[NCSG-PC] Fwd: Suggested Edits to Scope in the EPDP Charter

Kathy Kleiman kathy at kathykleiman.com
Wed Jul 4 22:24:33 EEST 2018 

/Suggested edits [in red] to Keith's additions to _Part 2.j_:/

//j)Access to non-public registration data

j1) Should the requirements detailed in Appendix A, Section 4 of the 
Temporary Specification remain in place until a system for accredited 
access is developed?

i2) What is a reasonable amount of time by which a registrar/registry 
must respond to a third party’s request for access to non-public data? 
Does it matter who the third party is, e.g., law enforcement, 
cybersecurity or intellectual property attorney?

j3) Is there a standard set of information that third-party requestors 
should provide to a registrar/registry when submitting a request to 
access non-public registration data? Does it matter who the third party 
is and for what purpose he/she/it seeks the data?

/*Also, shocked to see the newly-added Phase II section below. My 
understanding from our NCSG Policy meeting in Panama is that both CPH 
and NCSG to not want this EPDP to work through the details of Accredited 
Access. Thus, I point out that it is now drafted for inclusion as a 
"Phase II." In what time?
*/

/*I **don't see **how this section can possibly be done in 3-4 months 
(for which the original drafting most be done)**-- far too much public 
in**put needed, **far beyond the **expertise of ICANN, and far too fast 
for the communities (e.g. **cybersecurity, law enforcement and 
intellec**tual property) to respond with informative public comment, 
**information and guidance. Quick note as a Co-Chair of a huge PDP, 
having two Phases is very, very bad idea. It's very inefficient and it 
is very time-consuming. I think NCSG PC was right in our original 
assessment: have one phase (without access and accreditation), wrap it 
up and then move on to a new phase in a separate PDP or EPDP.*/

To be deleted, Phase II below??

Phase II: System for Accredited Access to Non-Public Registration Data

a) Parties that may access the data
a1) What are legitimate purposes for third parties to access 
registration data?
a2) What legal bases exist to support this access?
a3) Which parties/groups meet these purposes?
a4) Do those parties/groups consist of different types of users?
a5) What data elements should each user/party have access to based on 
their purposes?

b) Vetting processes

b1) Should different types of parties be vetted by different bodies?

b2) Which bodies can effectively vet each party/group?

b3) What criteria will vetting bodies use to assess each party/group?

b4) What requirements will different parties/groups need to meet to be 
vetted?


c) Credentialing

c1) How will credentials be granted and managed?

c2) Who is responsible for providing credentials?

c3) How will these credentials be integrated into 
registrars’/registries’ technical systems?

d) Terms of access and compliance

d1) What rules/policies will govern users' access to the data?

d2) What rules/policies will govern users' use of the data once accessed?

d3) Who will be responsible for establishing and enforcing these 
rules/policies?

d4) What, if any, sanctions or penalties will a user face for abusing 
the data, including future restrictions on access or compensation to 
data subjects whose data has been abused?

d5) What kinds of insights will CPs have into what data is accessed and 
how it is used?

d6) What rights do data subjects have in ascertaining when and how their 
data is accessed and used?

Best, Kathy



On 7/4/2018 1:52 PM, Rafik Dammak wrote:
> Hi all,
>
> Those changes on scope were proposed by keith, it is all about the 
> access and phasing. Please review carefully and discuss here.
>
> Best,
>
> Rafik
>
>
> ---------- Forwarded message ---------
> From: Drazek, Keith <kdrazek at verisign.com <mailto:kdrazek at verisign.com>>
> Date: Wed, Jul 4, 2018, 12:00 AM
> Subject: Suggested Edits to Scope in the EPDP Charter
> To: marika.konings at icann.org <mailto:marika.konings at icann.org> 
> <marika.konings at icann.org <mailto:marika.konings at icann.org>>, 
> susankpolicy at gmail.com <mailto:susankpolicy at gmail.com> 
> <susankpolicy at gmail.com <mailto:susankpolicy at gmail.com>>, Heather 
> Forrest (Heather.Forrest at acu.edu.au 
> <mailto:Heather.Forrest at acu.edu.au>) <Heather.Forrest at acu.edu.au 
> <mailto:Heather.Forrest at acu.edu.au>>, Donna.Austin at team.neustar 
> <Donna.Austin at team.neustar>, rafik.dammak at gmail.com 
> <mailto:rafik.dammak at gmail.com> <rafik.dammak at gmail.com 
> <mailto:rafik.dammak at gmail.com>>
>
>
> Hi all,
>
> Please find attached some suggested edits to the scope section of the 
> Charter, primarily intended to clarify the two-phase approach (Temp 
> Spec and then Access Model) and to help identify what issues from 
> Phase 1 are gating for Phase 2.
>
> Susan, I understand you and Samantha chatted about this in Panama, so 
> we wanted to follow up with proposed text.
>
> Let me know if you have any questions, or if this should be added 
> directly to the Google doc. Note that the recommendations will impact 
> the timeline graphic as noted in the comment on Page 6.
>
> Best,
>
> Keith
>
>
>
> _______________________________________________
> NCSG-PC mailing list
> NCSG-PC at lists.ncsg.is
> https://lists.ncsg.is/mailman/listinfo/ncsg-pc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20180704/c53f28e3/attachment.htm>

More information about the NCSG-PC mailing list