Hi Gabriel, all,

all I can say is I spoke to section of the policy that was on the table /screen when we had the call.

 

Best,

Thomas

 

Hi all –

 

With appreciation for having been included on the call (and noting I won’t receive responses unless my email remains on cc), I just wanted to echo

1. My recollection of the conversation was that Thomas’ did seem to have initial support from the various constituencies, and
2. My understanding of his idea matches what is summarized by 10.6 and 10.6.1 (replacing any prior text indicated in 10.6.2)

 

I don’t recall any discussion of there being two extension requests, and suspect that the continued presence of 10.6.2 is a misunderstanding. 

 

Perhaps Thomas can chime in to confirm?

 

~G

 

 

 

Dear Dennis and colleagues,

 

We appreciate the effort the IRT members and staff have taken to get us to this point.  I was very grateful for thoughtfulness and flexibility demonstrated during the call.  Nevertheless, the Public Safety Working Group colleagues on the 7/19/23 call (myself, Chris, and Gabe) don’t think the current draft has accurately captured the agreement reached during our discussion because it identifies two separate timelines for extensions of time to respond to urgent requests.  I understood our discussion as creating a unified timeline for most requests (“without undue delay, generally within 24 hours”) and then a single opportunity to for an up-to-2 business day extension.  The circulated version creates two opportunities and timelines for an extension and creates the potential for a longer total timeline to respond (now 3 business days).   

 

I reviewed the recording (most relevant part starts at minute 50) and believe it supports my understanding, particularly Thomas’s distillation of the key components of our agreement toward the end of the discussion.

 

I note that part of the misunderstanding seems to have arisen because the current version, for the first time, separates out the timeline for urgent requests into three separate subsections. The public comment version for urgent requests was set forth in its entirety in10.6.  Org’s changes to this provision after the public comment period were also set forth in their entirety in 10.6.  These were never broken out or considered as stand-alone components of the urgent request timeline. They were only broken out and separated in the version circulated yesterday.

 

Our 7/19 discussion was focused on the entirety of the timeline to respond and setting a ceiling or limit on the response time.  The PSWG participants did not view the discussion as just focusing on a partial ceiling that could be extended not one but two times for a total of three business days.  Regarding a ceiling for response times, such a result would put us in a worse position than what Dennis had recently proposed (3 calendar days). 

 

For clarity, I think 10.6. and 10.6.1 accurately sets forth our discussion:

 

10.6. For Urgent Requests for Lawful Disclosure, Registrar and Registry Operator

MUST respond, as defined in Section 10.7, without undue delay, generally within

24 hours of receipt.

 

10.6.1. If Registrar or Registry Operator cannot respond to an Urgent Request for

Lawful Disclosure within 24 hours, it MUST notify the requestor within 24

hours of receipt of an Urgent Request for Lawful Disclosure of the need

for an extension to respond. Registrar or Registry Operator’s extension

notification to the requestor MUST include (a) confirmation that it has

reviewed and considered the Urgent Request for Lawful Disclosure on its

merits and determined additional time to respond is needed, (b) rationale

for why additional time is needed, and (c) the time frame it will respond,

as required by Section 10.7, which cannot exceed two (2) business days

from the time of the initial receipt of the request.

 

However, I don’t recall that we discussed an additional amount of time beyond the two-business day total response time.  Indeed, I thought the whole goal of our discussion was to create a single ceiling beyond the “without undue delay,” generally w/in 24 hours, which we ultimately agreed would expire at 2 business days from receipt.  So, I was surprised to see 10.6.2:

 

10.6.2. In addition to the extension provided for in Section 10.6.1, if responding to

an Urgent Request for Lawful Disclosure is complex, or a large number of

requests are received by Registrar or Registry Operator, it MAY extend

the time for response up to an additional one (1) business day provided it

notifies the requestor within (2) business days from the time of the initial

receipt of the request of the updated time frame to respond explaining the

need for an additional extension of time.

 

The reason that I’m concerned is that we’re now back to a scenario where urgent requests could take three business days to respond to which is what the GAC objected to in its public comment as inconsistent with the nature of an “urgent” request. 

 

I think this needs further discussion because I don’t think the current draft accurately reflects what we discussed on 7/19.  My suggestion would be to either:

 

1. Delete 10.6.2 or
2. Add the concepts of “complex” and “large number” to 10.6.1 as part of the rationale that may be shared to justify an extension of time to respond to an urgent request.

 

I suggest that we need an additional call unless this can be resolved via email.      

 

 

 

 

Dear IRT,

 

Attached is a completed draft of the Registration Data Policy including the last two outstanding sections.

Section 4.0:  Policy Effective Date reflecting the 6+12 plan for the 18-month implementation timeline.

Section 10.6:  Urgent Request reflecting the solution supported at the IRT meeting last week. (see email below)

 

I believe we now have a good policy that is aligned with all 34 recommendations we will work together to implement.

EPDP Phase 1 recommendations (29) May 2019

EPDP Phase 2 Priority 2 Recommendations (4) June 2021

Supplemental Recommendation (1) March 2022

 

As we discussed at our last IRT meeting, we don’t plan on more IRT meetings before we publish our policy in August 2023.

We’ll notify you of the publication date after we have coordinated with our publication team.  We may have more IRT meetings after we publish to coordinate and collaborate our implementation, but that decision will come later.  For now, we will focus on getting this policy published.

 

If you have questions or comments, I request they be submitted in separate emails with Subject line defining the topic.

It will help us to collect the information as we address them together. 

 

Thank you all once again and I hope you all support the attached policy language for publication and implementation.

 

Gratefully your,

Dennis Chang

 

Dear IRT,

 

If you haven’t heard already, we did it!  

 

We found a solution to Urgent Request supported by IRT at our 90 minutes focused working session this week.

Thank you so much for not giving up and working as a team to find this solution.  It was impressive to see people still listening to one another, appreciating the different views, and truly collaborating to build on ideas to find the compromised solution.  A great demonstration of One Team against the problem.

 

What was that solution? 

• 24 hours.                 Respond in 24 hours with the info or an explanation for more time needed.
• 2 Business Days.   No more than 2 Business Days to Respond.

 

How did this happen?

First, thanks to Roger and RrSG for the planting the seed with using both 24 hours and 2 business days in the solution.

Instead of outright rejecting it, Laureen and others suggested that we build on it.

Thomas came in with a key ingredient – the explanation.

 

Initially, we discussed all the options but created this new one listening to the “interest” behind the positions.

Business Days was important because of the business realities in various regions around the world.

While Calendar Days sets global time consistency, the team agreed that cultural sensitivity to regions was more important.

The dread of “silence” with undetermined timeline using “Business Days” was solved with the promise of a response in 24 hours with an explanation.  Thanks to Gabriel expressing the “dread” so eloquently.   Overall, it was an exciting finale overcoming the toughest challenge for us.

 

As promised, we’ll draft the policy language using the IRT supported requirements and comeback to you, but I wanted to send you this quick note to express my sincere gratitude for wonderfully responding. 

 

I thank those guests that joined to support us too.  I noted Ashley, RrSG Chair and Becky, ICANN Board and others supporting us behind the scenes.    Please convey our sincere appreciation to your team back home too.

 

THANK YOU!