EPDP Team Face-to-Face meetings held in Los Angeles, California 09-11 September
BACKGROUND DOCUMENTS
Day 1
hamburger model
Alex Deacon - Accreditation Policy and Process Framework For Discussion - Read-Only.
Milton's Memo on accreditation models
Building Block f - accreditation
Building Block c - user groups
Building block n - financial sustainability
Day 2 & 3
Building Block n - financial sustainability
ICANN-EPDP - Qs 1 & 2 - 9th September 2019
ICANN-EPDP - Question 3 - 10th September 2019
ICANN-EPDP - Q4 - 9th September 2019
Building Block i and L - Query PolicyDay 3
Building Block d and h - acceptable use policy
General Info:
EPDP Team Statement of Participation - Phase 2: https://community.icann.org/x/yYWGBg
AGENDA | ICANN EPDP Los Angeles Face-to-Face
9-11 September 2019
Overview (Local Time)
Day 1, Monday 8:00-8:30 Arrival 8:30 Formal Meeting Start 12-13:00 Lunch 17:30 Wrap Up 19:00 Dinner | Day 2, Tuesday 8:00-8:30 Arrival 8:30 Formal Meeting Start 12-13:00 Lunch 17:30 Wrap Up | Day 3, Wednesday 8:00-8:30 Arrival 8:30 Formal Meeting Start 14:00: late lunch and anyone who wants to leave for flights can. END of meeting |
Content Building Blocks ICANN.org CEO Strawberry Team | Content Building Blocks Open Issues Policy Principles | Content Remaining Discussion Topics Implementation Guidelines Confirm Meeting Outcomes and Next Steps |
Meeting Objectives
- Refine Building Blocks
- Develop Agreement on Policy Principles
- Identify EPDP Goals and Work between now and ICANN Montreal
Day 1, Monday | |
08:00-08:30 | Arrive at ICANN Office |
8:30 | Introductions, Agenda Review, Meeting Objectives Group Working Agreements and EPDP Statement of Participation Logistics of Meeting Space Revisit and Confirm SSAD Overall Structure |
9:00 | Revisit and Confirm SSAD Overall Structure Confirm Approach to Building Blocks Discussion |
| 10:00 | Prepare Questions for ICANN.org CEO Göran Marby and Strawberry Team |
10:15-10:30 | Morning Break |
10:30 | Initiate Discussion on Building Blocks Building Blocks F and C Building Block F, Accreditation / Authentication / authorization (Demand Side) Building Block C, User Groups (Demand Side) |
12:00-13:00 | Lunch |
13:15-14:00 | Time Certain Presentation: ICANN.org CEO Göran Marby |
14:15-15:00 | Time Certain Presentation: Strawberry Team |
15:00-15:15 | Afternoon Break |
15:15 | Discussion Based on what we heard in the presentations, what are the implications for our work? Other overarching questions articulated in the survey
|
16:15 | Begin Discussions on Other Building Block Priorities (Demand) Building Block B, Purposes Building Block N, Financial Sustainability |
17:15 | Organize Emergent “New” Issues and Confirm Plans for Day 2 |
17:30 | Wrap Up and Close |
Day 2, Tuesday | |
08:00-08:30 | Arrive at ICANN Office |
8:30 | Reflections from Day 1 Recap Day 1 Outcomes, Review Agenda and Day 2 Objectives |
8:50 | Continue Building Blocks Discussion Carry-over Discussions from Day 1 (Supply) Building Block L, Query Policy SSAD (Supply) Building Block H, Acceptable Use -- Entity Disclosing Data Demand Side, as appropriate Supply Side, as appropriate |
10:15-10:30 | Morning Break |
10:30 | Continue and Move toward Closure on Building Blocks Discussions |
11:30 | Assess Progress toward Achieving Building Block Objectives |
12:00-13:00 | Lunch |
13:00 | Policy Principles Brief Check in on Principles Overall Confirm Priorities / Organize Discussion |
15:00-15:15 | Afternoon Break |
15:15 | Discuss “New” Emergent Issues Continue Policy Discussions |
17:15 | Recap Day 2 and Organize Priorities for Day 3 |
17:30 | Wrap Up and Close |
Day 3, Wednesday | |
08:00-08:30 | Arrive at ICANN Office |
8:30 | Reflections from Days 1 and 2 Recap Day 1 & 2 Outcomes, Review Agenda and Day 3 Objectives |
8:45 | Specific Topics:
|
10:15-10:30 | Morning Break |
