Might as well have them there, we will likely have more questions, if they can spare the time.  Thanks to them! And really this has to be called the registration data request system, it is looking less and less like a disclosure system. Misleading name. cheers Stephanie On 2022-09-20 8:01 a.m., Sebastien@registry.godaddy wrote:

Dear Team,

I forgot to mention that Staff offered to join us on Thursday. Can you confirm if you think their presence would help the conversation, or if you feel we need time as the small team first.

Kindly, Sébastien

Sebastien Ducos GoDaddy Registry / Senior Client Services Manager Level 8, 10 Queens Road, Melbourne, Australia VIC 3004 Office: +61 3 9886 3710 Mobile: +61 449 623 491 / registry.godaddy

The information contained in this email message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this email message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message. ------------------------------------------------------------------------ *From:* Sebastien Ducos <Sebastien@registry.godaddy> *Sent:* Tuesday, September 20, 2022 12:24:05 PM *To:* gnso-epdpp2-smallteam@icann.org <gnso-epdpp2-smallteam@icann.org> *Subject:* FW: [Ext] Post Board GNSO bilateral on WDS

Dear Small Team,

Following the Board-GNSO bilateral his morning, where WDS was discussed and specifically the matter of not logging requests from non-participating Registrars, I reached out Eleeza and Yuko to better understand the underlying motivations/issues behind the decision. Please find Eleeza’s answer below.

I understand though I wasn’t able to follow the conversation, that the issue was also discussed during the Board-CSG bilateral today. I encourage all to try to catch up on it before our meeting Thursday, but am sure those present will be able to fill us in.

Kindly,

*Sebastien Ducos*

GoDaddy Registry | Senior Client Services Manager

signature_3291692454

+33612284445

France & Australia

sebastien@registry.godaddy <mailto:sebastien@registry.godaddy>

*From: *Eleeza Agopian <eleeza.agopian@icann.org> *Date: *Tuesday, 20 September 2022 at 10:05 am *To: *Sebastien Ducos <Sebastien@registry.godaddy>, Yuko Yokoyama <yuko.yokoyama@icann.org> *Cc: *Marika Konings <marika.konings@icann.org> *Subject: *Re: [Ext] Post Board GNSO bilateral on WDS

Caution:This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad@.

Dear Seb,

Thank you for your questions. I want to clarify an important point: If a registrar decides to participate in the system and receive requests, per the Interim Registration Data Policy for gTLDs (carrying over the requirements of the Temp Spec) requirement to provide “reasonable access,” they must respond to the request. We cover this in Section 3.6 of the paper, which refers to Contractual Compliance.

Please also note that this analysis concerns only requirements under the Temp Spec; once the EPDP Phase 1 policy (currently published for public comment <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann....>) goes into effect, that policy will supersede the current Temp Spec “reasonable access” requirement.

With regard to your question on alerting non-participating registrars about queries for their domains, we have given this some additional thought and Göran shared some of these thoughts in the Board-CSG meeting <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2F75.schedule.icann.org%2Fmeetings%2FLuS4he77cdNWkT7kQ&data=05%7C01%7CSebastien%40registry.godaddy%7Ca220b363d51e4201614108da9adee061%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637992579323376055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=v0uGTZIZVsNpGrjK6Av5D%2BPIdUbtH%2Fcx8fUMd0KerBw%3D&reserved=0>earlier today. Within the current system design, a requestor will be asked to enter the subject domain at the beginning of the form and the system will determine whether the domain’s registrar is participating in the system. If the registrar is not participating, the system would display an error message to the requestor notifying them that the registrar is not participating and would suggest they directly contact the registrar.

What is not currently contemplated but may be possible would be for the system to log that notification and trigger an email to the primary account holder in the Naming Services Portal. The notification would simply state that a nonpublic registration data request was made for a domain that is under their management - it could also specify the domain name and the type of requestor logging the request. The email notification to the non-participating registrar would not, as proposed here, trigger a requirement for the registrar to provide “reasonable access” in a manner contemplated in the Temp Spec. This is because the notification would not, on its own, be considered a request for registration data access, but would merely be a notification that a requestor attempted to submit a request via the system. The email notification could include information indicating how a registrar may participate in the system. ICANN could also explore capturing within the system’s own reporting what type of requestor is requesting this data.

