Thanks for this Ariel:

 

My initial thought is this.

 

If we do NOT use passwords, than anyone with the link can take the survey, right?

 

So if DO use passwords and we allow users to create them, what is the risk if they don’t create “unique” passwords?  Because I’m not seeing any risk to just letting them create a password. This is just a little placeholder -  a dog-earing of the electronic page if you will, it’s not performing a security function.  (Right??)

 

Or are you saying that the password is really just a token and if someone else arbitrarily creates the same one (like “1234” or “password”) we’ll have a mess?

 

(ccing myself since I’m out tomorrow and I want to see the answer!)

 

Kristine

 

From: Gnso-rpm-data [mailto:gnso-rpm-data-bounces@icann.org] On Behalf Of Ariel Liang
Sent: Thursday, August 16, 2018 9:42 AM
To: gnso-rpm-data@icann.org
Subject: [Gnso-rpm-data] Advice Needed: Complications Regarding Saving Survey Responses

 

Dear Data Sub Team members,

 

Analysis Group is in process programming the surveys; the actual/potential registrant survey has already been pushed to the beta testing phase.

 

A complication was discovered. Analysis Group informed staff that it is not possible to allow survey takers to “save” their responses and return to the surveys later to complete, unless the survey taker is given a login credential that can be validated. To create a login credential, the simplest way is for Analysis Group to obtain a list of email addresses of the individual survey takers. This, however, cannot be achieved given the outreach method that we are using to distribute the surveys (e.g., public links accessed via mailing lists, announcements, social media). Although GDD has the email contacts of registries and registrars, ICANN Org is not allowed to share the email contacts with Analysis Group directly due to the rightful use of these email contacts and associated legal/GDPR implications.

 

Analysis Group is exploring other options/workarounds for survey takers to “save” their responses. One option is to allow users to create their own passwords, though it is difficult for Analysis Group to enforce unique password creation. They are experimenting with methods of suggesting unique passwords to users who would like to create a password. Another option is to distribute "cookies" with the survey, which will allow respondents to return to surveys that they have started. This option requires Analysis Group to explore any legal issues involved in the use of cookies. In summary, these options may raise technical and privacy issues that need to be cleared internally by Analysis Group. Consequently, this complication may add to the time for the surveys to be launched. Staff are seeking clarification from AG on the ETA to solve these technical/privacy issues.

 

QUESTION: The need to get the surveys out ASAP/as many responses as possible thus needs to be weighed against the benefit of enabling respondents to save their responses/impact to the response rate. What does the Sub Team advise?

 

Thank you for input!

 

Best Regards,

Mary, Julie, Ariel, Berry