Please see my responses below.
Chuck
From: Kathy Kleiman [mailto:kathy@kathykleiman.com]
Sent: Wednesday, March 7, 2018 7:12 AM
To: Chuck <consult@cgomes.com>; gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] [Ext] Re: FW: FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Hi Chuck,
I've removed Maguy from the list as it is a DT5 issue that I raise here. But is our "deliverable" ready for ICANN Compliance Review.[Chuck Gomes] No. I am getting ready to prepare a final version with comments that will address you concerns.
In light of the issues that Theo has raised, the questions I am raising, have we done the tough work of trying to rethink our collection and processing of information to maximize the private of registrant data?? Are we engaged in a "privacy by design" process that is required by European law?? [Chuck Gomes] As I have said several times, we are deliberating on collection and processing in this exercise. The WG seemed to get stuck when we were dealing with the proposed purpose of Domain Name Certification, so we digressed and reformed the DTs to see if they could provide their answers to the three questions, hoping that their answers and WG consideration of them might make it easier to deliberate on the proposed purposes. After each DT presents their deliverables on Saturday morning and the WG has opportunity to discuss them, we will resume deliberating on proposed purposes, in particular whether processing any RDS data would be legitimate for each purpose.
I see us asking questions about we (ICANN) does now, but not really why we do it, how it can be done better, how it is done when the data it not easily available (e.g., proxy), and whether direct access to the data is even needed by ICANN Compliance? Not whether they use it now, but how they might obtain it if circumstances were different. If we don't ask the hard questions, who will? [Chuck Gomes] These are all good questions to ask, but they are not directly related to this exercise. We will have to ask them later in our processes.
For ultimately, the question we get back to is how these answers involve the collection and processing of registrant data in the WHOIS/future RDS, right? [Chuck Gomes] We fill find out when we resume deliberation on each of the proposed purposes; at that time we will try to reach agreement on whether any processing of RDS data is appropriate including whether the purpose is legitimate for any collection of data elements.
I object to sending "our deliverable" up to ICANN Contractual Compliance for review. Questions, yes, but our discussion document -- which is really a vague and ambiguous document with undefined terms -- to ICANN Contractual Compliance "for review" -- No. It is not the right or proper time for that, and we have not done the proper foundation on our side of options and alternatives. [Chuck Gomes] Your objection is noted but it will be sent. You are certainly welcome to express your objection on the WG list. But the leadership team mapped out a plan and we are following it. You seem to think that what is in these deliverables is going to be treated as WG decisions; IT IS NOT. It is merely an exercise to hopefully give the WG better understanding and thereby make our future deliberation more effective.
Questions make a lot of sense -- but not documents. Our documents have not been approved by the team, much less the WG. They should not be going out to others. I really have to object. [Chuck Gomes] Objection noted but I still think you are overreacting. We will just have to disagree on this.
BTW, isn't it the chain of data that we need to ask Compliance for -- if they need to contact the registrants, who can they obtain the data from?
Best, Kathy
On 3/7/2018 9:56 AM, Chuck wrote:
Maguy,
I will send you the final deliverable from the drafting team later today. Any input you have on that would be appreciated in the session on Saturday morning.
The overall question related to that is this: Does ICANN Compliance need to identify and contact registrants, registrars and registries to fulfill its responsibilities of monitoring and enforcing contract compliance with registrars and registries? If the answer is yes for any of these three categories, what are your objectives for identifying and/or contacting them and what are your expectations from those parties?
As you will see when I send the final deliverable, the DT was tasked with answering these same questions. So, one way for you to answer them will be to review the DT deliverable and see if our answers are correct from your perspective and let us know if we have left anything out.
As you have seen, Kathy sent an additional question: “if ICANN Contractual Compliance wants to reach a registrant who uses a privacy service, how then would you go about getting the registrant contact data and reaching the registrant?”
It is quite possible that additional questions will come up in the WG session on Saturday.
Chuck
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Maguy Serad
Sent: Wednesday, March 7, 2018 6:35 AM
To: Kathy Kleiman <kathy@kathykleiman.com>; gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] [Ext] Re: FW: FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Hello Kathy and Check –
Thank you for reaching out.
May I please suggest you compile a list of your questions on behalf of the subgroup and send my way. Will that be possible?
It will bring a structured approach to addressing your questions and most importantly, I won’t miss any questions in the string of emails or misunderstand one either.
I am not in PR yet Kathy. Please take a picture of the snow in DC w/spring flowers. I can imagine how beautiful that is.
Sorry Chuck not in Sheraton, but I commit to keeping the workout tradition!
Safe travels to all and see you in PR.
