Dennis, Per the note below, SSAC has published its report on Urgent Requests. This completes the action we initiated within SSAC in response to the incompleteness of the policy adopted by the IRT. Section 3 of the report contains its recommendations: *3 Recommendations * Since the SSAC began the work that became this report the ICANN Board and ICANN Community have continued to discuss the outcomes of the IRT and Urgent Requests. [17,18] This topic is currently in active discussion. Thus, rather than provide recommendations directed to the ICANN Board, or the specific group implementing Registration Data Request Service (RDRS), this report provides recommendations on the eventual outcome of these deliberations. The SSAC hopes that the recommendations below will be taken into consideration by all groups working on policies for handling Urgent Requests. *Recommendation 1*: The policy must provide additional structure so that Urgent Requests will be handled in an appropriately expedited fashion. Specifically, the SSAC recommends that the required structure must include at least the following elements: a. Registrar's and Registry Operator's published mechanism and process must state that Reasonable Requests for Lawful Disclosure and Urgent Requests for Lawful Disclosure are different, and must allow Urgent Requests to be identified as such by a requestor. b. When a requestor submits an Urgent Request, Registrar and Registry Operator must provide an acknowledgment of receipt within 30 minutes. This acknowledgment is separate from the "response" to the disclosure request described in paragraph 10.7. c. Paragraph 10.7.2 must specify that Response to all Disclosure Requests must be in writing by email to the requestor. A written response is necessary for the information of the Requestor, and for compliance purposes. The requirement for written responses is not intended to prohibit other communication from occurring (e.g., if ongoing telephonic communication is conducted in parallel to the writing of the email response), so long as the written response is also provided. *Recommendation 2*: The policy must ensure that response time for handling Urgent Requests be fit for purpose. Specifically, the SSAC recommends that the required response time must have at least the following characteristics: a. Urgent Requests are a matter of imminent danger. The language of the policy should reflect that responses are to be fulfilled as soon as possible, with urgency befitting the situation. b. Paragraphs 10.6.1 and 10.6.2 provide time extensions that are not fit for purpose, and these paragraphs should be deleted. No legitimate Urgent Request should be responded to in more than 24 hours. c. In paragraph 10.6, the word "generally" is imprecise and confusing and should be deleted. *Recommendation 3*: ICANN org should acquire and document datar egarding Urgent Requests and make high-level information available to the community for future consideration. Specifically, the SSAC recommends the data made available to the community must include at least the following metrics a. Number of Urgent Requests received at registrars and registry operators; b. Expediency with which Urgent Requests were reviewed, evaluated, and handled; c. Percentage of Urgent Requests classified as spam, not urgent, or otherwise invalid; and d. Counts of requests handled and not handled within the contractual requirements (i.e., compliance statistics). The data collected must be comprehensive enough for ICANN org to examine a registrar or registry operator’ Shandling of Urgent Requests for compliance purposes. [17] See Letter from Tripti Sinha to Gregory DiBiase, November 13 2023, https://gnso.icann.org/sites/default/files/policy/2023/correspondence/sinha-... [18] See GAC ICANN78 Hamburg Communique, https://gac.icann.org/contentMigrated/icann78-hamburg-communique As you can see, these recommendations speak to the substance of the matter. This report does not address the process that led to the incomplete specification of a policy. I expect there will be some separate conversations on that score. I also look forward to working with you to bring the same message to the appropriate Org managers. Cheers and best wishes for the new year. Steve P.S. Note that as of the beginning of this month Ram Mohan is now chair of SSAC and Tara Whalen is vice chair. Jim Galvin continues as SSAC's liaison to the board. ---------- Forwarded message --------- From: Danielle Rutherford <danielle.rutherford@icann.org> Date: Wed, Dec 20, 2023 at 2:35 PM Subject: [SSAC] The SSAC has published SAC122 and SAC123 To: SSAC - Full List <ssac@icann.org> Dear SSAC Members, The SSAC has published SAC122: SSAC Report on Urgent Requests in the gTLD Registration Data Policy < https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee...
