3 Recommendations

 

Since the SSAC began the work that became this report the ICANN Board and ICANN Community have continued to discuss the outcomes of the IRT and Urgent Requests. [17,18] This topic is currently in active discussion.  Thus, rather than provide recommendations directed to the ICANN Board, or the specific group implementing Registration Data Request Service (RDRS), this report provides recommendations on the eventual outcome of these deliberations. The SSAC hopes that the recommendations below will be taken into consideration by all groups working on policies for handling Urgent Requests.

 

Recommendation 1: The policy must provide additional structure so that Urgent Requests will be handled in an appropriately expedited fashion.

 

Specifically, the SSAC recommends that the required structure must include at least the following elements:

 

a.  Registrar's and Registry Operator's published mechanism and process must state that Reasonable Requests for Lawful Disclosure and Urgent Requests for Lawful Disclosure are different, and must allow Urgent Requests to be identified as such by a requestor.

 

b. When a requestor submits an Urgent Request, Registrar and Registry Operator must provide an acknowledgment of receipt within 30 minutes.  This acknowledgment is separate from the "response" to the disclosure request described in paragraph 10.7.

 

c. Paragraph 10.7.2 must specify that Response to all Disclosure Requests must be in writing by email to the requestor.  A written response is necessary for the information of the Requestor, and for compliance purposes.  The requirement for written responses is not intended to prohibit other communication from occurring (e.g., if ongoing telephonic communication is conducted in parallel to the writing of the email response), so long as the written response is also provided.

 

Recommendation 2: The policy must ensure that response time for handling Urgent Requests be fit for purpose.

 

Specifically, the SSAC recommends that the required response time must have at least the following characteristics:

 

a. Urgent Requests are a matter of imminent danger.  The language of the policy should reflect that responses are to be fulfilled as soon as possible, with urgency befitting the situation.

 

b. Paragraphs 10.6.1 and 10.6.2 provide time extensions that are not fit for purpose, and these paragraphs should be deleted.  No legitimate Urgent Request should be responded to in more than 24 hours.

 

c. In paragraph 10.6, the word "generally" is imprecise and confusing and should be deleted.

 

Recommendation 3: ICANN org should acquire and document datar egarding Urgent Requests and make high-level information available to the community for future consideration.

 

Specifically, the SSAC recommends the data made available to the community must include at least the following metrics

 

 a. Number of Urgent Requests received at registrars and registry operators;

 

b. Expediency with which Urgent Requests were reviewed, evaluated, and handled;

 

c. Percentage of Urgent Requests classified as spam, not urgent, or otherwise invalid; and

 

d. Counts of requests handled and not handled within the contractual requirements (i.e., compliance statistics).

 

The data collected must be comprehensive enough for ICANN org to examine a registrar or registry operator’ Shandling of Urgent Requests for compliance purposes.

 

[17] See Letter from Tripti Sinha to Gregory DiBiase, November 13 2023, https://gnso.icann.org/sites/default/files/policy/2023/correspondence/sinha-to-dibiase-13nov23-en.pdf

 

[18] See GAC ICANN78 Hamburg Communique, https://gac.icann.org/contentMigrated/icann78-hamburg-communique