Maguy Serad
Vice President, Contractual Compliance
ICANN
12025 Waterfront Dr. Suite 300
Los Angeles, CA USA 90094-2536
From: Kathy Kleiman <kathy@kathykleiman.com>
Date: Wednesday, March 7, 2018 at 5:57 AM
To: "gnso-rds-pdp-5@icann.org" <gnso-rds-pdp-5@icann.org>, "Maguy.Serad" <maguy.serad@icann.org>
Subject: [Ext] Re: [Gnso-rds-pdp-5] FW: FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
On 3/6/2018 5:47 PM, Chuck wrote:
Maguy,
I am looking forward to seeing you in San Juan. If you are staying in the Sheraton, maybe we will see each other in the fitness center.
I was happy to see that you plan to attend the RDS PDP WG on Saturday morning. In preparation for that meeting we reconvened several drafting teams to answer the following questions regarding possible purposes for processing RDS data. One of those proposed purposes is ICANN Contractual Compliance. I am the coordinator for the team that is developing answers for that purpose, and I plan to send you our final deliverable tomorrow or early Thursday to facilitate feedback from you when the team presents its answers to the full WG in our meeting Saturday morning.
In the meantime, I want to call your attention to the following message from one our team members, Steve Metalitz in answer to another team member’s (Kathy Kleiman’s) question about why ICANN Compliance might need to contact a domain name registrant. Any feedback you or one of your Compliance Team members can provide us before or in our Saturday meaning would be greatly appreciated.
Chuck
From: Metalitz, Steven [mailto:met@msk.com]
Sent: Tuesday, March 6, 2018 1:28 PM
To: 'Chuck' <consult@cgomes.com>; gnso-rds-pdp-5@icann.org
Subject: RE: [Gnso-rds-pdp-5] FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
I think there could be a number of scenarios in which ICANN compliance would wish to contact the Registered Name Holder (a/k/a RNH) in order to verify registrar compliance with its obligations under the RAA, and/or investigate possible non-compliance. While it is true that the RNH is not a party to the RAA, RAA section 3.7 (entitled “Business Dealings Including with Registered Name Holders”) imposes a number of obligations involving registrar communication with RNHs. Compliance issues regarding these obligations include but are not limited to:
- Whether registrar made to RNH any of the representations prohibited by section 3.7.3;
- Whether registrar received reasonable assurance of payment from RNH prior to activation of the Registered Name, or forgave or revoked the obligation to pay, contrary to section 3.7.4;
- Whether RNH gave explicit consent to renewal of the registration as required by section 3.7.5;
- Whether the RNH gave the consents required in section 3.7.7.5 or obtained the third-party individual consents required in section 3.7.7.6;
- Whether the registrar took reasonable steps to investigate and/or to correct claimed contact information inaccuracies, pursuant to section 3.7.8, since many of such steps could require contact with the RNH.
Of course ICANN compliance would be far better situated than I to confirm the extent to which they would need to contact the RNH in these or other circumstances.
Steve
Steven J. Metalitz | Partner, through his professional corporation
T: 202.355.7902 | met@msk.com
Mitchell Silberberg & Knupp LLP | www.msk.com[msk.com]
1818 N Street NW, 8th Floor, Washington, DC 20036
THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Tuesday, March 06, 2018 12:25 PM
To: gnso-rds-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
We really need everyone to respond to this TODAY.
Steve – please note that we need you to respond to Kathy’s questions.
Chuck
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Monday, March 5, 2018 4:04 PM
To: 'Kathy Kleiman' <kathy@kathykleiman.com>; gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Importance: High
Thanks Kathy and Beth. I inserted comments in response to the edits and questions from Kathy and Beth in the attached file. I think most of the edits are not applicable to the DT task as I tried to explain in my comments.
Steve – I would appreciate it if you would answer Kathy’s questions about why ICANN Compliance would need to contact the registrant.
It seems to me that the decision we need to make is whether or not the registrant may need to be contacted by ICANN Compliance in some instances and to describe what the objective would be.
Chuck
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Monday, March 5, 2018 11:58 AM
To: gnso-rds-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Hi Chuck, Beth and All,
Attached is Chuck's document, as edited by me, and then by Beth. People seemed to be missing it, so let me recirculate. I have recommended edits to the answers to all three questions.
As Chuck confirmed below, this "Contractual Compliance" discussion is about the Registries and Registrars, not the Customer (Registrant). The Registries' and Registrars' contact data is known in many places and many ways to ICANN through signed agreements and other contact lists. The Registrant data -- the focus of our work in this RDS WG, right? -- does not appear to be implicated in this discussion at all.
Best, Kathy
-------- Forwarded Message --------
Subject:
Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Date:
Mon, 5 Mar 2018 17:20:37 +0000
From:
Beth Bacon <bbacon@pir.org>
To:
Hello all,
I made a few small edits to what Kathy contributed, but I do think that the bulk of the comments are more suited to broader RDS WG conversations rather than the narrow focus of DT5.
Thanks,
Beth
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Monday, March 05, 2018 9:40 AM
To: 'Kathy Kleiman' <kathy@kathykleiman.com>; gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Kathy,
Please see my responses below.
Chuck
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Sunday, March 4, 2018 7:31 PM
To: gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Hi Chuck and All,
Would it be possible to use a Google Doc? I think I used the most recent version of the DT5 document.
