/
7 April 2015

7 April 2015

Owned by Mary Wong
Apr 20, 2015

The next  Privacy & Proxy Services Accreditation Issues PDP WG teleconference is scheduled for Tuesday 07 April 2015 at 1400 UTC (07:00 PDT, 10:00 EDT, 15:00 London, 16:00 CET).

For other timeshttp://tinyurl.com/or4fog8

Adobe Connect WITH AUDIO enabled: https://icann.adobeconnect.com/ppsai/ 

 

Agenda:

  1.  Roll call/updates to SOI
  2. Continue deliberations on Category F, specifically: (a) attestation/signatory for Requests; (b) Section III.C(5); (c) non-use of high-volume automated processes; and (d) the Annex.
  3. Next steps/next meeting


Documents for Review:

Draft Disclosure Text - updated 6 Apr 2015

Annex 1 original language


MP3 Recording: http://audio.icann.org/gnso/gnso-ppsa-07apr15-en.mp3


Meeting Transcript: http://gnso.icann.org/en/meetings/transcript-ppsai-07apr15-en.pdf


Attendees: 

Frank Michlick – Individual

Justin Macy - BC

Val Sherman – IPC

Griffin Barnett – IPC

Kathy Kleiman – NCSG

Darcy Southwell – RrSG

Todd Williams – IPC

Steve Metalitz - IPC

Graeme Bunton – RrSG

Jim Bikoff - IPC

Volker Greimann – RrSG

Alex Deacon –IPC

Stephanie Perrin – NCSG

Phil Corwin – BC

Chris Pelling – RrSG

Carlton Samuels ALAC

Richard Leaning –  no soi

David Hughes – IPC

Tatiana Khramtsova – RrSG

Terri Stumme - BC

 Holly Raiche – ALAC

Vicky Sheckler – IPC

Susan Kawaguchi - BC

Luc Seufer – RrSG

Michele Neylon – RrSG

Osvaldo Novoa - ISPCP

Roger Carney – RrSG

David Heasley - IPC

  

Apologies:

Don Blumenthal – RySG 

Lindsay Hamilton-Reid – RrSG

Kiran Malancharuvil – IPC

James Bladel – RrSG

Paul McGrady – IPC

 

ICANN staff:

Mary Wong

Marika Konings

Amy Bivins

Nathalie Peregrine

 

Adobe Connect chat transcript for Tuesday 07 April 2015

   Nathalie  Peregrine:Welcome to the PPSAI WG Meeting of 07 April 2015

  Mary Wong:I can hear you

  Mary Wong:Clear as a bell :)

  Michele Neylon:Graeme I can hear you

  Michele Neylon:though I'm not listening

  Holly Raiche:I'm not hearing anything - but then noone is talking?

  Michele Neylon:I've got music on

  Chris Pelling:clicking noised on bridge

  Frank Michlick:I'm listing to a podcast ;-)

  Chris Pelling:ok clicking seems intermitent, if it gets on my nerves ill calll back in

  Chris Pelling::)

  Frank Michlick:Will stop that though when this call starts.

  Frank Michlick:hello!

  val sherman:David Heasley also on audio bridge

  Graeme Bunton:Thanks Val

  Osvaldo Novoa:Hello all, sorry I'm a bit late

  Nathalie  Peregrine:Todd Williams and Vicky Schedkler have joined the call

  Kathy:Sorry Graeme -- too many holidays!

  Nathalie  Peregrine:Michael Shoukry has joined rhe call

  Kathy Kleiman:I think we should bar it, but how do you know?

  Mary Wong:Yes it's at the end

  Nathalie  Peregrine:Terri Stumme is on the audio bridge

  Mary Wong:Last para in blue (sorry, having audio and voice issues)

  Kathy Kleiman:Good paragraph - can we move it up in the doc?

  Darcy Southwell:I agree with Graeme from a service provider's perspective.

  Stephanie Perrin:I think the threshold for asking for a reveal has to be a lot higher than for the others....

  Nathalie  Peregrine:Carlton Samuels has joined the room

  Carlton Samuels:Morning all

  Stephanie Perrin:Therefore, we need to add language here.  I have no objection to the service provider, for instance, automatically forwarding any requests.

  Stephanie Perrin:"any steps in the process" makes it over-broad...

  Stephanie Perrin:"in the absence of human review" also makes me a bit nervous, we would have to define human review.  

  Kathy Kleiman:New II.D

  Kathy Kleiman:+1 Volker

  Kathy Kleiman:quality and quantity

  steve metalitz:We ashould also find automated high volume refusals to disclose and automated high volume responses from customers  objectionable.

