I'm too swamped right now to get deeply into the substance so I'll go with this for now: What Amr said: In any case, I agree (Alan) that the legal review shouldn't put any other work on hold. I had always assumed (there I go again) that the legal review would probably run in parallel with the implementation of the rest of the recommendations made by the WG. Just wondering where we're at with that right now. From: gnso-impl-thickwhois-rt-bounces@icann.org [mailto:gnso-impl-thickwhois-rt-bounces@icann.org] On Behalf Of Amr Elsadr Sent: Wednesday, August 13, 2014 3:11 PM To: gnso-impl-thickwhois-rt@icann.org Subject: Re: [Gnso-impl-thickwhois-rt] Task 4 of the Thick WHOIS Implementation Plan (Legal Review) Hi Alan, I can't say I disagree with any of your rationale. It makes sense to me. Question though; is the IRT supposed to work on the implementation plan details, or is that supposed to come from staff with us weighing in with feedback and observations? The language in the operating procedures on that seem kinda fuzzy to me, and my understanding is that IRTs have not been common in the past. Still..., according to the schedule shared, the legal review should be well underway (having started in July). I'm just wondering wether any plans have already been set or not, and whether any of those plans have been acted upon. One of the reasons I'm asking because I'm assuming (I'm making a lot of assumptions at this point) we didn't have folks from ICANN legal on the last call. I don't recall any of them participating during the conversation that took place, or confirming their being on the call during the roll-call. In any case, I agree (Alan) that the legal review shouldn't put any other work on hold. I had always assumed (there I go again) that the legal review would probably run in parallel with the implementation of the rest of the recommendations made by the WG. Just wondering where we're at with that right now. Thanks again. Amr On Aug 13, 2014, at 8:04 PM, Alan Greenberg <alan.greenberg@mcgill.ca<mailto:alan.greenberg@mcgill.ca>> wrote: Amr, I am clearly not ICANN legal staff, but I will take a stab at this, and it is basically the same comment I made during the last call. At this stage, we are obliged to come up with a plan based on our best understanding of the tasks. It is possible that the legal review will introduce something new that we have not taken into account, and that could alter, delay or even cancel the entire project. I don't think we have much choice but to plan for what we know now, and adjust as necessary if and when the situation changes. The alternative is to defer doing anything until the legal review is over that could add a lot of time to the overall process if no or easily rectifiable stumbling blocks are uncovered. What is at risk here is ICANN (and to a much lesser extent this IRT) doing work that later need to be redone or altered. In my mind, a reasonable risk. This is no different from any business decision made without full knowledge of all possible issues (ie the norm!). Alan At 13/08/2014 11:27 AM, Amr Elsadr wrote: Hi, I'd like to revisit two of the topics discussed during the last IRT call; the legal review, and the level of detail of the current plan to address the different implementation tasks (but actually that specific to the legal review). The third recommendation of the "thick" WHOIS PDP WG was: "As part of the implementation process a legal review of law applicable to the transition of data from a thin to thick model that has not already been considered in the EWG memo is undertaken and due consideration is given to potential privacy issues that may arise from the discussions on the transition from thin to thick Whois, including, for example, guidance on how the long-standing contractual requirement that registrars give notice to, and obtain consent, from each registrant for uses of any personally identifiable data submitted by the registrant should apply to registrations involved in the transition. Should any privacy issues emerge from these transition discussions that were not anticipated by the WG and which would require additional policy consideration, the Implementation Review Team is expected to notify the GNSO Council of these so that appropriate action can be taken." I'm curious considering the IRT's proposed schedule to address the legal review between July and November of 2014. Is there a plan to address this recommendation, and if so, what are the details? This was probably the most controversial topic of discussion during the WG's deliberations, and unfortunately remained unresolved. The idea (if I recall correctly) was for the legal review to take action to mitigate any potential conflicts between the implementation of the "thick" WHOIS policy and legal jurisdictions with strict privacy and data protection laws. This, I believe, was true for both "data at rest" and "data at motion". I personally felt it was even more relevant concerning "data at motion" since implementation of a "thick" WHOIS policy will require a great deal of registrant data being transferred across legal jurisdictions for both existing "thin" gTLD registries as well as all future gTLD registries in subsequent rounds of new gTLDs in the future. Any insight on how this is being handled would be really appreciated at this point, especially from ICANN legal staff, who I assume have a significant role in implementing this recommendation. Thanks. Amr _______________________________________________ Gnso-impl-thickwhois-rt mailing list Gnso-impl-thickwhois-rt@icann.org<mailto:Gnso-impl-thickwhois-rt@icann.org> https://mm.icann.org/mailman/listinfo/gnso-impl-thickwhois-rt

