[NCSG-PC] Option 1

[Tomslin Samme-Nlar]

Dear members,

First, I want to thank the EPDP members and everyone who is contributing to
this debate. Much appreciated.

While following the debate and reading the arguments assiduously, the
question that kept coming to mind as policy chair is if there is a due date
for us to have decided what the NCSG position is.

I note that in the EPDP WG communication and as indicated by Stephanie in a
separate email yesterday, the EPDP Team is to review updated version of the
legal v. natural write up and indicate which aspects they can't live with by
Friday 7 May. I suppose this means we need to provide an agreed guidance on
an NCSG position to our EPDP team reps by this date, which leaves us with
only one day to conclude on this.

>From the discussion so far, *Option 1- the Status Quo* seem to have the
most support from membership. Can anyone else who is against this option
being the NCSG position please state their objection by 13:00 UTC 6 May?
This should give us some time before Friday to agree. Absent a significant
number of objections, *Option 1 - the Status Quo* will be the NCSG position
on this matter.

Cheers,
Tomslin
Policy Chair


On Thu., 6 May 2021, 08:31 Stephanie E Perrin, <
stephanie at digitaldiscretion.ca> wrote:

> I agree that the RrSg work on this is useful and to be encouraged, but I
> think the only way to keep it from becoming mandatory, either through
> policy or through inclusion in their contracts or through the upcoming
> accuracy pdp is to make it  voluntary RrSg advice, not EPDP policy or
> guidance.  It is well within their mandate to publish it themselves and you
> can see from the comments on the google document, the pressure to make
> options MUST instead of May Wish to......
>
> cheers Stephanie
>
> PS there is also a big question of co-controller liability on the part of
> ICANN, for the accuracy and reliability of this guidance
> On 2021-05-05 2:42 a.m., 陳曼茹 Manju Chen wrote:
>
> Hi all,
>
> I agree with Stephanie and Kathy that we have to 'hold the line', but my
> idea of 'the line' is a bit different than the simple 'status quo'.
>
> In my opinion, the line we should definitely hold is 'to keep the guidance
> from becoming a requirement'. So we maintain that 'registrars should be
> able to choose to differentiate or not' but develop guidance for if they
> wish to do so. Basically Milton's scenario 3.
>
> I'd also like to point out that according to Volker's statement on behalf
> of RrSG, they are not against developing guidance either. In fact, the RrSG
> has provided a table as their proposed guidance on this matter. I would
> encourage us to work with CPs on refining the table and make sure the final
> guidance resembles RrSG's table instead of the detailed instructions
> currently proposed by the surveillance caucus.
>
> Best,
> Manju
>
> On Wed, May 5, 2021 at 11:39 AM Mueller, Milton L <milton at gatech.edu>
> wrote:
>
>> Kathy, Stephanie, and NCSG members:
>>
>>
>>
>> Personally, I would have no problem falling in line with your position.
>> But there are two fatal flaws that you need to address. First, you are
>> describing only what _*we*_ want and not thinking at all about how you
>> get consensus. Second, your description of what we want does NOT correspond
>> to what will actually happen if we “hold the line.” As much as I would like
>> to promote harmony and unity among NCSG EPDP representatives, I don’t think
>> you have thought things through.
>>
>>
>>
>> I know perfectly well that we don’t want any differentiation and that the
>> registrars don’t either. What you are overlooking is that the other half of
>> the EPDP does want it, and the board will see the EPDP as deadlocked. So
>> Option 1 will make you feel very self-righteous in the short term, but what
>> happens next? You are, as I will show, leading us down a blind alley.
>>
>>
>>
>> I can think of 3 scenarios we can discuss as a basis for action.
>>
>>
>>
>> Scenario 1.
>>
>> We “hold the line,” and we revert to Phase 1 recommendations unchanged.
>> There is _*no guidance*_. The other half of the EPDP just gives up and
>> accepts it. This result is not bad, I admit, if that last bit happens.
>>
>> But what are the Phase 1 recommendations? You have misrepresented the
>> “status quo” as not differentiating legal and natural. WRONG. What will
>> happen under this option is that any registrar or registry can choose to
>> differentiate in any way they like. And there will be no guidance that you
>> can appeal to if they do it wrong. You say you don’t want registrars asking
>> users whether they are legal or natural. Well, sorry, that can happen under
>> your Option 1. A deadlock on EPDP means that differentiation is neither
>> prohibited or required, it is up to the contracted parties. Many registrars
>> won’t do it, but some will. Registries could do it, too. This is the “let
>> the market decide” option. Stephanie has become a libertarian, I guess.
>>
>>
>>
>> Scenario 2