Thanks, Danielle
Thanks Steve. Looking forward to working with you in the new year too. Best, Dennis Chang From: "IRT.RegDataPolicy" <irt.regdatapolicy-bounces@icann.org> on behalf of "Steve Crocker via IRT.RegDataPolicy" <irt.regdatapolicy@icann.org> Reply-To: "Steve com>" <steve@shinkuro.com> Date: Wednesday, January 3, 2024 at 4:36 PM To: "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy@icann.org> Cc: SSAC Admin Committee <ssac-exec-comm@icann.org> Subject: [IRT.RegDataPolicy] The SSAC has published SAC122 Dennis, Per the note below, SSAC has published its report on Urgent Requests. This completes the action we initiated within SSAC in response to the incompleteness of the policy adopted by the IRT. Section 3 of the report contains its recommendations: 3 Recommendations Since the SSAC began the work that became this report the ICANN Board and ICANN Community have continued to discuss the outcomes of the IRT and Urgent Requests. [17,18] This topic is currently in active discussion. Thus, rather than provide recommendations directed to the ICANN Board, or the specific group implementing Registration Data Request Service (RDRS), this report provides recommendations on the eventual outcome of these deliberations. The SSAC hopes that the recommendations below will be taken into consideration by all groups working on policies for handling Urgent Requests. Recommendation 1: The policy must provide additional structure so that Urgent Requests will be handled in an appropriately expedited fashion. Specifically, the SSAC recommends that the required structure must include at least the following elements: a. Registrar's and Registry Operator's published mechanism and process must state that Reasonable Requests for Lawful Disclosure and Urgent Requests for Lawful Disclosure are different, and must allow Urgent Requests to be identified as such by a requestor. b. When a requestor submits an Urgent Request, Registrar and Registry Operator must provide an acknowledgment of receipt within 30 minutes. This acknowledgment is separate from the "response" to the disclosure request described in paragraph 10.7. c. Paragraph 10.7.2 must specify that Response to all Disclosure Requests must be in writing by email to the requestor. A written response is necessary for the information of the Requestor, and for compliance purposes. The requirement for written responses is not intended to prohibit other communication from occurring (e.g., if ongoing telephonic communication is conducted in parallel to the writing of the email response), so long as the written response is also provided. Recommendation 2: The policy must ensure that response time for handling Urgent Requests be fit for purpose. Specifically, the SSAC recommends that the required response time must have at least the following characteristics: a. Urgent Requests are a matter of imminent danger. The language of the policy should reflect that responses are to be fulfilled as soon as possible, with urgency befitting the situation. b. Paragraphs 10.6.1 and 10.6.2 provide time extensions that are not fit for purpose, and these paragraphs should be deleted. No legitimate Urgent Request should be responded to in more than 24 hours. c. In paragraph 10.6, the word "generally" is imprecise and confusing and should be deleted. Recommendation 3: ICANN org should acquire and document datar egarding Urgent Requests and make high-level information available to the community for future consideration. Specifically, the SSAC recommends the data made available to the community must include at least the following metrics a. Number of Urgent Requests received at registrars and registry operators; b. Expediency with which Urgent Requests were reviewed, evaluated, and handled; c. Percentage of Urgent Requests classified as spam, not urgent, or otherwise invalid; and d. Counts of requests handled and not handled within the contractual requirements (i.e., compliance statistics). The data collected must be comprehensive enough for ICANN org to examine a registrar or registry operator’ Shandling of Urgent Requests for compliance purposes. [17] See Letter from Tripti Sinha to Gregory DiBiase, November 13 2023, https://gnso.icann.org/sites/default/files/policy/2023/correspondence/sinha-... [18] See GAC ICANN78 Hamburg Communique, https://gac.icann.org/contentMigrated/icann78-hamburg-communique As you can see, these recommendations speak to the substance of the matter. This report does not address the process that led to the incomplete specification of a policy. I expect there will