From: Owen Smigelski <owen.smigelski@namecheap.com>
Sent: Wednesday, July 26, 2023 1:17 PM
To: Kapin, Laureen <LKAPIN@ftc.gov>
Cc: Dennis Chang <dennis.chang@icann.org>; irt.regdatapolicy@icann.org
Subject: Re: [IRT.RegDataPolicy] Concerns that proposed solution does not match 7/19 discussion RE: Review RegData complete draft Re: Good News. Urgent Request. IRT supported solution found!

Although I did not attend the last IRT meeting, I have been in close consultation with my registrar colleagues. 

It needs to be made clear that this was a REAL compromise for registrars as it allows taking additional time to respond if necessary. Conducting the balancing test is not as simple as reviewing an abuse complaint (as many have repeatedly explained), and the penalties of improper disclosure are significant. We thus need the flexibility if certain situations require more than 24 hours. 

Getting rid of the previously agreed upon text of one business day puts us back in a situation where there is no compromise and the registrars will not be able to accept what was agreed to last week.  

On behalf of the RrSG, I would formally like to raise the concern that it appears that the IRT is being used to develop policy rather than implement recommendations. Others have expressed this concern, and the registrars support efforts to ensure that the final policy aligns with the recommendations.

Regards,

Owen

On Jul 25, 2023, at 11:34, Kapin, Laureen via IRT.RegDataPolicy <irt.regdatapolicy@icann.org> wrote:

 

CAUTION: This email originated from outside the organization. Do not click links unless you can confirm the sender and know the content is safe.

Dear Dennis and colleagues,

 

We appreciate the effort the IRT members and staff have taken to get us to this point.  I was very grateful for thoughtfulness and flexibility demonstrated during the call.  Nevertheless, the Public Safety Working Group colleagues on the 7/19/23 call (myself, Chris, and Gabe) don’t think the current draft has accurately captured the agreement reached during our discussion because it identifies two separate timelines for extensions of time to respond to urgent requests.  I understood our discussion as creating a unified timeline for most requests (“without undue delay, generally within 24 hours”) and then a single opportunity to for an up-to-2 business day extension.  The circulated version creates two opportunities and timelines for an extension and creates the potential for a longer total timeline to respond (now 3 business days).   

 

I reviewed the recording (most relevant part starts at minute 50) and believe it supports my understanding, particularly Thomas’s distillation of the key components of our agreement toward the end of the discussion.

 

I note that part of the misunderstanding seems to have arisen because the current version, for the first time, separates out the timeline for urgent requests into three separate subsections. The public comment version for urgent requests was set forth in its entirety in10.6.  Org’s changes to this provision after the public comment period were also set forth in their entirety in 10.6.  These were never broken out or considered as stand-alone components of the urgent request timeline. They were only broken out and separated in the version circulated yesterday.

 

Our 7/19 discussion was focused on the entirety of the timeline to respond and setting a ceiling or limit on the response time.  The PSWG participants did not view the discussion as just focusing on a partial ceiling that could be extended not one but two times for a total of three business days.  Regarding a ceiling for response times, such a result would put us in a worse position than what Dennis had recently proposed (3 calendar days). 

 

For clarity, I think 10.6. and 10.6.1 accurately sets forth our discussion:

 

10.6. For Urgent Requests for Lawful Disclosure, Registrar and Registry Operator

MUST respond, as defined in Section 10.7, without undue delay, generally within

24 hours of receipt.

 

10.6.1. If Registrar or Registry Operator cannot respond to an Urgent Request for

Lawful Disclosure within 24 hours, it MUST notify the requestor within 24

hours of receipt of an Urgent Request for Lawful Disclosure of the need

for an extension to respond. Registrar or Registry Operator’s extension

notification to the requestor MUST include (a) confirmation that it has

reviewed and considered the Urgent Request for Lawful Disclosure on its

merits and determined additional time to respond is needed, (b) rationale

for why additional time is needed, and (c) the time frame it will respond,

as required by Section 10.7, which cannot exceed two (2) business days

from the time of the initial receipt of the request.

 

However, I don’t recall that we discussed an additional amount of time beyond the two-business day total response time.  Indeed, I thought the whole goal of our discussion was to create a single ceiling beyond the “without undue delay,” generally w/in 24 hours, which we ultimately agreed would expire at 2 business days from receipt.  So, I was surprised to see 10.6.2:

 

10.6.2. In addition to the extension provided for in Section 10.6.1, if responding to

an Urgent Request for Lawful Disclosure is complex, or a large number of

requests are received by Registrar or Registry Operator, it MAY extend

the time for response up to an additional one (1) business day provided it

notifies the requestor within (2) business days from the time of the initial

receipt of the request of the updated time frame to respond explaining the

need for an additional extension of time.