>>
>> Scenario 1 assumes the other side accepts defeat. But what if we “hold
>> the line,” and the other half of the EPDP doesn’t accept it? The European
>> Commission, the US justice department, the GAC, SSAC, and of course the
>> IPC/BC and ALAC join a strong chorus telling the board “something must be
>> done.” The Board is influenced, and refuses to accept the recommendation,
>> as it has done with the SSAD (which the same group of stakeholders
>> opposed). We have seen the Board cave to GAC and governmental demands again
>> and again, the latest example being “curative rights” for IGO acronyms,
>> which the GNSO never approved. Worse, the EC may modify its NIS2
>> legislation to require ICANN to differentiate. The US congress could
>> intervene. The issue festers for another three – five years. Several
>> powerful players start attacking the multistakeholder process. Maybe ICANN
>> corrupts its process once again.
>>
>>
>>
>> Scenario 3
>>
>> Scenario 3 is that we don’t require differentiation of legal persons, but
>> we develop consensus guidance on how contracted parties should do it if
>> they choose to do it. This is the most likely scenario, and it’s one that
>> your position paper completely ignores. If you do want guidance, the
>> approach to guidance that I have suggested is best, because it is a very
>> lightweight process of self-identification by registrants. By offering some
>> differentiation it may defuse the opposition of the other stakeholders. On
>> the other hand Stephanie’s complicated, expensive and power-surrendering
>> approach is not the kind of guidance we want.
>>
>>
>>
>> By now it should be clear to anyone who’s read this far that Scenario 1
>> is not as wonderful as you say and may not be possible. The EPDP is already
>> deeply invested in developing guidance about how registrars should and
>> should not differentiate. We have been working on it for weeks. Unless
>> something changes radically in the next week, we will actually produce some
>> guidance about differentiation. So, I suggest that we confine our debate to
>> Scenario 2: the developing of nonbinding guidance. I suggest again that
>> allowing registrants to choose to identify their registration as one of a
>> legal person, with their data published or automatically available via
>> SSAD, creates a path to consensus and to resolving the issue, whereas your
>> preferred path does not.
>>
>>
>>
>> To conclude, I call your attention to a pathology that is paralyzing
>> nearly all of ICANN’s working groups. Defining your position and “holding
>> the line” is a strategy that all the SGs and ACs seem to adopt now. It
>> turns all these deliberations into a bunch of people re-stating their
>> position again and again for 3-4 years, re-litigating issues endlessly,
>> avoiding any serious middle ground. No thought is given to finding a
>> solution that achieves a critical mass of consensus.
>>
>>
>>
>> Anyone who wants to be a serious participant in developing the NCSG’s
>> position in EPDP has to answer a very basic question:
>>
>>
>>
>> How does this end?
>>
>> What is your scenario for achieving the level of agreement needed to pass
>> a policy?
>>
>>
>>
>> Looking forward to your response.
>>
>>
>>
>> Dr. Milton L Mueller
>>
>> Georgia Institute of Technology
>>
>> School of Public Policy
>>
>> Internet Governance Project <https://internetgovernance.org/>
>>
>>
>>
>>
>>
>>
>>
>> *From:* NCSG-Discuss <NCSG-DISCUSS at LISTSERV.SYR.EDU> *On Behalf Of *
>> kathy at DNRC.TECH
>> *Sent:* Tuesday, May 4, 2021 5:35 PM
>> *To:* NCSG-DISCUSS at LISTSERV.SYR.EDU
>> *Subject:* Option 1
>>
>>
>>
>> Tx to Milton, Stephanie, Manju, Tapani, Farzi, Mark Leiser, Kim von Arx
>> and everyone else who commented on our dicussion of options for the EPDP.
>>
>> As it's time to wrap up this issue so our EPDP members can present our
>> view to the EPDP Group, I co-wrote the email Stephanie posted earlier today
>> (attached below too). Best regards, Kathy
>> ------------------------------------------------------------------------
>>
>> Fellow NCSG members,
>>
>> >We would like to work together to share our rationale for Option 1 –
>>
>> maintaining the status quo and not asking further follow-up questions,
>> mandatory or otherwise, about legal and natural persons. While the EPDP
>> phase 2a discussions have been an educational and interesting exercise, we
>> are not under any obligation to change the existing policy, or further
>> complicate it.
>>
>> As we have all discussed, legal/natural person questions are very
>> complicated for many of our members who are often noncommercial and
>> non-profit organizations whose structure and ways of obtaining domain names
>> do not resemble those of the large corporations other stakeholder groups
>> represent. Our members may have many layers of privacy protection in
>> less-well-known sections of the GDPR, other local law, Constitutions and
>> international conventions.
>>
