTC ◄External Email► - From: gnso-epdpp2-smallteam-bounces@icann.org<mailto:gnso-epdpp2-smallteam-bounces@icann.org> Dear All, Please find below the proposed topics for review and discussion during today’s small team meeting. The staff support team has gone through the google doc to identify any remaining topics that have not been discussed yet by the small team – if we have overlooked anything, please flag this to the list and/or during today’s meeting. Best regards, Marika Phase 2 Small Team meeting - Proposed topics for review & discussion 1. Remaining topics from the Google doc: 1. ICANN as the agent of the requestor – “Along with the certification that the submission is accurate and complete, the requester should formally appoint ICANN (or whoever is running this system) as their agent. That way there is no question that this is a request that falls under the requirement to respond to legitimate requests for non-public data.” (ALAC) 2. Ability for requestor to challenge registrar completion flag – “Since marking the request complete (by the registrar) is independent from actually completing the request (either rejecting or with data), there should be a flag the requester can set to indicate that they do not agree with the “complete” flag. This new flag need not be acted upon, but is there for analysis.” (ALAC) 3. Billing – “Billing - we are concerned with the lack of a billing mechanism. If one of the primary drivers is to better understand the volume of requests/requestors for a potential SSAD system (that does have billing) then a proof of concept that doesn’t have billing might not provide an accurate view into the volume of requests likely for the SSAD. The recommendations were clear that the SSAD should operate on a cost recovery basis so that fees paid by registrants would not be used to disclose their data. Having a fee is also an effective measure to minimize abuse disclosure requests via the system. We don’t necessarily see this as a gating issue to proceed with a proof of concept, however we would like to see it considered for a potential phase 2 and note it should be considered when evaluating volume of requests received.” (RySG) 2. Remaining review template topics for discussion: 1. Data expected to be collected through the Whois Disclosure System 2. If support for proceeding: * What are the small team’s expectations with regards to the timing of implementation? * What role, if any, is the Council / small team expected to play during implementation? * How and by whom should review of the data obtained be conducted? Should this be done jointly with the ICANN Board? * Does the original timing of check-points still apply? * How can the GNSO Council/small team contribute to the success of the Whois Disclosure System? 1. If no support for proceeding: * What is the rationale for not proceeding? * What should the Council recommend to the Board in relation to the next step on the consideration of the SSAD recommendations? 3. Feedback from ICANN org in relation to logging of requests to non-participating registrars “the WHOIS Disclosure System could log requests that are made for data pertaining to domain name registrations that are under the management of non-participating registrars. A report could be created on the number of requests for domains from non-participating registrars and which registrars are receiving these requests, as part of the overall reports issued on the use of the WHOIS Disclosure System”. Note, ICANN org is still working on a response to the question from the small team whether it would also be possible to allow the requestor to continue filling out the data request form, if the requestor chooses to do so after having been informed that the data request will NOT be forwarded to the non-participating registrar and that any information provided will be used for data collection purposes that are intended to help inform future decisions about how to proceed with the Whois Disclosure System / SSAD. Confidentiality Notice This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message.