Bastiaan, Note that those on the DT5 call yesterday decided to use the word 'accessed' instead of 'collected' or 'used' or 'obtained'. If you have any questions or comments, please let us know today. Chuck -----Original Message----- From: Bastiaan Goslings [mailto:bastiaan.goslings@ams-ix.net] Sent: Saturday, November 4, 2017 7:42 PM To: Metalitz, Steven <met@msk.com> Cc: Bastiaan Goslings <bastiaan.goslings@ams-ix.net>; Chuck <consult@cgomes.com>; Kris Seeburn <seeburn.k@gmail.com>; lisa@corecom.com; GNSO-RDS-pdp-5@icann.org Subject: Re: [Gnso-rds-pdp-5] DT5 Update Hi all, I will try to follow up on Steve’s comments later - but quickly before I head off to Abu D airport: I gather from Chuck’s comments that I am not the only one struggling with latest and authoritative versions/locations of our draft-work ;-) Anyway. I agree with not using the term ‘collected’, and that is why I suggested using ‘obtaining’ in stead. I am not an English native speaker so whether it can/should be ‘used’ I will leave to the rest of the group. Mind you, I came up with ‘obtaining WHOIS data’. It might seem a detail, but IMO ‘data’ is more appropriate than ‘information’ here. Data become information afterwards, i.e. the purpose that the WHOIS-data are used for determines what information is extracted from them. Or something like that. I furthermore asked what we mean with ‘ICANN Compliance’: I am relatively new to this but it seems to me here too we need to be (more) specific. Are we talking a process, an e.g. department? A search on the website gives me (ICANN) ‘Contractual Compliance’. Is that what we are referring to? https://www.icann.org/resources/pages/about-2014-10-10-en -Bastiaan
On 5 Nov 2017, at 01:32, Metalitz, Steven <met@msk.com> wrote:
Chuck’s suggested change re contractual enforcement would eliminate consideration of a number of use cases generated either by the EWG, see https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf , pages 9, 24, 28), or by this WG in an earlier phase of our work, (seehttps://community.icann.org/download/attachments/60493753/14-WHOIS%20queries...).
Our earlier draft identified five examples of entities using RDS for contractual enforcement purposes: “These entities include governmental tax authorities, UDRP providers, the ICANN organization, intellectual property owners, and merchant account monitoring solution providers, among others.”
Chuck’s proposed change would move the first of these to the regulatory enforcement category (I support that), but would eliminate the second, fourth and fifth examples. It would recognize the contractual enforcement use only when ICANN was a party to the contract (the third example).
Chuck, if your point is that these uses fit better under “legal actions” than under “contractual enforcement,” then I would be OK with that so long as they are explicitly addressed under “legal actions.” I think they fit better under “contract enforcement” because they in fact involve enforcement of contracts; but if the investigation supported by RDS data indicates a breach of contract, then the result may be a “legal action,” i.e., a lawsuit.
I would be quite concerned however if these important uses were not captured either in “contract enforcement” nor in “legal actions.” Maybe Chuck or Lisa could advise us whether that is or is not the case.
Steve Metalitz
<image001.gif> Steven J. Metalitz | Partner, through his professional corporation T: 202.355.7902 | met@msk.com Mitchell Silberberg & Knupp LLP | www.msk.com 1818 N Street NW, 8th Floor, Washington, DC 20036
THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.
From: Chuck [mailto:consult@cgomes.com] Sent: Saturday, November 04, 2017 10:39 AM To: 'Kris Seeburn' Cc: Metalitz, Steven; lisa@corecom.com; 'Bastiaan Goslings'; GNSO-RDS-pdp-5@icann.org Subject: RE: [Gnso-rds-pdp-5] DT5 Update Importance: High
I arrived home last night and am trying to catch up. Can someone please send me the latest Word versions and the links to the Google Docs for both deliverables?
Also, regarding the definitions, I have been thinking about them and suspect that some WG members will have problem with the word ‘collected’ so I suggest that we consider using the word ‘used’ instead. And for Contractual Enforcement I question whether we should refer to Private Party Contracts because ICANN Compliance does not have any enforcement ability with Private Party Contracts so I edited that. They would then read as follows:
Contractual Enforcement Information used to enable ICANN Compliance to monitor and enforce contracted parties’ agreements with ICANN, as well as resolving issues of compliance arising from issues raised by private parties.
Regulatory Information used to enable contact between the registrant and/or their designated point of contact and regulatory entities to ensure compliance with applicable laws.
Please feel free to comment on these suggested edits before our call on Monday.
Finally, here is a listing from the Wednesday meeting that summarizes our tasks: o Summarize each purpose in one sentence: “Information collected to enable contact between the registrant and <who> <to accomplish what>” o Think in terms of explaining to the data subject why data is being collected for this purpose – keep it concise and simple. o Are the tasks/users identified by your team so diverse and distinct that they may be more than one purpose? If so, split them up and describe each purpose separately. o Which purposes covered by other teams are closely related to or overlap the purpose(s) covered by your team? o Is there any data collected specifically for the stated purpose? Or does that purpose use only data collected for other purposes? If anyone has thoughts about any of these items, please share them with the team; we will discuss them on our call. Chuck
From: Kris Seeburn [mailto:seeburn.k@gmail.com] Sent: Wednesday, November 1, 2017 10:37 PM To: Chuck <consult@cgomes.com> Cc: Metalitz, Steven <met@msk.com>; lisa@corecom.com; Bastiaan Goslings <bastiaan.goslings@ams-ix.net>;GNSO-RDS-pdp-5@icann.org Subject: Re: [Gnso-rds-pdp-5] DT5 Update
Chuck looked up at your edits and made a few balancing facts. I am now forwarding the updated latest document that we have worked on. We will also be finding a way to work with the team who have worked on “Legal” and i think we may need at some point work with the “investigation” team which in reality also matches with both the enforcement and regulatory. Just some suggestions. They will be good additions to our work. In fact i feel there are areas that overlap which may be the connection points to the whole of each group. But that would be a later stage approach.
I think we need to update and push it to the google docs now so that everyone sees the same versioning as we move. Suggestions: Use cases as Appendix to the documents. Anything else to grow the document and understanding can be laid out as an appendix to each document.
Another area that we may add at a later stage is “new gtld auction proceeds” they may be within contractual enforcement and some other groups.