Dear PPSAI Small Team, Please see the action items, outcomes, and notes from the 22 August meeting #1 of the PPSAI IRT ST. Outcomes and Action Items AI: Paul to send strawperson to react to it on list AI: Group to react to strawperson on list AI: Complete doodle poll for meeting #2 AI: Group to study category 3 questions TQ C & TQK 1. Should we change the definitions? They are baked into the policy stick with the definitions in the final report but ST wants to recommend that a quick policy work takes a look at whether those definitions have changed. 2. Does the fact that Proxy and Privacy services are smooshed matter? Doubt that they are smooshed, that answer is No, even if they are, no it does not matter. But, as industries evolved over the last 10 years they should perhaps be treated differently for light policy work. Whether or not that should affect how they are treated under the policy? 3. What about PPSs that are not affiliated with registrars? This is only about PPSs that are affiliated with registrars. Unaffiliated is don’t knowingly do business with them. 4. What about definition creep so far? Subsumed into #1, stick with the definitions you have, but Council will Notes * Leon discussed the background of TQ A reconvened IRT after 10 years. Many IRT members current definitions are not meeting current practices no longer consistent with law. Services offered today sometimes included by registrars are a combination of privacy and proxy. How applicable are those definitions today. * Big question as a private individual registering a domain under a third party there is nothing in practice to be said there. Those recommendations strictly as written, would be too difficult to do.Do we want to include such cases. TQB is what accreditation model should be implemented. TQ B proposed RAA * TQ A discusses definition is key. Additionally, if we are changing definitions created in the Final Report and the former IRT and highlight the changes of the definitions. Final report. Multiplemembers of the IRT, if fundamental definitions are changed, need to make sure there are not knock on effects. Four things to consider: 1. Should we change the definitions? 2. Does the fact that Proxy and Privacy services are smooshed matter? 3. What about PPSs that are not affiliated with registrars? 4. What about definition creep so far? * Definition creep document and IRT is asking if they can creep. Linked here: https://icann-community.atlassian.net/wiki/pages/viewpageattachments.action?... * Final recommendations said it was the 2013 RAA definitions that were used as definitions. PPSAI recommendations in their final report form that became policy. Can the IRT amend the policy? It isthese definitions it is not usual that an IRT can amend the policy, but that is the question. * Question 1: 10 years ago and the IRT should not be trying to change the basic definitions in the policy report. Needs to be implemented. There is no grey area in the definitions. Not IRTs job to change the definition. Hard no. * RAA: if we say you can diverge from those documents are you operating under two definitions. Agreement with the above statement. Last paragraph of TQA: The implementation team would also like to flag that definitions serve as a foundational element of any policy, and making fundamental changes to definitions can alter the impact or applicability of recommendations contained in a PDP Final Report. With the aim of improving consistency and clarity,the implementation team expects that any definition alterations or changes should be applied with caution, considering the impact this could have on other recommendations, and indeed on other threshold questions in this document.” If we start making changesto them it alters everything else agreement. IRT as a vehicle to address this. This should ideally not be a new PDP, but would ultimately be necessary. * IRT should not scrap its work, they should continue, but if we need to amend the definitions then we may need a new policy. May need to start over * Have to see whether the definitions have changed since 10 years ago. Many things have changed. Perhaps Privacy/Proxy definition has changed. The nature of talking about these questions that the IRT has that this report has been overtaken by events. We might have to do a PDP. Accreditation issue is another question, but that should be the focus. * Small Team, just the Council and this is policy that has been adopted by the Board. * Change is expected, the original definition can accommodate 80-90% if we change everything we are doing we cannot start again. The policy is the definition and is implementable. We should implement it. * Bigger issue is that ICANN is often criticized for not being able to get something done. Underlying policy relook at it again. That does not mean we can take the policy recommendations and scrap it. This needs to be implemented. If there are concerns then an issues report can be called. But this work that was done has to be implemented. Should they change definitions? The answer is no. * Yes stick with definitions in the Final Report they have held stable in the RAA. If all things had changed, they would have changed in contractual obligations. AND perhaps issues report to see what has changed in the last 10 years to see if there is more policy work. * Not recommending policy development, that would be the vehicle. * Answer is no, go with the definitions in the report. * Recommendations as a Small Team to Council, whether or not things should proceed through the IRT. These are definitions that exist and are in RAA. These definitions were put forward as policy recommendations. Seems inconsistent with how it was articulated. From a registrar perspective. We could fix these definitions, but in the course of doing so, that changes other policies. If you change the fundamentals, then you change how everything flows together. Don’t want the perception ICANN does not get work done. We also don’t want to fail or pursue improper paths. * Possible to tell the Council that these definitions have evolved. * GGP is another possible avenue for SubPro * Could say to IRT, pursue this, if definitions change to RAA and they would likely evolve. All kinds of ways to do it without putting IRT work on hold. Cannot scuttle this entirely. Setting ourselves up for criticism. It is Board adopted policy until it is not. * Think about all of that. Set aside definitions * Does the theory that Privacy and Proxy services are smooshed together matter? Does that hybrid service be considered a different thing. * They are not the same thing and they are separate concepts that ultimately does not matter. * Did the Final report say that they were together. Cannot be smooshed together, as long as the report does not say that. The report clearly delineates the two. They have the same obligations: there is no path one way or another. * Pause over them being treated the same. There is not a material difference in the way they are treated in the policy. If there are differentiations between the two that is new policy work. Might need to make a recommendation to do new policy work here. * Should there be different frameworks since they cannot be smooshed together. * What about privacy/proxy services not affiliated with a registrar? One person buys a domain for a friend. It is not because I am a proxy service and it is not updated to the proper name. What do we do with those? Discussed this issue at great length in the PDP and some bothered by lawyers doing that for clients. Want to push into framework into those having to be accredited. Obligation for contracted parties should not knowingly do business, but noobligation to go digging. * What about unaffiliated, there is nothing to do about those? Answer those privacy and proxy services affiliated with registrars which will be 99%. * Unaffiliated privacy/proxy service issue: registrar concern it cannot be implementable. There is no relationship with them and there is no requirement to tell registrars with what they are doing writing if they are not affiliated. * In the final report, “Registrars are not to knowingly11 accept registrations from privacy or proxy service providers who are not accredited through the process developed by ICANN. For non-accredited entities registering names on behalf of third parties, the WG notes that the obligations for Registered Name Holders as outlined in section 3.7.7 of the 2013 RAA would apply.” This does not give registrars anything to do other than not knowingly do it. ICANN cannot force contracts on people. * Easy answer, focus your work on those privacy/proxy services affiliated with registrars. * Affirmative duty to find who is doing this is more than the policy requires. Thank you, John R. Emery, Ph.D. Policy Development Support Senior Specialist Generic Names Supporting Organization (GNSO) Internet Corporation for Assigned Names and Numbers (ICANN) www.icann.org<http://www.icann.org>