 

The reason that I’m concerned is that we’re now back to a scenario where urgent requests could take three business days to respond to which is what the GAC objected to in its public comment as inconsistent with the nature of an “urgent” request. 

 

I think this needs further discussion because I don’t think the current draft accurately reflects what we discussed on 7/19.  My suggestion would be to either:

 

1. Delete 10.6.2 or
2. Add the concepts of “complex” and “large number” to 10.6.1 as part of the rationale that may be shared to justify an extension of time to respond to an urgent request.

 

I suggest that we need an additional call unless this can be resolved via email.      

 

 

Kind regards,

Laureen Kapin

Assistant Director for International Consumer Protection

Office of International Affairs

Federal Trade Commission

lkapin@ftc.gov

 

From: IRT.RegDataPolicy <irt.regdatapolicy-bounces@icann.org> On Behalf Of Dennis Chang via IRT.RegDataPolicy
Sent: Monday, July 24, 2023 5:24 PM
To: irt.regdatapolicy@icann.org
Subject: [IRT.RegDataPolicy] Review RegData complete draft Re: Good News. Urgent Request. IRT supported solution found!

 

Dear IRT,

 

Attached is a completed draft of the Registration Data Policy including the last two outstanding sections.

Section 4.0:  Policy Effective Date reflecting the 6+12 plan for the 18-month implementation timeline.

Section 10.6:  Urgent Request reflecting the solution supported at the IRT meeting last week. (see email below)

 

I believe we now have a good policy that is aligned with all 34 recommendations we will work together to implement.

EPDP Phase 1 recommendations (29) May 2019

EPDP Phase 2 Priority 2 Recommendations (4) June 2021

Supplemental Recommendation (1) March 2022

 

As we discussed at our last IRT meeting, we don’t plan on more IRT meetings before we publish our policy in August 2023.

We’ll notify you of the publication date after we have coordinated with our publication team.  We may have more IRT meetings after we publish to coordinate and collaborate our implementation, but that decision will come later.  For now, we will focus on getting this policy published.

 

If you have questions or comments, I request they be submitted in separate emails with Subject line defining the topic.

It will help us to collect the information as we address them together. 

 

Thank you all once again and I hope you all support the attached policy language for publication and implementation.

 

Gratefully your,

Dennis Chang

 

From: "IRT.RegDataPolicy" <irt.regdatapolicy-bounces@icann.org> on behalf of "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy@icann.org>
Reply-To: Dennis Chang <dennis.chang@icann.org>
Date: Friday, July 21, 2023 at 8:40 AM
To: "irt.regdatapolicy@icann.org" <irt.regdatapolicy@icann.org>
Subject: Re: [IRT.RegDataPolicy] RegData IRT Good News. Urgent Request requirement. IRT supported solution found!

 

Dear IRT,

 

If you haven’t heard already, we did it!  

 

We found a solution to Urgent Request supported by IRT at our 90 minutes focused working session this week.

Thank you so much for not giving up and working as a team to find this solution.  It was impressive to see people still listening to one another, appreciating the different views, and truly collaborating to build on ideas to find the compromised solution.  A great demonstration of One Team against the problem.

 

What was that solution? 

• 24 hours.                 Respond in 24 hours with the info or an explanation for more time needed.
• 2 Business Days.   No more than 2 Business Days to Respond.

 

How did this happen?

First, thanks to Roger and RrSG for the planting the seed with using both 24 hours and 2 business days in the solution.

Instead of outright rejecting it, Laureen and others suggested that we build on it.

Thomas came in with a key ingredient – the explanation.

 

Initially, we discussed all the options but created this new one listening to the “interest” behind the positions.

Business Days was important because of the business realities in various regions around the world.

While Calendar Days sets global time consistency, the team agreed that cultural sensitivity to regions was more important.

The dread of “silence” with undetermined timeline using “Business Days” was solved with the promise of a response in 24 hours with an explanation.  Thanks to Gabriel expressing the “dread” so eloquently.   Overall, it was an exciting finale overcoming the toughest challenge for us.

 

As promised, we’ll draft the policy language using the IRT supported requirements and comeback to you, but I wanted to send you this quick note to express my sincere gratitude for wonderfully responding. 

 

I thank those guests that joined to support us too.  I noted Ashley, RrSG Chair and Becky, ICANN Board and others supporting us behind the scenes.    Please convey our sincere appreciation to your team back home too.

 

THANK YOU!

 

Dennis S. Chang

GDD Programs Director

Phone: +1 213 293 7889

Sykpe: dennisSchang

www.icann.org  One World – One Internet

 

********************
CAUTION:
This email originated from outside the organization. Do not click
links unless you can confirm the sender and know the content is safe.
********************

_______________________________________________
IRT.RegDataPolicy mailing list
IRT.RegDataPolicy@icann.org
https://mm.icann.org/mailman/listinfo/irt.regdatapolicy

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.