If the system is logging this data, we could report on the number of requests for domains from non-participating registrars, which registrars are receiving these requests, and potentially the types of requestors.

To your question regarding the collection of a full request for a domain under management by a non-participating registrar, there are some risks that have not been fully assessed and would require additional consideration from the team, including assessing the legitimacy to process the personal data requested through the form in line with data protection laws.

In addition, sharing the full request data set outside the system (i.e. via email) is a security risk. Non-participating registrars will need to access the system to view the request.

We would be happy to meet with you if you find it easier to have a quick conversation, and are also happy to join the small team’s meeting on Thursday to answer any questions.

Thank you,

Eleeza

*From: *"Sebastien@registry.godaddy" <Sebastien@registry.godaddy> *Date: *Tuesday, September 20, 2022 at 10:50 AM *To: *Eleeza Agopian <eleeza.agopian@icann.org>, Yuko Yokoyama <yuko.yokoyama@icann.org> *Cc: *Marika Konings <marika.konings@icann.org> *Subject: *[Ext] Post Board GNSO bilateral on WDS

Hi Eleeza and Yuko,

Please allow me to reach out personally following the Board-GNSO bilateral discussion on WDS.

The point raised on Saturday regarding the fact that the WDS will only collect data for participating Registrars is one that is quickly becoming key.

Before it snowballs into locking us out of a quick and positive decision from the small team, I wanted to make sure I fully understood the issue from your end. The answer given by Goran during the bilat – essentially that any new feature would require time to scope and would result not only in delays, but put this in competition with upcoming efforts such as SubPro – is valid, but I am afraid will not help us out to close this case.

I understand the WDS will collect request data, store it securely, present it for Registrars to review AND send them an alert warn them of the case awaiting them. Arguably, without revealing PII, this alert could contain enough information (Request date, concerned domain name, etc…) to put the receiving contracted party in a position of no longer being able to outright ignore the request as per existing contracts. Conversely, if we only collect data and send alerts to participating Registrars we are creating an incentive for them not to participate; in fact I would assume that their Legal advisers would recommend not to participate as they would then protect themselves from having information collected on them.

Are we here limited by the technical framework (SalesForce) that will only email known users? Or do you have other imperatives that guide you?

If that is the reason, is there a way to continue collecting the data regardless? We would create a situation where unalerted Registrars might not be able to ignore a request, but where at least an impartial record of it is kept. In the absence of a Registrar-user, could we continue collecting formatted request, informing the Requestor that the Registrar cannot be alerted but supplying the Registrar’s abuse email with an easy to copy/paste a rendering of the filled form, to easily form and send an email?

I really don’t want us – the small team – to start system-designing, but with the best of intentions the more I look into this the more I think that not only we would deprive ourselves from any pressure points to push unwilling Registrars, but actually offer a good reason for willing ones to stay out.

I am happy to discuss this offline when you want.

Kindly,

*Sebastien Ducos*

GoDaddy Registry | Senior Client Services Manager

signature_511257113

+33612284445

France & Australia

sebastien@registry.godaddy <mailto:sebastien@registry.godaddy>

_______________________________________________ GNSO-EPDPP2-SmallTeam mailing list GNSO-EPDPP2-SmallTeam@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdpp2-smallteam

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

I think their presence would be welcome. Best, Paul Taft / Paul D. McGrady, Jr. Partner PMcGrady@taftlaw.com<mailto:PMcGrady@taftlaw.com> Dir: 312.836.4094 | Cell: 312.882.5020 Tel: 312.527.4000 | Fax: 312.754.2354 111 E. Wacker Drive, Suite 2800 Chicago, Illinois 60601-3713 Download vCard<http://www.taftlaw.com/vcard/PMcGrady@taftlaw.com> taftlaw.com<http://www.taftlaw.com> [https://taftlawpr.blob.core.windows.net/taft/files/fileuploads/62f506bb609f40002f521357/Taft%20Jaffe%20Logo%20-%20Signature%20Block-02.png]<https://taftlawpr.blob.core.windows.net/taft/files/fileuploads/62f506bb609f40002f521357/Taft%20Jaffe%20Logo%20-%20Signature%20Block-02.png> Jaffe is joining Taft, effective Dec 31, 2022. Learn more here.<https://www.taftlaw.com/news-events/news/taft-expands-midwest-reach-and-capa...> This message may contain information that is attorney-client privileged, attorney work product or otherwise confidential. If you are not an intended recipient, use and disclosure of this message are prohibited. If you received this transmission in error, please notify the sender by reply e-mail and delete the message and any attachments. From: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org> On Behalf Of John McElwaine Sent: Wednesday, September 21, 2022 9:35 AM To: Sebastien@registry.godaddy; gnso-epdpp2-smallteam@icann.org Subject: Re: [GNSO-EPDPP2-SmallTeam] [Ext] Post Board GNSO bilateral on WDS I think having staff knowledgeable about the details of WDS design paper, including technical aspects of the NSP would be useful. John From: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org<mailto:gnso-epdpp2-smallteam-bounces@icann.org>>On Behalf Of Sebastien@registry.godaddySent<mailto:Sebastien@registry.godaddySent>: Tuesday, September 20, 20 ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ [https://alert-dg01.redatatech.com/onprem_security_warning_fetch?r=1&dep=x4ON%2BJSMC%2BTio%2Ffy8JyF6g%3D%3DQkQ94lpAxHGZaB%2BMcVU0u5PWok8Sna8%2Fjy6cmmWjbzQFS9X7S5ENkYmThL1tCU%2Boq6hQCgaRTo%2BmmISG2%2B4IxrLSYF2EZ%2BM5PRi9uadPwDImDVs%2Fw66tiYmQMpm738vcUSObP6iNT8gaC8pEvBxLr%2FgECDoFE35PcxSotKq3d9x34KObflhpbDvSwd9pxFCFuIJ1mqBCT%2FOboeM8ea3E%2FXZYCzCcj8TvpQOH%2FjqHPMHAx9VyFNuMXkGpg499Jz3ph%2BDqyJeeml2B8SBikIl%2BsLDs1n9uabWbOq7CSYOVMiQQlUp5pTpvQsPCC8cCAD1aXRNYuKcmQ0yBDWq9qlO0eNEDci27WrPAVAu%2FtEALENhAZx3KZfVsgxylQ7EkrAbA2vuiXc1z40XYvb8XrkZBvjb%2Fv0EJYRtWDLjliFzQQU4pYc8B5aMEpzO76syltbT%2FBCMdM4t5Rfge7xx8CHE5N%2FQEGXSMCjl5whTK9Kz9L6NYQLRccCSz2MiSELuiAV10nMxYi%2BzU3b6P1DvIVze0iQAnbPv1MYC0YNet4xBbA4JlQYWaIG9%2FmAO8DN0wQrTc7rGFzT2N8kUJfKe7SmQKoH6faBXEuErUJYuq34ijOA9MScn78FmjYVkByGu2pyxOPB%2B4lpbOormDny6E2otyA3vzlB158%2FeBfgAoWbq%2BSIqIXjB8Xv4antw4YIiFAPinIjGqf6eUjCKvQUvTDek1A%2FeGJPmOFdcPSQEMvdHVqzZyau8vwYdqekIoMyuLvRFkk7xxzHUuIJEQ1B%2FwNSbs2pv3XoXuu8EVf6OUkY5r5Oc%3D]<https://us.report.cybergraph.mimecast.com/alert-details/?dep=x4ON%2BJSMC%2BTio%2Ffy8JyF6g%3D%3DQkQ94lpAxHGZaB%2BMcVU0u5PWok8Sna8%2Fjy6cmmWjbzQFS9X7S5ENkYmThL1tCU%2Boq6hQCgaRTo%2BmmISG2%2B4IxrLSYF2EZ%2BM5PRi9uadPwDImDVs%2Fw66tiYmQMpm738vcUSObP6iNT8gaC8pEvBxLr%2FgECDoFE35PcxSotKq3d9x34KObflhpbDvSwd9pxFCFuIJ1mqBCT%2FOboeM8ea3E%2FXZYCzCcj8TvpQOH%2FjqHPMHAx9VyFNuMXkGpg499Jz3ph%2BDqyJeeml2B8SBikIl%2BsLDs1n9uabWbOq7CSYOVMiQQlUp5pTpvQsPCC8cCAD1aXRNYuKcmQ0yBDWq9qlO0eNEDci27WrPAVAu%2FtEALENhAZx3KZfVsgxylQ7EkrAbA2vuiXc1z40XYvb8XrkZBvjb%2Fv0EJYRtWDLjliFzQQU4pYc8B5aMEpzO76syltbT%2FBCMdM4t5Rfge7xx8CHE5N%2FQEGXSMCjl5whTK9Kz9L6NYQLRccCSz2MiSELuiAV10nMxYi%2BzU3b6P1DvIVze0iQAnbPv1MYC0YNet4xBbA4JlQYWaIG9%2FmAO8DN0wQrTc7rGFzT2N8kUJfKe7SmQKoH6faBXEuErUJYuq34ijOA9MScn78FmjYVkByGu2pyxOPB%2B4lpbOormDny6E2otyA3vzlB158%2FeBfgAoWbq%2BSIqIXjB8Xv4antw4YIiFAPinIjGqf6eUjCKvQUvTDek1A%2FeGJPmOFdcPSQEMvdHVqzZyau8vwYdqekIoMyuLvRFkk7xxzHUuIJEQ1B%2FwNSbs2pv3XoXuu8EVf6OUkY5r5Oc%3D> I think having staff knowledgeable about the details of WDS design paper, including technical aspects of the NSP would be useful. John From: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org<mailto:gnso-epdpp2-smallteam-bounces@icann.org>> On Behalf Of Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy> Sent: Tuesday, September 20, 2022 8:02 AM To: gnso-epdpp2-smallteam@icann.org<mailto:gnso-epdpp2-smallteam@icann.org> Subject: Re: [GNSO-EPDPP2-SmallTeam] [Ext] Post Board GNSO bilateral on WDS ◄External Email► - From: gnso-epdpp2-smallteam-bounces@icann.org<mailto:gnso-epdpp2-smallteam-bounces@icann.org> Dear