[Chuck Gomes] Our deliverable is due not later than Wednesday so I don’t think that we have time to switch now. Also, this is a very short document so I don’t understand the problem.
I have to say that this document is very difficult for me to understand. Perhaps because the terms are ambiguous. "Contracted party" in ICANN generally means a registry and registrar. Is that how you are using it here?
[Chuck Gomes] For now yes, but in the future, there could be other contracted parties such as privacy/proxy providers depending on what policies are approved and implemented.
Further, throughout the world, contractual compliance documents (often third party documents to the customer and involving how a customer's data is processed by vendors, for example) are being modified to ensure that the fundamental protections and rights provided by data protection laws to the customers (registrants, in our case) are protected fully and consistent with the purpose of that collection and processing.
[Chuck Gomes] How does this relate to the DT5 task? Do you have a specific suggestion for our answers to the three questions?
Here, we seem to be making the contractual compliance obligations of third parties to the customer/registrant subservient to other agreements. I think we may have it backwards, but I am, of course new to the group. (I have however, studied and written about the EU-US Privacy Shield -- happy to share the links).
[Chuck Gomes] All we are doing here is examining the contractual compliance issue to see if there is common understanding of it with the hope that the WG will then be better able to deliberate on whether it is a legitimate purpose for which some sort of processing is appropriate. I think you are reading way to much into what we are doing. Our focus is not on the contractual compliance obligations of third parties. Our focus for this deliverable is only on ICANN’s RDS needs for enforcing its contracts with domain name registrars and registries.
Best regards, Kathy (with edited version of what I think is the most recent version of the document attached -- with Track Changes)
[Chuck Gomes] Is there supposed to be an attached redline version? If so, I didn’t receive it.
On 3/2/2018 3:13 PM, Chuck wrote:
Thanks for the edits Steve.
I saved the redline version from Steve as version 2 of our deliverable. Does anyone have any more suggested edits? If so, please let us know by mid-day on Monday. Otherwise, I will assume that this is our final version for ICANN Contractual Compliance.
Who from this DT is going to be in Puerto Rico? It would be great if one of you could present our deliverable to the WG on Saturday morning. It could also be presented remotely.
Chuck
From: Metalitz, Steven [mailto:met@msk.com]
Sent: Friday, March 2, 2018 9:04 AM
To: 'Beth Bacon' <bbacon@pir.org>; 'Chuck' <consult@cgomes.com>; 'GNSO-RDS-pdp-5@icann.org' <GNSO-RDS-pdp-5@icann.org>
Subject: RE: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
And here are a few edits re the ICANN contractual compliance piece, mainly to indicate that (1) compliance issues other than RDS compliance might apply and (2) ICANN compliance may need to contact registrants as part of a compliance investigation. Perhaps we should run this document by ICANN compliance to get their perspective….
Steve
Steven J. Metalitz | Partner, through his professional corporation
T: 202.355.7902 | met@msk.com
Mitchell Silberberg & Knupp LLP | www.msk.com[msk.com]
1818 N Street NW, 8th Floor, Washington, DC 20036
THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.
From: Metalitz, Steven
Sent: Friday, March 02, 2018 11:46 AM
To: 'Beth Bacon'; Chuck; GNSO-RDS-pdp-5@icann.org
Subject: RE: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Thanks for getting the ball rolling Beth. See my edits/comments in attached.
Steven J. Metalitz | Partner, through his professional corporation
T: 202.355.7902 | met@msk.com
Mitchell Silberberg & Knupp LLP | www.msk.com[msk.com]
1818 N Street NW, 8th Floor, Washington, DC 20036
THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Beth Bacon
Sent: Friday, March 02, 2018 11:22 AM
To: Chuck; GNSO-RDS-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Hello Team,
Please see my edits and comments in the attached. Please feel free to argue with me about my comments and questions. I’ve missed a few of the calls this month so my questions may be based on incorrect assumptions. I don’t have any edits to the compliance document.
Looking forward to seeing you in PR.
Best,
Beth
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Friday, March 02, 2018 11:00 AM
To: GNSO-RDS-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Importance: High
I have only heard from one team member so far and she plans to respond today. I sure hope the rest of you can respond today as well. I understand how much is going on including ICANN’s posting of the latest info on the GDPR memo, but please try to spend 30 minutes or so today and provide your initial input on these two documents so that we can have an email discussion about them over the weekend and on Monday.
Chuck
From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Thursday, March 1, 2018 9:01 AM
To: GNSO-RDS-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] DT5 Answers to Questions - First Draft for DT Review
Importance: High
It would be very helpful if each of you could review and provide any first thoughts you have on the following two drafts TODAY. Note that the first one is less than two pages and the second is only about half a page.
Chuck
_______________________________________________Gnso-rds-pdp-5 mailing listGnso-rds-pdp-5@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-5
_______________________________________________Gnso-rds-pdp-5 mailing listGnso-rds-pdp-5@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-5