10:30 | Review of Balancing Test |
| 13:00 | Summary of Agreements, Timeline, Process Planning, Next Steps Outline of Data Trust effort |
14:00 | Lunch and Adjourn Anyone who wishes to leave for flights can. |
Meeting Audio Cast (for observers)
To join the event, click on the link:
Listen in browser: http://stream.icann.org:8000/stream01
Listen in application such as iTunes: http://stream.icann.org:8000/stream01.m3u
RECORDINGS
Day 1: Monday, 09 September 2019
Audio Recording
Zoom Recording
Chat Transcript
Day 2:Tuesday, 10 September 2019
Audio Recording
Zoom Recording
Chat Transcript
Day 3: Wednesday, 11 September 2019
GNSO transcripts are located on the GNSO Calendar
PARTICIPATION
Attendance:
Day 1: Day 1, Day1 - CRM
Apologies: Amr Elsadr (NCSG)
Alternates: Stefan Filipovic (NCSG)
Joining remotely: Rafik Dammak, Farzaneh Badii
Day 2: Day 2, Day2 - CRM
Apologies: Alex Deacon (IPC)
Alternate: Jennifer Gore (IPC)
Joining remotely: Rafik Dammak, Farzaneh Badii
Day 3: Day3, Day3 - CRM
Apologies: Amr Elsadr (NCSG)
Alternates: Stefan Filipovic (NCSG)
Joining remotely: Farzaneh Badii
Notes/ Action Items
Action Items
- Alex Deacon, Milton Mueller and other willing volunteers to draft a write up of a potential accreditation model, taking into account the Team’s F2F discussions, in advance of the Thursday, 19 September meeting.
- IPC, BC, SSAC, and GAC reps to separately draft a vision for their “ideal accreditation model” in order to assist the group with what the baseline accreditation requirements could be as well as the attendant benefits of accreditation within the architecture of an SSAD by Wednesday, September 18.
- Support Staff to create a table (in the form of a Google Doc) which includes a column for each lawful basis and a column for what a requesting party would be required to provide in its request, what is the expected response time, is automation likely, what are the standardized categories that may fall within that lawful basis, etc. Following receipt of the table, the EPDP Team members to populate the contents of the table. If there are commonalities, policy recommendations can be drafted accordingly.
- Support staff to create a Google Doc in which EPDP Team Members are to review and consider the types of disclosure decision models (in other words, who is making the ultimate determination to disclose non-public registration data - contracted party or ICANN) and what would make these options acceptable to the different groups by Thursday, September 19.
- EPDP Team to review the legal memos and come back with the most relevant points that need to be factored in as the Staff Support Team produces the 1.0 draft by Thursday, September 19.
- James and Mark Sv. to work together on a revised proposal for Building Block L (SSAD query policy) by Thursday, September 19. When discussing updates to Building Block L, Team members to consider if it is within the Team’s charter to continue discussing this issue.
- Matt C. to review the legal advice on how to perform the balancing test and update Alan Woods’ initial balancing test document into a simple guide to conduct the balancing test to be included in the next iteration of the zero draft by Thursday, September 19.
- Contracted party Team members to draft letter to ICANN Board, outlining scenarios discussed, including where the disclosure decision lies within the SSAD, and inquire whether there are any options the Board would not be amenable to.
High-level Notes
ACCREDITATION–Building Block F
Straw Proposals Presented prior to Discussion: Milton Mueller and Alex Deacon
Outcome / Agreements
- EPDP Team did not agree on accreditation process or assignments; however, it agreed that a small group would consider the Team’s discussion during the F2F and develop a proposal for a subsequent discussion.