Team, I forgot to mention that Staff offered to join us on Thursday. Can you confirm if you think their presence would help the conversation, or if you feel we need time as the small team first. Kindly, Sébastien Sebastien Ducos GoDaddy Registry / Senior Client Services Manager Level 8, 10 Queens Road, Melbourne, Australia VIC 3004 Office: +61 3 9886 3710 Mobile: +61 449 623 491 / registry.godaddy The information contained in this email message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this email message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message. ________________________________ From: Sebastien Ducos <Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>> Sent: Tuesday, September 20, 2022 12:24:05 PM To: gnso-epdpp2-smallteam@icann.org<mailto:gnso-epdpp2-smallteam@icann.org> <gnso-epdpp2-smallteam@icann.org<mailto:gnso-epdpp2-smallteam@icann.org>> Subject: FW: [Ext] Post Board GNSO bilateral on WDS Dear Small Team, Following the Board-GNSO bilateral his morning, where WDS was discussed and specifically the matter of not logging requests from non-participating Registrars, I reached out Eleeza and Yuko to better understand the underlying motivations/issues behind the decision. Please find Eleeza’s answer below. I understand though I wasn’t able to follow the conversation, that the issue was also discussed during the Board-CSG bilateral today. I encourage all to try to catch up on it before our meeting Thursday, but am sure those present will be able to fill us in. Kindly, Sebastien Ducos GoDaddy Registry | Senior Client Services Manager [signature_3291692454] +33612284445 France & Australia sebastien@registry.godaddy<mailto:sebastien@registry.godaddy> From: Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> Date: Tuesday, 20 September 2022 at 10:05 am To: Sebastien Ducos <Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>>, Yuko Yokoyama <yuko.yokoyama@icann.org<mailto:yuko.yokoyama@icann.org>> Cc: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: Re: [Ext] Post Board GNSO bilateral on WDS Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad@. Dear Seb, Thank you for your questions. I want to clarify an important point: If a registrar decides to participate in the system and receive requests, per the Interim Registration Data Policy for gTLDs (carrying over the requirements of the Temp Spec) requirement to provide “reasonable access,” they must respond to the request. We cover this in Section 3.6 of the paper, which refers to Contractual Compliance. Please also note that this analysis concerns only requirements under the Temp Spec; once the EPDP Phase 1 policy (currently published for public comment<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam10.safelinks.protect...>) goes into effect, that policy will supersede the current Temp Spec “reasonable access” requirement. With regard to your question on alerting non-participating registrars about queries for their domains, we have given this some additional thought and Göran shared some of these thoughts in the Board-CSG meeting<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam10.safelinks.protect...> earlier today. Within the current system design, a requestor will be asked to enter the subject domain at the beginning of the form and the system will determine whether the domain’s registrar is participating in the system. If the registrar is not participating, the system would display an error message to the requestor notifying them that the registrar is not participating and would suggest they directly contact the registrar. What is not currently contemplated but may be possible would be for the system to log that notification and trigger an email to the primary account holder in the Naming Services Portal. The notification would simply state that a nonpublic registration data request was made for a domain that is under their management - it could also specify the domain name and the type of requestor logging the request. The email notification to the non-participating registrar would not, as proposed here, trigger a requirement for the registrar to provide “reasonable access” in a manner contemplated in the Temp Spec. This is because the notification would not, on its own, be considered a request for registration data access, but would merely be a notification that a requestor attempted to