be some separate conversations on that score. I also look forward to working with you to bring the same message to the appropriate Org managers. Cheers and best wishes for the new year. Steve P.S. Note that as of the beginning of this month Ram Mohan is now chair of SSAC and Tara Whalen is vice chair. Jim Galvin continues as SSAC's liaison to the board. ---------- Forwarded message --------- From: Danielle Rutherford <danielle.rutherford@icann.org<mailto:danielle.rutherford@icann.org>> Date: Wed, Dec 20, 2023 at 2:35 PM Subject: [SSAC] The SSAC has published SAC122 and SAC123 To: SSAC - Full List <ssac@icann.org<mailto:ssac@icann.org>> Dear SSAC Members, The SSAC has published SAC122: SSAC Report on Urgent Requests in the gTLD Registration Data Policy < https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee... > Thanks, Danielle
Hi Dennis, Happy New Year! I hope you had a chance to renew and recharge. I was hoping you might be able to provide some insights on what conversations/next steps should take place on the Urgent Requests issues. The procedural steps are still a bit unlear (at least to me 😉). Kind regards, Laureen Kapin Assistant Director for International Consumer Protection Office of International Affairs Federal Trade Commission lkapin@ftc.gov From: IRT.RegDataPolicy <irt.regdatapolicy-bounces@icann.org> On Behalf Of Dennis Chang via IRT.RegDataPolicy Sent: Monday, January 8, 2024 8:31 AM To: steve@shinkuro.com; Dennis Chang via IRT.RegDataPolicy <irt.regdatapolicy@icann.org> Cc: SSAC Admin Committee <ssac-exec-comm@icann.org> Subject: Re: [IRT.RegDataPolicy] The SSAC has published SAC122 Thanks Steve. Looking forward to working with you in the new year too. Best, Dennis Chang From: "IRT.RegDataPolicy" <irt.regdatapolicy-bounces@icann.org> on behalf of "Steve Crocker via IRT.RegDataPolicy" <irt.regdatapolicy@icann.org> Reply-To: "Steve com>" <steve@shinkuro.com> Date: Wednesday, January 3, 2024 at 4:36 PM To: "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy@icann.org> Cc: SSAC Admin Committee <ssac-exec-comm@icann.org> Subject: [IRT.RegDataPolicy] The SSAC has published SAC122 Dennis, Per the note below, SSAC has published its report on Urgent Requests. This completes the action we initiated within SSAC in response to the incompleteness of the policy adopted by the IRT. Section 3 of the report contains its recommendations: 3 Recommendations Since the SSAC began the work that became this report the ICANN Board and ICANN Community have continued to discuss the outcomes of the IRT and Urgent Requests. [17,18] This topic is currently in active discussion. Thus, rather than provide recommendations directed to the ICANN Board, or the specific group implementing Registration Data Request Service (RDRS), this report provides recommendations on the eventual outcome of these deliberations. The SSAC hopes that the recommendations below will be taken into consideration by all groups working on policies for handling Urgent Requests. Recommendation 1: The policy must provide additional structure so that Urgent Requests will be handled in an appropriately expedited fashion. Specifically, the SSAC recommends that the required structure must include at least the following elements: a. Registrar's and Registry Operator's published mechanism and process must state that Reasonable Requests for Lawful Disclosure and Urgent Requests for Lawful Disclosure are different, and must allow Urgent Requests to be identified as such by a requestor. b. When a requestor submits an Urgent Request, Registrar and Registry Operator must provide an acknowledgment of receipt within 30 minutes. This acknowledgment is separate from the "response" to the disclosure request described in paragraph 10.7. c. Paragraph 10.7.2 must specify that Response to all Disclosure Requests must be in writing by email to the requestor. A written response is necessary for the information of the Requestor, and for compliance purposes. The requirement for written responses is not intended to prohibit other communication from occurring (e.g., if ongoing telephonic communication is conducted in parallel to the writing of the email response), so long as the written response is also provided. Recommendation 2: The policy must ensure that response time for handling Urgent Requests be fit for purpose. Specifically, the SSAC recommends that the required response time must have at least the following characteristics: a. Urgent Requests are a matter of imminent danger. The language of the policy should reflect that responses are to be fulfilled