  Nathalie  Peregrine:Luc Seufer has joined the call

  Carlton Samuels:@Stephanie: Higher threshold for reveal +1.  

  vicky sheckler:disagree w/ stephanie and carlton

  Michele Neylon:whoever is being noisy can you please use the mute button

  Carlton Samuels:I can't hear Steve....I'm on A/C Audio only

  Volker Greimann:true, Steve

  Nathalie  Peregrine:Please all mute mics when not speaking.

  Kathy Kleiman:But it doesn't cover everything...

  Stephanie Perrin:Steve you are fading in and out

  Carlton Samuels:@Steve: Yes, attestation at all levels +1

  Stephanie Perrin:agree with the belt and suspenders

  Stephanie Perrin:people are disappearing frequently

  Chris Pelling:i left and came back

  Chris Pelling:way better

  Chris Pelling:no clicking at all

  Stephanie Perrin:IS everyone having fade in and out or do I need to redial?

  Nathalie  Peregrine:If you are having issues with AC audio, please dial into the phone bridge, or we can dial out to you.

  Stephanie Perrin:+1 Kathy

  Chris Pelling:I agree with Kathy

  Mary Wong:The words "high volume, automated processes" are from the RAA.

  Stephanie Perrin:In other words, Humans do use computers to send things out....

  Luc Seufer:Just as an FYI the French DPA allows AFNIC to disclose private data but the request and the disclosure need to be reviewed by a human.

  Chris Pelling:I would agree with Michele, as long as each notice is reviewed by a LIVING and breithing person it is ok

  Carlton Samuels:@Kathy: Let's err on the side of TMI; keep it and look to placement

  Mary Wong:Yes

  val sherman:+1 Graeme and Michele -- if there is human review, the communication should not be considered automated

  Mary Wong:With suggested edits from Volker

  Kathy Kleiman:very responsive

  Carlton Samuels:@Steve: There was the use of the word 'solely' there as well

  Kathy Kleiman:@Steve: I think you summarized the concerns well

  Mary Wong:Would "human rights (e.g. FoE or privacy)" work?

  vicky sheckler:that is not a pretext

  Holly Raiche:Agree with Volker and Stephanie

  Volker Greimann:Stephanie +1

  Michele Neylon:shes' cutting out

  Volker Greimann:what is violated by the reveal is always the privacy., but now always human rights

  Chris Pelling:I agree

  Michele Neylon:privacy is a human right though ?

  Volker Greimann:so if it needs to be violated, the threshhold should be met

  val sherman:The mere desire of the customer to preserve their privacy cannot be sufficient to refuse a legitimate request, meeting all other criteria of these standards

  steve metalitz:(5) only comes into play once requestor has met "threshold for "'reveal" (actually, for disclosure)

  Holly Raiche:Yes Michele - but what is being protected is privacy - which should be the default position

  Volker Greimann:Exactly

  vicky sheckler:strongly disagee w/ stephanie.  that is not a pretext, which is what the provision todd wrote was trying to addres

  Carlton Samuels:@Graeme: I would prefer the use of  the word 'mainly' or a phrase that removes the [artificial] limit

  Michele Neylon:Holly yes but the privacy or lack of it can stem speech

  steve metalitz:No, that does not make sense, Stephanie, in light of our discussions over the past 16 months

  Holly Raiche:@ Michele - true enough, but what Stephanie is saying is that people ought to be able to choose to protct their personal informtion unless there is a demonstrable reason otherwise

  Carlton Samuels:@Stephanie: +1 Should be no need to prove harm to protect privacy

  Holly Raiche:@ Kathy - the language is there - just use privacy at the end

  vicky sheckler:there is a general rule about when the p/p customer can request refusal of the disclosure, agqain AFTER the requester has provided the requisite information about a violation of the requrester's rights

  Mary Wong:The framework language since this was first presented has been premised (in Section III) on the customer providing reasons to the provider NOT to disclose.

  Mary Wong:As Vicky notes, this happens AFTER a provider receives a full and accurate request (per the framework requirements)

  vicky sheckler:Kathy - rights to authroship are also a human right.  privacy does not defacto trump any other tights no matter what

  vicky sheckler:rights to authorship are in the human declaration of human rights

  Kathy Kleiman:legitimate rights and protections (e.g., freedom of expression and freedom of association).”

  Stephanie Perrin:I would be happy to provide edits after the call...

  Carlton Samuels:We agreed all applicants following the same set of rules can have a P/P registration. We cannot now say to maintain it post registration and in the absence of credible evidence of infraction of rules, one must prove harm to retain it!

