Steph;
Yes, I can affirm your opposition in EWG to sub-teams and for very good reasons. That position helped us to the decision for each sub-team to report at the plenary. I can affirm what we called the "WHOIS dataset" was lifted directly from the RAA 2013 WHOIS Specifications and recorded in contract at Section 3.3.1; I chaired the standing At-Large WHOIS WG and 'held the pen" for quite a few of the ALAC disputations over several years so very familiar with it. 

Yes, your arguments with Michele are legendary and served to educate all of us when he underscored the potentially [and substantially] larger dataset collectible via the registrar/registrant transaction - IP address, credit card data etc. - to make the point that registrars could potentially collect and curate much more data than what was contractually obliged.

And true, the sub-team discussions were not recorded.  What we do have are the worksheets which would have been lovingly curated by that stellar support staff. I would bet Lisa could lay her hands on them if we asked.

Best,
-Carlton 


==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Planning, Governance, Assessment & Turnaround
=============================

On Wed, Apr 27, 2016 at 2:45 AM, Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> wrote:

Sadly, I was not on that workteam.  I recall pointing out that dividing into subteams was not a good idea, (do you recall me trying to get out of the privacy subteam, saying I needed to be on all the others?  I bet Rod might....) but I do not recall discussion of the 2013 RAA in plenary....although I have a vivid memory of arguing with Michele (as one does) when he said the 2013 was out of scope as it was in negotiation.  However, I do think us arguing about my (apparently but not necessarily) faulty memory is fruitless and boring for all the others who were not in the EWG.   It was not, unfortunately, a recorded discussion, and was quite non-transparent to others outside the process. Also of course hard for those of us new to ICANN to refresh our memories, absent an official record.  Not the problem in this exercise, thank goodness.

kind regards,

Steph

PS if the list of data elements was lifted straight from the RAA after signing, then discussed in that subteam, I would not have recognized all the other bits, eg escrow and retention, which are problematic...as you can see, this could go on and on but I will indeed check my email records just to find out how I missed this.


On 2016-04-27 2:36, Carlton Samuels wrote:
Actually Steph, we made extensive use of RAA 2013 in one of the EWG subteams I worked.

Lack of user identification, authentication  and access control was fingered as major disabilities of the existing WHOIS protocol. Scott [Hallenbeck], Lanre [Ajayi] and myself were members of the subteam (if memory serves it was G) that examined all the data elements described in the RAA 2013 WHOIS dataset from an access perspective, identify their source[s] and classified them for sensitivity to data protection rules.

That outcome was the basis for recommending the RDAP - then in final preparatory stage by the WEIRDS WG of the IETF - as fit and proper vehicle for processing registration data. 

Another EWG subteam (could have been D with Michele on it) examined the RAA WHOIS dataset from a collection perspective + added some elements not described therein but which we know were generated in the course of the user/registrar transaction. Scott and myself then mapped the elements from collection perspective against those from the access perspective in an effort to harmonize elements, all under colour of data protection rules to decide the elements that would be gated for access.

These were fairly detailed pieces of work and I kept the worksheets.  So no, I cannot agree we never examined the RAA 2013.

Best,
-Carlton


==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Planning, Governance, Assessment & Turnaround
=============================

On Mon, Apr 25, 2016 at 11:11 AM, Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> wrote:

I would actually disagree.  We discussed the use cases for data, accepting those current uses as by and large legitimate.  From a data protection perspective, it has been clear from the very beginning that many of the new purposes that registrant data were being put to, would not be permissible by law under the original purpose of WHOIS.  We never looked at the collection instrument, (RAA) it was accepted as fait accompli.  We did not go over the extensive collection of documents that we had received from the DPAs.  So a thorough, tabula rasa discussion of the purpose of collection of registrant data is in order, in my view.  And SAC 055 agrees with that view.

Stephanie Perrin

On 2016-04-25 17:34, Carlton Samuels wrote:
...and FWIW, the Review Team's final report was a very important substrate upon which the EWG's work was advanced.