as soon as possible, with urgency befitting the situation. b. Paragraphs 10.6.1 and 10.6.2 provide time extensions that are not fit for purpose, and these paragraphs should be deleted. No legitimate Urgent Request should be responded to in more than 24 hours. c. In paragraph 10.6, the word "generally" is imprecise and confusing and should be deleted. Recommendation 3: ICANN org should acquire and document datar egarding Urgent Requests and make high-level information available to the community for future consideration. Specifically, the SSAC recommends the data made available to the community must include at least the following metrics a. Number of Urgent Requests received at registrars and registry operators; b. Expediency with which Urgent Requests were reviewed, evaluated, and handled; c. Percentage of Urgent Requests classified as spam, not urgent, or otherwise invalid; and d. Counts of requests handled and not handled within the contractual requirements (i.e., compliance statistics). The data collected must be comprehensive enough for ICANN org to examine a registrar or registry operator’ Shandling of Urgent Requests for compliance purposes. [17] See Letter from Tripti Sinha to Gregory DiBiase, November 13 2023, https://gnso.icann.org/sites/default/files/policy/2023/correspondence/sinha-... [18] See GAC ICANN78 Hamburg Communique, https://gac.icann.org/contentMigrated/icann78-hamburg-communique As you can see, these recommendations speak to the substance of the matter. This report does not address the process that led to the incomplete specification of a policy. I expect there will be some separate conversations on that score. I also look forward to working with you to bring the same message to the appropriate Org managers. Cheers and best wishes for the new year. Steve P.S. Note that as of the beginning of this month Ram Mohan is now chair of SSAC and Tara Whalen is vice chair. Jim Galvin continues as SSAC's liaison to the board. ---------- Forwarded message --------- From: Danielle Rutherford <danielle.rutherford@icann.org<mailto:danielle.rutherford@icann.org>> Date: Wed, Dec 20, 2023 at 2:35 PM Subject: [SSAC] The SSAC has published SAC122 and SAC123 To: SSAC - Full List <ssac@icann.org<mailto:ssac@icann.org>> Dear SSAC Members, The SSAC has published SAC122: SSAC Report on Urgent Requests in the gTLD Registration Data Policy < https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee... > Thanks, Danielle
Laureen, My understanding is that the Urgent Requests issue will be, if/when Council decides to work on it, a new policy work under GNSO Council management. During Dec 21st meeting, Council asked for a communication from the Board on the concerns they identified, and this still to happen. When it happens, Council will have more information to decide on whether to commission an issue report (for a possible PDP) or doing an EPDP or GGP. A GGP might be a good fit for this particular issue. Rubens
Em 16 de jan. de 2024, à(s) 15:25, Kapin, Laureen via IRT.RegDataPolicy <irt.regdatapolicy@icann.org> escreveu:
Hi Dennis,
Happy New Year! I hope you had a chance to renew and recharge. I was hoping you might be able to provide some insights on what conversations/next steps should take place on the Urgent Requests issues. The procedural steps are still a bit unlear (at least to me 😉).
Kind regards, Laureen Kapin Assistant Director for International Consumer Protection Office of International Affairs Federal Trade Commission lkapin@ftc.gov <mailto:lkapin@ftc.gov>
From: IRT.RegDataPolicy <irt.regdatapolicy-bounces@icann.org> On Behalf Of Dennis Chang via IRT.RegDataPolicy Sent: Monday, January 8, 2024 8:31 AM To: steve@shinkuro.com; Dennis Chang via IRT.RegDataPolicy <irt.regdatapolicy@icann.org> Cc: SSAC Admin Committee <ssac-exec-comm@icann.org> Subject: Re: [IRT.RegDataPolicy] The SSAC has published SAC122
Thanks Steve. Looking forward to working with you in the new year too.
Best, Dennis Chang
From: "IRT.RegDataPolicy" <irt.regdatapolicy-bounces@icann.org> on behalf of "Steve Crocker via IRT.RegDataPolicy" <irt.regdatapolicy@icann.org> Reply-To: "Steve com>" <steve@shinkuro.com> Date: Wednesday, January 3, 2024 at 4:36 PM To: "Dennis Chang via IRT.RegDataPolicy" <irt.regdatapolicy@icann.org> Cc: SSAC Admin Committee <ssac-exec-comm@icann.org> Subject: [IRT.RegDataPolicy] The SSAC has published SAC122
Dennis,
Per the note below, SSAC has published its report on Urgent Requests. This completes the action we initiated within SSAC in response to the incompleteness of the policy adopted by the IRT.
