Hello all,

 

We should keep DNS Abuse separate from this Urgent disclosure request conversation.

 

DNS Abuse, which is defined as phishing, pharming, malware, botnets, and spam when delivering the other four types of Abuse, has (in comparison to Urgent disclosure requests) a different process for escalation to the Registrar's Abuse contact (often not the same person as the one evaluating the disclosure request), and a completely different review and decision-making process. Identifying malware or phishing on a website is a completely different skillset than conducting a legal balancing test of rights.

 

The differences in these two problems and processes also mean that the time it takes to address them is different. Although 24 hours has been accepted for responding to abuse reports it is not what the Phase 1 EPDP team agreed on for answering disclosure requests and it is not a reasonable timeframe for registrars to be held to meet. It cannot be what this IRT includes in the Policy.

 

 
-- 
Sarah Wyld, CIPP/E
 
Policy & Privacy Manager
Pronouns: she/they
 
swyld@tucows.com

 

From: Kapin, Laureen via IRT.RegDataPolicy
Sent: July 19, 2023 1:14 PM
To: Rubens Kuhl; Dennis Chang via IRT.RegDataPolicy
Subject: Re: [IRT.RegDataPolicy] [EXTERNAL] Proposal for reconcilingcompeting issues related to Urgent requests

 

Thanks for this exchange.

 

Urgent requests (which only apply to circumstances that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation) may or may not involve DNS Abuse (perhaps more likely re: threats to infrastructure) but certainly involve very grave situations.  That’s the rationale for the 24 hour response timeframe.

 

Looking forward to our discussion later today.

 

 

Kind regards,

Laureen Kapin

Assistant Director for International Consumer Protection

Office of International Affairs

Federal Trade Commission

lkapin@ftc.gov

 

From: IRT.RegDataPolicy <irt.regdatapolicy-bounces@icann.org> On Behalf Of Rubens Kuhl via IRT.RegDataPolicy
Sent: Wednesday, July 19, 2023 12:55 PM
To: Dennis Chang via IRT.RegDataPolicy <irt.regdatapolicy@icann.org>
Subject: Re: [IRT.RegDataPolicy] [EXTERNAL] Proposal for reconciling competing issues related to Urgent requests

 

 

 

Em 19 de jul. de 2023, à(s) 13:32, BF <bettyfausta@gmail.com> escreveu:

 

I support the proposition of June 7

For Urgent Requests for Lawful Disclosure, Registrar and Registry Operator MUST acknowledge and respond without undue delay, but no more than 24 hours two (2) business days from receipt.

This for me is useful for crises like DNS Abuse and can be comprehensive for large time zone matters.

 

 

This policy is about urgent disclosure requests, not DNS Abuse. For DNS Abuse there are contractual provisions other than Reg Data Policy. 

Conflating the issues is not helpful. 

 

 

 

 

Rubens