- The EPDP Team agreed to separate authentication from authorization. The team did not agree that the accreditor would perform the authorization function.
Discussion Notes
Purpose | · Remove burden from entity providing disclosure · Provide code of contract or series of contracts · Spread liability (without diminishing protections for data subjects) · Provide process pathway to track data / monitoring |
Who serves as accreditor | · Entity develops request or proposal · Competent authority with legal basis; demonstrates consistency with Article 42 and 43 · EPDP sets outline and principles and assessment activities |
Accreditor Tasks | Authentication – confirm identity Establish preliminary determination on lawful basis Consider how to manage volume requests NOTE: Authorization process is not necessarily with the accreditor. Sub-team will consider whether Authorization should rest with another entity or with the accreditor or unique criteria |
Role: Certifying Accreditor
| No Agreement, options discussed: · ICANN – difficult because they process of data · Independent Data Trust · DPA |
Role: Accreditation Body(ies) | · WIPO · Law enforcement–each country would have one entry point. i.e. in U.S. it might be FBI or in other countries, it would be the national country. · Europol and Interpol–agree this is not possible for law enforcement agencies, at least not for certain countries · Limit # of accrediting bodies to be able to manage system · Create track for entities that are not accredited |
Role: Auditor | Agree that auditing is needed; unclear who should conduct audits |
Role & Process: De-Accreditation | EPDP agrees that de-accreditation should be a component Accreditor must be compliant with DPAs Need to establish how to do this, such as: · Safeguards, prevent entity from setting up shop next door · Remedial action, i.e. may not shut down immediately, some corrective action is possible |
Decision to Disclose | Joint Controller Who Balances? Entity with Legal Basis | ||
Options: Who Decides? {Note: EPDP did not decide on preferred option in LA. Group will consider options and potentially write a letter to Board to frame questions} | JC Agreement § Responsibilities identified in agreement; CPs cannot increase their risk § Must be correct to manage liability / risk § Liability is clearly defined (ICANN or CPs) § Establish Joint and Severable Liability | ||
Contracted Parties | ICANN | Independent Data Trust | |
PROS/CONS + Most accountable to data subject + Has physical access to data - Lack of consistency with hundreds of CPs applying policy to make decision to disclose - ICANN unable to indemnify CPs (maybe, shared risk possible) + Bird & Bird Memo states that CPs are controllers and retain liabilities | PROS/CONS + Reduce risk of liability to CPs + Provides consistency + One party that performs decision and auditing role might be preferable + Build body of work / decisions consistently | Considerations for all Options Standardized clearing house Timely Response Insurance to alleviate risk or establishing risk fund may be possible | |
ICANN sets rules so it has to be a joint controller | SSAD Not required by law Goal = predictable Easier | ||
Building Block N, Financial Sustainability
Outcome: Staff to develop Draft 1.0 with implementation guidelines consistent with the F2F discussion.
Note: The EPDP noted the need to make SSAD Determination and consider cost-benefit analysis before finalizing approach to financial sustainability.
Set Up | Cost of Providing and Making Available an Investigative Tool |
Cost Sharing Share cost across the system Direct and indirect beneficiaries Share costs across the system CPs contribute intangible resources via in-house staff, etc. | ||
Use Look at other Models | ||||
ANTICIPATED BENEFITS: Certainty to Process Cost Savings | ||||
FLIP CHARTS
Each stakeholder group contributed principles / ideas to ignite the conversation.
SSAC All participants have costs:
Issue subsidies? Letting market work RDS as basic service / core service Passing costs to requestors: May burden victims. | GAC
|
CPH
| ALAC Consider: · Costs · Cost Savings · Accreditation costs borne by users · Charge / Requestor: consideration of public interest exception · Chares passed through to registrants seems inevitable (it’s part of the infrastructure) |
NCSG Costs [potential funder]
| CSG OK for cost-sharing to vary by volume, requestor type, legal obligation, etc. Fees on per-request basis are problematic Must not create disincentives to costs reductions |