>> We learned that recent studies show that 50% of gTLD domain name
>> registrations are for natural persons – and at least 25% more have
>> overlapping entity and personal data (e.g., the organization name has
>> personal data in it and is thus protected as personal data).
>>
>> Stephanie and Kathy shared their concerns for legal/natural person
>> questions during our long work on the Proxy and Privacy  Accreditation
>> Working Group.   We worked closely with the Registrars Stakeholder Group to
>> protect registrant privacy – including Battered Women’s Shelters, family
>> planning clinics, and girls educational institutions – all of which may be
>> legal entities, but have protectable data due to obvious danger from
>> disclosure in certain countries.
>>
>> *In light of the complicated world around us, we support Option 1- the
>> Status Quo. * We ask the NCSG to adopt this as our stance.  *Based on
>> the existing policy which makes differentiation of legal/natural persons
>> optional for each registrar, we believe we already have the*
>>
>>
>>
>>
>>
>>
>>
>> * -        best way to fight DNS Abuse, -        best way to protect
>> individuals and noncommercial organizations, and -        best way to
>> follow GDPR and other applicable human rights and free speech laws
>> Therefore, we recommend NCSG “hold the line” and stick with Option 1.*
>>
>> *As the Registrars wrote in their EPDP Statement on Thursday April 29: **We
>> have heard plenty of vocal support in this group to  [differentiate between
>> legal and natural persons in a mandatory fashion], but to date the RrSG
>> have not heard any compelling reason to create policy that makes this
>> dramatic shift to the domain registration landscape.*
>>
>> *We agree. * Nothing will stop other stakeholder groups from demanding
>> further disclosure of data, and lobbying other parties including
>> governments. *What we can do in ICANN is come up with the best solution
>> for us at this time.*
>>
>> Many thanks to the members of our NCSG EPDP Team for your hard work. This
>> has been a long road.  With new studies, new information and legal
>> opinions, we think we have a clear and strategic path forward.  We believe
>> our position to be closely aligned with that of the Registrar Stakeholder
>> Group, which they articulated on April 29 (see below).
>>
>> Best, Kathy Kleiman and Stephanie Perrin
>>
>> ---------------------------------------------------------
>> The Registrar Stakeholder Group issued their position statement on
>> Thursday (4/29):
>>
>> The members of the RrSG EPDP team have participated in this process in
>> good faith since day one and will continue to do so; however, we need to be
>> crystal clear that members of our Stakeholder Group, whom we are here to
>> represent, have voiced and recently reconfirmed their strong opposition to
>> any policy coming out of this group that makes differentiation between
>> natural and legal persons for domain registrations mandatory.
>>
>> We have heard plenty of vocal support in this group to do just that, but
>> to date the RrSG have not heard any compelling reason to create policy that
>> makes this dramatic shift to the domain registration landscape. The
>> Contracted Party can make the most accurate assessment of their own legal,
>> technical, and commercial risks and obligations, and is the only party that
>> can determine what level of risk they should assume. The scope of this EPDP
>> Phase 2a is to consider if changes are required for the relevant
>> Recommendation; it has become clear through this process that no such
>> changes are required
>>
>> To the extent this group can focus its energies on guidance to contracted
>> parties which choose on their own to make this differentiation, we continue
>> to believe that is a worthwhile exercise. We believe that guidance
>> materials including educational information provided by ICANN in multiple
>> languages would help contracted parties educate registrants and this would
>> be a valuable effort.
>>
>> That said, based on analysis done by our stakeholder group's members, we
>> reject the notion that the majority of registered domain names are
>> registered to legal entities. We further remind this team that we have not
>> yet seen evidence that increased publication of registration data will
>> address any of the problems which have been mentioned so far in this phase,
>> and that the registration data is reliably and promptly available to those
>> who do have a legitimate reason to access it.
>>
>> Finally we note that this statement represents the official position of
>> the Registrar Stakeholder group, and statements from members of other
>> groups participating in the EPDP do not represent our group’s position.
>>
>> *(Source: Transcript of EPDP-Phase 2A Team Call, 29 April 2021, Statement
>> of Volker Greimann on behalf of the Registrars Stakeholder Group read into
>> the record)*
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-pc/attachments/20210506/a9516394/attachment.htm>