Dear All, Please find the MP3 recording for the Privacy and Proxy Services Accreditation Issues PDP Working group call held on Tuesday 07 April 2015 at 14:00 UTC at: http://audio.icann.org/gnso/gnso-ppsa-07apr15-en.mp3 On page: <http://gnso.icann.org/en/group-activities/calendar#mar>http://gnso.icann.org/en/group-activities/calendar#<http://gnso.icann.org/en/group-activities/calendar#apr>apr<http://gnso.icann.org/en/group-activities/calendar#apr> The recordings and transcriptions of the calls are posted on the GNSO Master Calendar page: http://gnso.icann.org/calendar/ Attendees: Frank Michlick – Individual Justin Macy - BC Val Sherman – IPC Griffin Barnett – IPC Kathy Kleiman – NCSG Darcy Southwell – RrSG Todd Williams – IPC Steve Metalitz - IPC Graeme Bunton – RrSG Jim Bikoff - IPC Volker Greimann – RrSG Alex Deacon –IPC Stephanie Perrin – NCSG Phil Corwin – BC Chris Pelling – RrSG Carlton Samuels – ALAC Richard Leaning – no soi David Hughes – IPC Tatiana Khramtsova – RrSG Terri Stumme - BC Holly Raiche – ALAC Vicky Sheckler – IPC Susan Kawaguchi - BC Luc Seufer – RrSG Michele Neylon – RrSG Osvaldo Novoa - ISPCP Roger Carney – RrSG David Heasley - IPC Apologies : Don Blumenthal – RySG Lindsay Hamilton-Reid – RrSG Kiran Malancharuvil – IPC James Bladel – RrSG Paul McGrady – IPC ICANN staff: Mary Wong Marika Konings Amy Bivins Nathalie Peregrine ** Please let me know if your name has been left off the list ** Mailing list archives: http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/ Wiki page: https://community.icann.org/x/9iCfAg Thank you. Kind regards, Nathalie ------------------------------- Adobe Connect chat transcript for Tuesday 07 April 2015 Nathalie Peregrine:Welcome to the PPSAI WG Meeting of 07 April 2015 Mary Wong:I can hear you Mary Wong:Clear as a bell :) Michele Neylon:Graeme I can hear you Michele Neylon:though I'm not listening Holly Raiche:I'm not hearing anything - but then noone is talking? Michele Neylon:I've got music on Chris Pelling:clicking noised on bridge Frank Michlick:I'm listing to a podcast ;-) Chris Pelling:ok clicking seems intermitent, if it gets on my nerves ill calll back in Chris Pelling::) Frank Michlick:Will stop that though when this call starts. Frank Michlick:hello! val sherman:David Heasley also on audio bridge Graeme Bunton:Thanks Val Osvaldo Novoa:Hello all, sorry I'm a bit late Nathalie Peregrine:Todd Williams and Vicky Schedkler have joined the call Kathy:Sorry Graeme -- too many holidays! Nathalie Peregrine:Michael Shoukry has joined rhe call Kathy Kleiman:I think we should bar it, but how do you know? Mary Wong:Yes it's at the end Nathalie Peregrine:Terri Stumme is on the audio bridge Mary Wong:Last para in blue (sorry, having audio and voice issues) Kathy Kleiman:Good paragraph - can we move it up in the doc? Darcy Southwell:I agree with Graeme from a service provider's perspective. Stephanie Perrin:I think the threshold for asking for a reveal has to be a lot higher than for the others.... Nathalie Peregrine:Carlton Samuels has joined the room Carlton Samuels:Morning all Stephanie Perrin:Therefore, we need to add language here. I have no objection to the service provider, for instance, automatically forwarding any requests. Stephanie Perrin:"any steps in the process" makes it over-broad... Stephanie Perrin:"in the absence of human review" also makes me a bit nervous, we would have to define human review. Kathy Kleiman:New II.D Kathy Kleiman:+1 Volker Kathy Kleiman:quality and quantity steve metalitz:We ashould also find automated high volume refusals to disclose and automated high volume responses from customers objectionable. Nathalie Peregrine:Luc Seufer has joined the call Carlton Samuels:@Stephanie: Higher threshold for reveal +1. vicky sheckler:disagree w/ stephanie and carlton Michele Neylon:whoever is being noisy can you please use the mute button Carlton Samuels:I can't hear Steve....I'm on A/C Audio only Volker Greimann:true, Steve Nathalie Peregrine:Please all mute mics when not speaking. Kathy Kleiman:But it doesn't cover everything... Stephanie Perrin:Steve you are fading in and out Carlton Samuels:@Steve: Yes, attestation at all levels +1 Stephanie Perrin:agree with the belt and suspenders Stephanie Perrin:people are