  Carlton Samuels:@Kathy: +1. Let's go for more explicit. Err on the side of TMI here.

  vicky sheckler:i agree w/ Steve.  feels like we are going backwards

  Kathy Kleiman:+1 Volker

  Holly Raiche:That is how I understood what Volker was saying

  vicky sheckler:or we get rid of item 5.

  steve metalitz:Looking forward to seeing your language Stephanie.

  Kathy Kleiman:@Vicky - I think we are getting close; and it is very important

  Mary Wong:@Stephanie, isn't that example you give already covered by the current language? Esp if we say "human rights (e.g FoE and rights to privacy)"?

  Kathy Kleiman:Todd's language is good - just tweaking

  Stephanie Perrin:I agree, we are just talking about tweaking

  Holly Raiche:@ Stephanie - are we not really saying that respect for privacy through genuine tests before reveal is allowed serves to protect the other rights

  Todd Williams:I'm back.  Sorry.  I'll check the transcript on what I missed.

  Mary Wong:Note also footnote #2, which adds Val's suggestion for what the form of attestation might look like (bottom of pg 4)

  Kathy Kleiman:self-attestation, hmmm

  Kathy Kleiman:it seems to have some limitations

  Stephanie Perrin:@ Holly yes that is the bottom line, this service protects privacy and confidentiality of customer data in order to protect other fundamental human rights (including Privacy)

  Mary Wong:To clarify - the main text specifies WHAT the attestation requires, the footnote suggests HOW this might look

  Holly Raiche:@ Stephanie - Tks

  vicky sheckler:stephanie - or to protect those that violate others rights.  p/p services are abused by wrondoers too.  Well over a majority of the sites we monitor that engage in widespread infringement are behind p/p serivces

  Mary Wong:Note that those ccTLD operators whose disclosure requests policies we could find requires at most "authorized representative" and certification/attestation that any disclosed info will only be used for the specified purpose.

  vicky sheckler:we need to find the proper balance, not keep saying that one right trump[s over anythign else

  Stephanie Perrin:@ Vicky I understand that.  If a requestor can  make a valid case to prove that, the customer data is revealed.

  Holly Raiche:@ Vicki - I think we are all aware of the abuse of p/p services, and I don't think access to information by law agencies is problematic for anyone in this WG

  Stephanie Perrin:Indeed, we are not talking about LEAs here, we are talking about civil action.

  Holly Raiche:@ Vicki and Stephanie - agreed

  vicky sheckler:Kathy - that seems like more than what cctld operators are requiring. Not sure why we can't follow the ccTLd oeprators lead here

  Mary Wong:We have not come across any published policy that requires documentation other than ID and TM registration cert (for example).

  Mary Wong:Published ccTLD policy, I mean.

  Chris Pelling:its putting an enforcable action for being able to sue the requestor

  Stephanie Perrin:Is this not the first time that we have looked at the issue?  Why follow the ccTLDs?

  vicky sheckler:+1 w/ Val

  Mary Wong:For example, CIRA (.ca) requires a form with name, address and reasons to be stated, accompanied by a notarized/certified copy of a TM registration plus proof of requestor identity.

  Mary Wong:@Stephanie, it was just to see if we can find guidance or common practice that, if appropriate, we can consider utilizing.

  Chris Pelling:sorry, its having the paperwork to show it

  Stephanie Perrin:@Mary, and I do agree that the CIRA example is better than many

  Kathy Kleiman:@Mary: But we are setting up probably a whole new scale for reveal requests - probably far beyond ccTLD requests

  Carlton Samuels:@Val: Would it mean the same if there is some registration of requestor's connection to the rights owner?

  Chris Pelling:@Steve its not really documents, its a single page in most cases

  vicky sheckler:i need to drop off. sorry

  Stephanie Perrin:This process definitely has to set the standards for the agency represnetation.  Otherwise, we know that services will be outsourced to the lowest price.

  Kathy Kleiman:@All: It's an accountability issue

  Stephanie Perrin:Yes it is an accountability issue.

  val sherman:Carlton -- i'm not sure I understand your question.

  Mary Wong:@Kathy, agreed on scale - so question is whether any particular requirement is both practical and justified in the context.

  Volker Greimann:caveat: unless I have to...

  Frank Michlick:thank you

  Carlton Samuels:@Val: To relieve seeing contracts fto attest standing, could a pre-reg work?

  Kathy Kleiman:Tx Graeme and All!

  Darcy Southwell:Thanks!