submit a request via the system. The email notification could include information indicating how a registrar may participate in the system. ICANN could also explore capturing within the system’s own reporting what type of requestor is requesting this data. If the system is logging this data, we could report on the number of requests for domains from non-participating registrars, which registrars are receiving these requests, and potentially the types of requestors. To your question regarding the collection of a full request for a domain under management by a non-participating registrar, there are some risks that have not been fully assessed and would require additional consideration from the team, including assessing the legitimacy to process the personal data requested through the form in line with data protection laws. In addition, sharing the full request data set outside the system (i.e. via email) is a security risk. Non-participating registrars will need to access the system to view the request. We would be happy to meet with you if you find it easier to have a quick conversation, and are also happy to join the small team’s meeting on Thursday to answer any questions. Thank you, Eleeza From: "Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>" <Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>> Date: Tuesday, September 20, 2022 at 10:50 AM To: Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>>, Yuko Yokoyama <yuko.yokoyama@icann.org<mailto:yuko.yokoyama@icann.org>> Cc: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: [Ext] Post Board GNSO bilateral on WDS Hi Eleeza and Yuko, Please allow me to reach out personally following the Board-GNSO bilateral discussion on WDS. The point raised on Saturday regarding the fact that the WDS will only collect data for participating Registrars is one that is quickly becoming key. Before it snowballs into locking us out of a quick and positive decision from the small team, I wanted to make sure I fully understood the issue from your end. The answer given by Goran during the bilat – essentially that any new feature would require time to scope and would result not only in delays, but put this in competition with upcoming efforts such as SubPro – is valid, but I am afraid will not help us out to close this case. I understand the WDS will collect request data, store it securely, present it for Registrars to review AND send them an alert warn them of the case awaiting them. Arguably, without revealing PII, this alert could contain enough information (Request date, concerned domain name, etc…) to put the receiving contracted party in a position of no longer being able to outright ignore the request as per existing contracts. Conversely, if we only collect data and send alerts to participating Registrars we are creating an incentive for them not to participate; in fact I would assume that their Legal advisers would recommend not to participate as they would then protect themselves from having information collected on them. Are we here limited by the technical framework (SalesForce) that will only email known users? Or do you have other imperatives that guide you? If that is the reason, is there a way to continue collecting the data regardless? We would create a situation where unalerted Registrars might not be able to ignore a request, but where at least an impartial record of it is kept. In the absence of a Registrar-user, could we continue collecting formatted request, informing the Requestor that the Registrar cannot be alerted but supplying the Registrar’s abuse email with an easy to copy/paste a rendering of the filled form, to easily form and send an email? I really don’t want us – the small team – to start system-designing, but with the best of intentions the more I look into this the more I think that not only we would deprive ourselves from any pressure points to push unwilling Registrars, but actually offer a good reason for willing ones to stay out. I am happy to discuss this offline when you want. Kindly, Sebastien Ducos GoDaddy Registry | Senior Client Services Manager [signature_511257113] +33612284445 France & Australia sebastien@registry.godaddy<mailto:sebastien@registry.godaddy> Confidentiality Notice This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately either by phone (800-237-2000) or reply to this e-mail and delete all copies of this message.

It would be great to have them at the table. Best, Thomas Am 20.09.2022 um 20:01 schrieb Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>: Dear Team, I forgot to mention that Staff offered to join us on Thursday. Can you confirm if you think their presence would help the conversation, or if you feel we need time as the small team first. Kindly, Sébastien Sebastien Ducos GoDaddy Registry / Senior Client Services Manager Level 8, 10 Queens Road, Melbourne, Australia VIC 3004 Office: +61 3 9886 3710 Mobile: +61 449 623 491 / registry.godaddy The information contained in this email message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this email message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message. ________________________________ From: Sebastien Ducos <Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>> Sent: Tuesday, September 20, 2022 12:24:05 PM To: gnso-epdpp2-smallteam@icann.org<mailto:gnso-epdpp2-smallteam@icann.org> <gnso-epdpp2-smallteam@icann.org<mailto:gnso-epdpp2-smallteam@icann.org>> Subject: FW: [Ext] Post Board GNSO bilateral on WDS Dear Small Team, Following the Board-GNSO bilateral his morning, where WDS was discussed and specifically the matter of not logging requests from non-participating Registrars, I reached out Eleeza and Yuko to better understand the underlying motivations/issues behind the decision. Please find Eleeza’s answer below. I understand though I wasn’t able to follow the conversation, that the issue was also discussed during the Board-CSG bilateral today. I encourage all to try to catch up on it before our meeting Thursday, but am sure those present will be able to fill us in. Kindly, Sebastien Ducos GoDaddy Registry | Senior Client Services Manager <image002.png> +33612284445 France & Australia sebastien@registry.godaddy<mailto:sebastien@registry.godaddy> From: Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>> Date: Tuesday, 20 September 2022 at 10:05 am To: Sebastien Ducos <Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>>, Yuko Yokoyama <yuko.yokoyama@icann.org<mailto:yuko.yokoyama@icann.org>> Cc: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: Re: [Ext] Post Board GNSO bilateral on WDS Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad@. Dear Seb, Thank you for your questions. I want to clarify an important point: If a registrar decides to participate in the system and receive requests, per the Interim Registration Data Policy for gTLDs (carrying over the requirements of the Temp Spec) requirement to provide “reasonable access,” they must respond to the request. We cover this in Section 3.6 of the paper, which refers to Contractual Compliance. Please also note that this analysis concerns only requirements under the Temp Spec; once the EPDP Phase 1 policy (currently published for public comment<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann....>) goes into effect, that policy will supersede the current Temp Spec “reasonable access” requirement. With regard to your question on alerting non-participating registrars about queries for their domains, we have given this some additional thought and Göran shared some of these thoughts in the Board-CSG meeting<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2F75.schedul...> earlier today. Within the current system design, a requestor will be asked to enter the subject domain at the beginning of the form and the system will determine whether the domain’s registrar is participating in the system. If the registrar is not participating, the system would display an error message to the requestor notifying them that the registrar is not participating and would suggest they directly contact the registrar. What is not currently contemplated but may be possible would be for the system to log that notification and trigger an email to the primary account holder in the Naming Services Portal. The notification would simply state that a nonpublic registration data request was made for a domain that is under their management - it could also specify the domain name and the type of requestor logging the request. The email notification to the non-participating registrar would not, as proposed here, trigger a requirement for the registrar to provide “reasonable access” in a manner contemplated in the Temp Spec. This is because the notification would not, on its own, be considered a request for registration data access, but would merely be a notification that a requestor attempted to submit a