disappearing frequently Chris Pelling:i left and came back Chris Pelling:way better Chris Pelling:no clicking at all Stephanie Perrin:IS everyone having fade in and out or do I need to redial? Nathalie Peregrine:If you are having issues with AC audio, please dial into the phone bridge, or we can dial out to you. Stephanie Perrin:+1 Kathy Chris Pelling:I agree with Kathy Mary Wong:The words "high volume, automated processes" are from the RAA. Stephanie Perrin:In other words, Humans do use computers to send things out.... Luc Seufer:Just as an FYI the French DPA allows AFNIC to disclose private data but the request and the disclosure need to be reviewed by a human. Chris Pelling:I would agree with Michele, as long as each notice is reviewed by a LIVING and breithing person it is ok Carlton Samuels:@Kathy: Let's err on the side of TMI; keep it and look to placement Mary Wong:Yes val sherman:+1 Graeme and Michele -- if there is human review, the communication should not be considered automated Mary Wong:With suggested edits from Volker Kathy Kleiman:very responsive Carlton Samuels:@Steve: There was the use of the word 'solely' there as well Kathy Kleiman:@Steve: I think you summarized the concerns well Mary Wong:Would "human rights (e.g. FoE or privacy)" work? vicky sheckler:that is not a pretext Holly Raiche:Agree with Volker and Stephanie Volker Greimann:Stephanie +1 Michele Neylon:shes' cutting out Volker Greimann:what is violated by the reveal is always the privacy., but now always human rights Chris Pelling:I agree Michele Neylon:privacy is a human right though ? Volker Greimann:so if it needs to be violated, the threshhold should be met val sherman:The mere desire of the customer to preserve their privacy cannot be sufficient to refuse a legitimate request, meeting all other criteria of these standards steve metalitz:(5) only comes into play once requestor has met "threshold for "'reveal" (actually, for disclosure) Holly Raiche:Yes Michele - but what is being protected is privacy - which should be the default position Volker Greimann:Exactly vicky sheckler:strongly disagee w/ stephanie. that is not a pretext, which is what the provision todd wrote was trying to addres Carlton Samuels:@Graeme: I would prefer the use of the word 'mainly' or a phrase that removes the [artificial] limit Michele Neylon:Holly yes but the privacy or lack of it can stem speech steve metalitz:No, that does not make sense, Stephanie, in light of our discussions over the past 16 months Holly Raiche:@ Michele - true enough, but what Stephanie is saying is that people ought to be able to choose to protct their personal informtion unless there is a demonstrable reason otherwise Carlton Samuels:@Stephanie: +1 Should be no need to prove harm to protect privacy Holly Raiche:@ Kathy - the language is there - just use privacy at the end vicky sheckler:there is a general rule about when the p/p customer can request refusal of the disclosure, agqain AFTER the requester has provided the requisite information about a violation of the requrester's rights Mary Wong:The framework language since this was first presented has been premised (in Section III) on the customer providing reasons to the provider NOT to disclose. Mary Wong:As Vicky notes, this happens AFTER a provider receives a full and accurate request (per the framework requirements) vicky sheckler:Kathy - rights to authroship are also a human right. privacy does not defacto trump any other tights no matter what vicky sheckler:rights to authorship are in the human declaration of human rights Kathy Kleiman:legitimate rights and protections (e.g., freedom of expression and freedom of association).” Stephanie Perrin:I would be happy to provide edits after the call... Carlton Samuels:We agreed all applicants following the same set of rules can have a P/P registration. We cannot now say to maintain it post registration and in the absence of credible evidence of infraction of rules, one must prove harm to retain it! Carlton Samuels:@Kathy: +1. Let's go for more explicit. Err on the side of TMI here. vicky sheckler:i agree w/ Steve. feels like we are going backwards Kathy Kleiman:+1 Volker Holly Raiche:That is how I understood what Volker was saying vicky sheckler:or we get rid of item 5. steve metalitz:Looking forward to seeing your language Stephanie. Kathy Kleiman:@Vicky - I think we are getting close; and it is very important Mary Wong:@Stephanie, isn't that example you give already covered by the current language? Esp if we say "human rights (e.g FoE and rights to privacy)"? Kathy Kleiman:Todd's language is good - just tweaking Stephanie Perrin:I agree, we are just talking about tweaking Holly Raiche:@ Stephanie - are we not really saying that respect for privacy through genuine tests before reveal is allowed serves to protect the other rights Todd Williams:I'm back. Sorry. I'll check the transcript on what I missed. Mary Wong:Note also footnote #2, which adds Val's suggestion for what the form of attestation might look like (bottom of pg 4) Kathy Kleiman:self-attestation, hmmm Kathy Kleiman:it seems to have some limitations Stephanie Perrin:@ Holly yes that is the bottom line, this service protects privacy and confidentiality of customer data in order to protect other fundamental human rights (including Privacy) Mary Wong:To clarify - the main text specifies WHAT the attestation requires, the footnote suggests HOW this might look Holly Raiche:@ Stephanie - Tks vicky sheckler:stephanie - or to protect those that violate others rights. p/p services are abused by wrondoers too. Well over a majority of the sites we monitor that engage in widespread infringement are behind p/p serivces Mary Wong:Note that those ccTLD operators whose disclosure requests policies we could find requires at most "authorized representative" and certification/attestation that any disclosed info will only be used for the specified purpose. vicky sheckler:we need to find the proper balance, not keep saying that one right trump[s over anythign else Stephanie Perrin:@ Vicky I understand that. If a requestor can make a valid case to prove that, the customer data is revealed. Holly Raiche:@ Vicki - I think we are all aware of the abuse of p/p services, and I don't think access to information by law agencies is problematic for anyone in this WG Stephanie Perrin:Indeed, we are not talking about LEAs here, we are talking about civil action. Holly Raiche:@ Vicki and Stephanie - agreed vicky sheckler:Kathy - that seems like more than what cctld operators are requiring. Not sure why we can't follow the ccTLd oeprators lead here Mary Wong:We have not come across any published policy that requires documentation other than ID and TM registration cert (for example). Mary Wong:Published ccTLD policy, I mean. Chris Pelling:its putting an enforcable action for being able to sue the requestor Stephanie Perrin:Is this not the first time that we have looked at the issue? Why follow the ccTLDs? vicky sheckler:+1 w/ Val Mary Wong:For example, CIRA (.ca) requires a form with name, address and reasons to be stated, accompanied by a notarized/certified copy of a TM registration plus proof of requestor identity. Mary Wong:@Stephanie, it was just to see if we can find guidance or common practice that, if appropriate, we can consider utilizing. Chris Pelling:sorry, its having the paperwork to show it Stephanie Perrin:@Mary, and I do agree that the CIRA example is better than many Kathy Kleiman:@Mary: But we are setting up probably a whole new scale for reveal requests - probably far beyond ccTLD requests Carlton Samuels:@Val: Would it mean the same if there is some registration of requestor's connection to the rights owner? Chris Pelling:@Steve its not really documents, its a single page in most cases vicky sheckler:i need to drop off. sorry Stephanie Perrin:This process definitely has to set the standards for the agency represnetation. Otherwise, we know that services will be outsourced to the lowest price. Kathy Kleiman:@All: It's an accountability issue Stephanie Perrin:Yes it is an accountability issue. val sherman:Carlton -- i'm not sure I understand your question. Mary Wong:@Kathy, agreed on scale - so question is whether any particular requirement is both practical and justified in the context. Volker Greimann:caveat: unless I have to... Frank Michlick:thank you Carlton Samuels:@Val: To relieve seeing contracts fto attest standing, could a pre-reg work? Kathy Kleiman:Tx Graeme and All! Darcy Southwell:Thanks!