Section 3 of the report contains its recommendations:
3 Recommendations
Since the SSAC began the work that became this report the ICANN Board and ICANN Community have continued to discuss the outcomes of the IRT and Urgent Requests. [17,18] This topic is currently in active discussion. Thus, rather than provide recommendations directed to the ICANN Board, or the specific group implementing Registration Data Request Service (RDRS), this report provides recommendations on the eventual outcome of these deliberations. The SSAC hopes that the recommendations below will be taken into consideration by all groups working on policies for handling Urgent Requests.
Recommendation 1: The policy must provide additional structure so that Urgent Requests will be handled in an appropriately expedited fashion.
Specifically, the SSAC recommends that the required structure must include at least the following elements:
a. Registrar's and Registry Operator's published mechanism and process must state that Reasonable Requests for Lawful Disclosure and Urgent Requests for Lawful Disclosure are different, and must allow Urgent Requests to be identified as such by a requestor.
b. When a requestor submits an Urgent Request, Registrar and Registry Operator must provide an acknowledgment of receipt within 30 minutes. This acknowledgment is separate from the "response" to the disclosure request described in paragraph 10.7.
c. Paragraph 10.7.2 must specify that Response to all Disclosure Requests must be in writing by email to the requestor. A written response is necessary for the information of the Requestor, and for compliance purposes. The requirement for written responses is not intended to prohibit other communication from occurring (e.g., if ongoing telephonic communication is conducted in parallel to the writing of the email response), so long as the written response is also provided.
Recommendation 2: The policy must ensure that response time for handling Urgent Requests be fit for purpose.
Specifically, the SSAC recommends that the required response time must have at least the following characteristics:
a. Urgent Requests are a matter of imminent danger. The language of the policy should reflect that responses are to be fulfilled as soon as possible, with urgency befitting the situation.
b. Paragraphs 10.6.1 and 10.6.2 provide time extensions that are not fit for purpose, and these paragraphs should be deleted. No legitimate Urgent Request should be responded to in more than 24 hours.
c. In paragraph 10.6, the word "generally" is imprecise and confusing and should be deleted.
Recommendation 3: ICANN org should acquire and document datar egarding Urgent Requests and make high-level information available to the community for future consideration.
Specifically, the SSAC recommends the data made available to the community must include at least the following metrics
a. Number of Urgent Requests received at registrars and registry operators;
b. Expediency with which Urgent Requests were reviewed, evaluated, and handled;
c. Percentage of Urgent Requests classified as spam, not urgent, or otherwise invalid; and
d. Counts of requests handled and not handled within the contractual requirements (i.e., compliance statistics).
The data collected must be comprehensive enough for ICANN org to examine a registrar or registry operator’ Shandling of Urgent Requests for compliance purposes.
[17] See Letter from Tripti Sinha to Gregory DiBiase, November 13 2023,https://gnso.icann.org/sites/default/files/policy/2023/correspondence/sinha-...
[18] See GAC ICANN78 Hamburg Communique,https://gac.icann.org/contentMigrated/icann78-hamburg-communique
As you can see, these recommendations speak to the substance of the matter. This report does not address the process that led to the incomplete specification of a policy. I expect there will be some separate conversations on that score. I also look forward to working with you to bring the same message to the appropriate Org managers.
Cheers and best wishes for the new year.
Steve
P.S. Note that as of the beginning of this month Ram Mohan is now chair of SSAC and Tara Whalen is vice chair. Jim Galvin continues as SSAC's liaison to the board.
---------- Forwarded message --------- From: Danielle Rutherford <danielle.rutherford@icann.org <mailto:danielle.rutherford@icann.org>> Date: Wed, Dec 20, 2023 at 2:35 PM Subject: [SSAC] The SSAC has published SAC122 and SAC123 To: SSAC - Full List <ssac@icann.org <mailto:ssac@icann.org>>
Dear SSAC Members,
The SSAC has published
SAC122: SSAC Report on Urgent Requests in the gTLD Registration Data Policy < https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee... >
Thanks, Danielle
_______________________________________________ IRT.RegDataPolicy mailing list IRT.RegDataPolicy@icann.org https://mm.icann.org/mailman/listinfo/irt.regdatapolicy
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (4)
-
Dennis Chang -
Kapin, Laureen -
Rubens Kuhl -
Steve Crocker