request via the system. The email notification could include information indicating how a registrar may participate in the system. ICANN could also explore capturing within the system’s own reporting what type of requestor is requesting this data. If the system is logging this data, we could report on the number of requests for domains from non-participating registrars, which registrars are receiving these requests, and potentially the types of requestors. To your question regarding the collection of a full request for a domain under management by a non-participating registrar, there are some risks that have not been fully assessed and would require additional consideration from the team, including assessing the legitimacy to process the personal data requested through the form in line with data protection laws. In addition, sharing the full request data set outside the system (i.e. via email) is a security risk. Non-participating registrars will need to access the system to view the request. We would be happy to meet with you if you find it easier to have a quick conversation, and are also happy to join the small team’s meeting on Thursday to answer any questions. Thank you, Eleeza From: "Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>" <Sebastien@registry.godaddy<mailto:Sebastien@registry.godaddy>> Date: Tuesday, September 20, 2022 at 10:50 AM To: Eleeza Agopian <eleeza.agopian@icann.org<mailto:eleeza.agopian@icann.org>>, Yuko Yokoyama <yuko.yokoyama@icann.org<mailto:yuko.yokoyama@icann.org>> Cc: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: [Ext] Post Board GNSO bilateral on WDS Hi Eleeza and Yuko, Please allow me to reach out personally following the Board-GNSO bilateral discussion on WDS. The point raised on Saturday regarding the fact that the WDS will only collect data for participating Registrars is one that is quickly becoming key. Before it snowballs into locking us out of a quick and positive decision from the small team, I wanted to make sure I fully understood the issue from your end. The answer given by Goran during the bilat – essentially that any new feature would require time to scope and would result not only in delays, but put this in competition with upcoming efforts such as SubPro – is valid, but I am afraid will not help us out to close this case. I understand the WDS will collect request data, store it securely, present it for Registrars to review AND send them an alert warn them of the case awaiting them. Arguably, without revealing PII, this alert could contain enough information (Request date, concerned domain name, etc…) to put the receiving contracted party in a position of no longer being able to outright ignore the request as per existing contracts. Conversely, if we only collect data and send alerts to participating Registrars we are creating an incentive for them not to participate; in fact I would assume that their Legal advisers would recommend not to participate as they would then protect themselves from having information collected on them. Are we here limited by the technical framework (SalesForce) that will only email known users? Or do you have other imperatives that guide you? If that is the reason, is there a way to continue collecting the data regardless? We would create a situation where unalerted Registrars might not be able to ignore a request, but where at least an impartial record of it is kept. In the absence of a Registrar-user, could we continue collecting formatted request, informing the Requestor that the Registrar cannot be alerted but supplying the Registrar’s abuse email with an easy to copy/paste a rendering of the filled form, to easily form and send an email? I really don’t want us – the small team – to start system-designing, but with the best of intentions the more I look into this the more I think that not only we would deprive ourselves from any pressure points to push unwilling Registrars, but actually offer a good reason for willing ones to stay out. I am happy to discuss this offline when you want. Kindly, Sebastien Ducos GoDaddy Registry | Senior Client Services Manager <image001.png> +33612284445 France & Australia sebastien@registry.godaddy<mailto:sebastien@registry.godaddy> _______________________________________________ GNSO-EPDPP2-SmallTeam mailing list GNSO-EPDPP2-SmallTeam@icann.org<mailto:GNSO-EPDPP2-SmallTeam@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdpp2-smallteam _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.