Hi Amr, Just to note that on the role of the IRT, the Council resolution noted the following: 'The GNSO Council shall convene a Thick Whois Implementation Review Team to assist ICANN Staff in developing the implementation details for the new policy should it be approved by the ICANN Board. The Implementation Review Team will be tasked with evaluating the proposed implementation of the policy recommendations as approved by the Board and is expected to work with ICANN Staff to ensure that the resultant implementation fulfills the intentions of the approved policy recommendations. If the Implementation Review Team identifies any potential modifications to the policy recommendations or need for new policy recommendations, the Implementation Review Team shall refer these to the GNSO Council for its consideration and follow-up, as appropriate'. As a side note, please note that the role of Implementation Review Teams and whether further details / guidance should be provided as part of the PDP Manual is also being discussed as part of the work of the Policy & Implementation Working Group. Best regards, Marika From: Amr Elsadr <aelsadr@egyptig.org> Date: Wednesday 13 August 2014 21:10 To: "gnso-impl-thickwhois-rt@icann.org" <gnso-impl-thickwhois-rt@icann.org> Subject: Re: [Gnso-impl-thickwhois-rt] Task 4 of the Thick WHOIS Implementation Plan (Legal Review) Hi Alan, I can¹t say I disagree with any of your rationale. It makes sense to me. Question though; is the IRT supposed to work on the implementation plan details, or is that supposed to come from staff with us weighing in with feedback and observations? The language in the operating procedures on that seem kinda fuzzy to me, and my understanding is that IRTs have not been common in the past. StillŠ, according to the schedule shared, the legal review should be well underway (having started in July). I¹m just wondering wether any plans have already been set or not, and whether any of those plans have been acted upon. One of the reasons I¹m asking because I¹m assuming (I¹m making a lot of assumptions at this point) we didn¹t have folks from ICANN legal on the last call. I don¹t recall any of them participating during the conversation that took place, or confirming their being on the call during the roll-call. In any case, I agree (Alan) that the legal review shouldn¹t put any other work on hold. I had always assumed (there I go again) that the legal review would probably run in parallel with the implementation of the rest of the recommendations made by the WG. Just wondering where we¹re at with that right now. Thanks again. Amr On Aug 13, 2014, at 8:04 PM, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:

Amr, I am clearly not ICANN legal staff, but I will take a stab at this, and it is basically the same comment I made during the last call. At this stage, we are obliged to come up with a plan based on our best understanding of the tasks. It is possible that the legal review will introduce something new that we have not taken into account, and that could alter, delay or even cancel the entire project. I don't think we have much choice but to plan for what we know now, and adjust as necessary if and when the situation changes.

The alternative is to defer doing anything until the legal review is over that could add a lot of time to the overall process if no or easily rectifiable stumbling blocks are uncovered. What is at risk here is ICANN (and to a much lesser extent this IRT) doing work that later need to be redone or altered. In my mind, a reasonable risk. This is no different from any business decision made without full knowledge of all possible issues (ie the norm!).

Alan

At 13/08/2014 11:27 AM, Amr Elsadr wrote:

...

Hi,

I¹d like to revisit two of the topics discussed during the last IRT call; the legal review, and the level of detail of the current plan to address the different implementation tasks (but actually that specific to the legal review).

The third recommendation of the ³thick² WHOIS PDP WG was:

"As part of the implementation process a legal review of law applicable to the transition of data from a thin to thick model that has not already been considered in the EWG memo is undertaken and due consideration is given to potential privacy issues that may arise from the discussions on the transition from thin to thick Whois, including, for example, guidance on how the long-standing contractual requirement that registrars give notice to, and obtain consent, from each registrant for uses of any personally identifiable data submitted by the registrant should apply to registrations involved in the transition. Should any privacy issues emerge from these transition discussions that were not anticipated by the WG and which would require additional policy consideration, the Implementation Review Team is expected to notify the GNSO Council of these so that appropriate action can be taken."

I¹m curious considering the IRT¹s proposed schedule to address the legal review between July and November of 2014. Is there a plan to address this recommendation, and if so, what are the details?

This was probably the most controversial topic of discussion during the WG¹s deliberations, and unfortunately remained unresolved. The idea (if I recall correctly) was for the legal review to take action to mitigate any potential conflicts between the implementation of the ³thick² WHOIS policy and legal jurisdictions with strict privacy and data protection laws. This, I believe, was true for both ³data at rest² and ³data at motion². I personally felt it was even more relevant concerning ³data at motion² since implementation of a ³thick² WHOIS policy will require a great deal of registrant data being transferred across legal jurisdictions for both existing ³thin² gTLD registries as well as all future gTLD registries in subsequent rounds of new gTLDs in the future.

Any insight on how this is being handled would be really appreciated at this point, especially from ICANN legal staff, who I assume have a significant role in implementing this recommendation.

Thanks.

Amr _______________________________________________ Gnso-impl-thickwhois-rt mailing list Gnso-impl-thickwhois-rt@icann.org https://mm.icann.org/mailman/listinfo/gnso-impl-thickwhois-rt