The EWG spent an inordinate amount of time resolving the question as to whether there was a purposeful need for registration data and if so, what should be collected, the standards for collection, how it should be curated and the safeguards, why and how it should be published and the mechanisms for publication.

I say again, it would be a sign of malignancy to embrace any attempt to bounce the rubble here. If there is new and original insight of value to the end game, let it be heard. 

Otherwise, enough good minds and treasure are exhausted answering those questions. 

Lets get on with it.

-Carlton


==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Planning, Governance, Assessment & Turnaround
=============================

On Mon, Apr 25, 2016 at 8:08 AM, Kathy Kleiman <kathy@kathykleiman.com> wrote:
Hi Marika and All,
I think my concerns run to (iii) and (v) below as the limitations of certain documents (especially ones people refer to often) have definitely been a part of the discussion of this subgroup.  I would note that certain document in the summaries already contain some red highlighted notes, and I would like to request that similar notes be added *within our summary* of the Whois Review Team Final Report and within our subgroup report to the full WG. Here are the bullet points you requested (tx for asking!):

- The Whois Review Team was expressly barred from looking at the purpose of the Whois system. It was allowed to look only at ICANN's "existing policy relating to WHOIS" per the Affirmation of Commitments signed between US Department of Commerce and ICANN in 2009.

- Even within that scope, the Whois Review Team Final Report expressly recommended protection of privacy for commercial companies, noncommercial organizations and individuals (finding that each shared with us legal and legitimate reasons for privacy including as-yet-unannounced mergers, new movie names, unpopular religious, ethnic and policy views, etc).

- The Whois Review Team Final Report advised ICANN to work towards a standard of "contactability" - reaching the registrant by some means rather than all means - which we wrote as: "ICANN should take appropriate measures to reduce the number of WHOIS registrations that fall into the accuracy groups Substantial Failure and Full Failure (as defined by the NORC Data Accuracy Study, 2009/10..." p. 87.

We were tasked with conveying to the full WG our understanding of "purpose" as guided by these documents - and these notes add key insights and understandings to it (as we shared many times in presenting this Final Report to ICANN in 2012).

Best,
Kathy


On 4/24/2016 8:35 PM, Marika Konings wrote:
Kathy, all, as a reminder, each sub-team is expected to answer the
following questions in relation to the work it has undertaken:

(i) Did this input inventory produce any insights to inform the WG¹s work
plan? 
(ii) Which inputs are likely to be the most important [relevant] during WG
deliberations and why?
(iii) Which inputs, if any, generated the most discussion within the small
team? 
(iv) Which inputs may be obsolete or super-ceded by subsequent work?
(v) What input gaps, if any, may need to be addressed later?
(vi) Other key takeaways from this input inventory the team wishes to
share with the WG 


Your concern appears to fall under item v? If you would like to summarise
your concerns in a few bullets, the sub-team can maybe use these to start
building out the responses to the questions?

Best regards,

Marika

On 22/04/16 15:13, "gnso-rds-pdp-purpose-bounces@icann.org on behalf of
Kathy Kleiman" <gnso-rds-pdp-purpose-bounces@icann.org on behalf of
kathy@kathykleiman.com> wrote:


Hi Susan and Lisa,
I have a question (which certainly does not have to be answered on a
Friday afternoon), but some deep concerns have been raised on this list
by people who helped created various documents and reports that we are
now evaluating. For example, I raised the fact that it was completely
out of scope for the Whois Review Team to evaluate the data collected in
Whois and the primary purpose for which it was created.  By the
Affirmation of Commitments, we had to deal with the Whois system as it
existed (and had been passed to ICANN from the National Science
Foundation).

We could not and did not address or deal with primary purpose. I think
this limitation and fact is critical to the understanding and evaluation
of the Whois Review Team report, especially as it applies to our
question of "purpose."

How can this point be added to Whois Review Team Final Report summary -
perhaps in Additional Information? -- and to our discussion?

Tx,
Kathy
_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose


_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose



_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose


_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose