2018-09-16

News Review: GDPR, EPDP Dysfunction, ICANN's Flawed Temp Spec

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-09-16) with analysis and opinion: Features •  1) GDPR, EPDP Dysfunction, ICANN's Flawed Temp Spec, 2) Other ICANN news: a.GDPR Webinar, b. BAMC, c. .PHARMACY breach, 3) Names, Domains & TMs: a) PIR Registry, b.Namecheap, 4) ICYMI: China, EU, Google, Blockchain & Internet Freedom, 5) Most Read.

UPDATE Sep 17, 2018: ICANN Loses Again in Appellate Court in Germany
 Appellate Court of Cologne Order in ICANN vs EPAG Domainservices, GmbH
ICANN v. EPAG Domainservices, GmbH (EPAG is a Tucows affiliate)--Appellate Court of Cologne: "The plea of remonstrance of 17 August 2018 filed by the Applicant [ICANN] concerning the order of the Senate of 1 August 2018 (19 W 32/18) is rejected with costs." (English translation)
Full Order in German here (pdf), full English translation here (pdf). ICANN's comment following the Court's Order: "ICANN is continuing to evaluate its next steps in light of this ruling, including possible additional filings before the German courts ..."

1) GDPR, EPDP Dysfunction, ICANN's Flawed Temp Spec 
ICANN EPDP Team Meetings coming up: Tuesday Sep 18, and Thursday Sep 20, 13:00 UTC, 9am EDT. Non-members of the EPDP Team can follow the EPDP meetings via Adobe Connect: https://participate.icann.org/gnso-epdp-observers, or audio cast via browser or application.

Editor's note: links to the transcripts, Adobe Connect recordings, and MP3 audio, will be posted in UPDATES below (as made available by ICANN). Note that links to EPDP meetings' transcripts are usually posted on the GNSO calendar within 24 hours). See also EPDP Team wiki, mail list, Temp Spec, EPDP Charter (pdf), GNSO's EPDP page, & weekly updates to GNSO Council.

>EPDP Team Meeting Thursday Sep 20, 2018 (link to meeting wiki page, slides (embed below), agenda, and documents), Adobe Connect recording, MP3, meeting transcript (pdf), notes and action itemschat transcript (pdf) embed below.

Chat transcript 9/20:

>GDPR Q&A session with Becky Burr for EPDP Team, Wednesday, 19 Sep 2018, 13:00 UTC  9:00am EDT: Q&A Google docAdobe Connect recording, MP3, transcriptchat transcript (pdf), Burr's slides (pdf).

>EPDP Team Meeting Tuesday Sep 18, 2018 (link to meeting wiki page, slides, agenda, and documents). Adobe Connect recordingMP3, transcript (pdf), Chat transcript (pdf) embed below, and Sep 18 meeting notes and action items.

UPDATES Sep 17, 2018: 
a. Sep 17 CBI and EPDP Team Meeting: chat transcript (pdf), Adobe Recording, MP3, transcript  (pdf). Editor's note: Let's all take a deep breath and kumbaya together next week in LA!
Thomas Rickert: "We are trying to fix a document (Temp Spec) that can hardly be fixed."
b. EPDP Team weekly update to GNSO Council (pdf) filed Sep 17, excerpts:
"In response to the question regarding how the EPDP Team’s work plan corresponds with the charter questions, the EPDP Team agendas will now include the corresponding charter questions."
"The EPDP Leadership elected to retain CBI to provide mediation and facilitation services. Mediators from CBI, who specialize in multi-stakeholder negotiation and mediation, will attend the F2F session in Los Angeles to assist the EPDP Team in making progress."
"Risk: Due the expedited timeline and associated workload, EPDP team members are struggling to provide requested input within the requested timeframe. The work plan assigns topics for each scheduled EPDP call, but the time allocated is not enough, as more discussions are needed per EPDP team members requests. This is impacting the current work plan as we have delays regarding sections, e.g., section 4.4. Attempts are made to have follow-up deliberations in mailing lists and via homework too. F2F in LA is also aimed for making more steady progress on several areas/sections and the end of it we will have a better idea if we are are able to deliver following the timeline." 
"The Team will meet with the CBI mediators on Monday, 17 September to provide input on structure and agenda for the F2F meeting in Los Angeles. On Wednesday, 19 September, Becky Burr will lead a GDPR Q&A session; accordingly, EPDP Team Members were asked to complete the IT Governance training in advance of the session with Becky Burr. The Team will continue deliberating on § 4.4 (Legitimate Purposes for Processing), review an updated data element matrix provided by Thomas Rickert and the Support Team, and begin deliberating on Appendix A (Registration Data Directory Services)." 

EPDP Highlights from last week:
EPDP Team Timeline
Kurt Pritz (the inept EPDP Chair appointed by the GNSO Council): "So here’s you know, a timeline [see above]this is the timeline that wakes me up at three o’clock in the morning every day and so we’ll target, we’ll – for the LA meeting [Sep 24-27] we’ll target certain items that will require closure or close to closure by the end of the LA meeting so we’d meet our timeframes."--9/13 meeting transcript (pdf), p. 4. [Editor's note: Kurt Pritz has been 'out of his depth' from day one as EPDP Chair. My impression is that Pritz has largely deferred to ICANN staff in determining EPDP meeting agendas and the path of the EPDP Team thus far. Indicative of his "leadership style" is the fact that Pritz thinks he can watch TV shows and chair EPDP Team meetings at the same time! 8/30 meeting transcript, p.2]

"Yes, there is a plan to have a facilitator [mediator] attending the F2F [face-to-face] meeting in LA  and helping us there."--Rafik Dammak, GNSO Council Liaison. [Editor's note: Dammak and Pritz,  are the dynamic duo known as the "Leadership Teamof the EPDP Team or working group (WG). My impression is that, in actuality, Dammak exercises "no leadership," deferring instead to Pritz, who is deferring to ICANN staff, who most likely are deferring to ICANN's incompetent management team. This is just one more example of how dysfunctional, ICANN, and its policy processes, really are.]

"The EPDP Team should have been consulted before this [GDPR training] course was selected. We need training that addresses the very real skills gap that has delayed our work over the past few weeks; the 45-minute course that has been made available to us is too generic to be useful, and this should have been obvious to Leadership."--Ayden Férdeline (NCSG) member of both the GNSO Council and the EPDP Team. [Editor's note: nothing is "obvious" to inept "Leadership." ]

"... the inadequacy of the [GDPR] training provided [by ICANN] will contribute to the overall failure of this EPDP. It will not be the only factor, but it will be one that was within our control to correct."--Ayden Férdeline (NCSG). [Editor's note: When you have a GNSO Council member and EPDP Team member talking in early September about why this EPDP will fail, it's an obvious sign that "something is wrong."]

Keith Drazek (RySG Council Member) on the GNSO Council mail list Sep 11:
"I have joined a couple of the recent EPDP WG calls as an observer, and I have a few observations and questions we should consider. From a Council “process management” perspective, these are intended to be constructive in the hopes of ensuring success of the EPDP:
"Following the Triage exercise, the EPDP working group does not appear to be working toward answering the [gating] questions contained in the Charter in a systematic way. What was the decision process behind not following the Charter questions? When will the group return to the Charter questions? What does the WG leadership see as the ultimate outcome of this EPDP, and what do we as [GNSO] Council expect the deliverable to be? Rather than focusing on the gating questions enumerated in the Charter, the WG has been engaged in a Temp Spec red-lining exercise.  Is our expected deliverable a list of policy recommendations or a revised version of the Temporary Specification? Or both?  We should all be clear on the expected deliverable. After 12 meetings and the Triage process, there doesn’t appear to be much progress toward consensus. It seems that different groups keep restating their positions with little variation when it comes to discussing purposes. Does leadership have a plan for breaking through this and moving the ball forward? Do we as Council need to provide additional guidance or clarification? Noting that the discussion on many calls seems to meander, it might be helpful for leadership and staff to identify a goal or goals that the day’s discussion is meant to achieve, and to communicate such goal(s) to the WG prior to the call along with the agenda. Have leadership and staff developed a plan for how to structure the face-to-face meeting in Los Angeles later this month? ..."
Editor's note: the only response to Keith Drazek's cogent comments above, posted on the GNSO Council mail list, was this by Rafik Dammak, to which Keith Drazek responded Friday:
“… In creating the charter, the drafting team recognized the complexity of what the working group was being asked to do and the tight timeframe involved, and so deliberately laid out the charter questions in the mission and scope section to guide the working group through the questions it would need to answer and the steps it would need to follow to develop consensus policy recommendations to address the temporary specification.
“Am I correct in understanding your response that the [EPDP] leadership team and support staff have made the decision not to follow the path laid out in the charter? It appears, instead, that the working group is going through and deliberating on each section of the temporary specification which, as you put it, is likely to produce both redlines and policy recommendations.
“You referenced the “Discussion Summary Index” found on the working group wiki page.  While these documents contain the temporary specification language, relevant advice from DPA/EDPB correspondence, input from the triage exercise and a mapping to related charter question(s), it is not clear how those summaries are being used to help guide the group toward consensus.
“Noting the work and project plan on the working group wiki page, I’d like to understand the rationale behind deliberating section by section through the temporary specification instead of following the charter questions.
“Finally, I am concerned with the part of your response where you say the working group still needs to figure out what the outcome of the EPDP should be.  How can the group organize its work if they do not know what they are working towards as a deliverable?  I’d appreciate an update to Council from you or Kurt [Pritz] on this matter specifically.” (emphasis added)
[Editor's note: Keith Drazek is VP of Policy & Government Relations at VeriSign, which is the world's largest domain name registry operator (.COM, .NET, etc.), manager of 2 of the world's 13 "root servers" and Root Zone Maintainer. Any response to Drazek from the EPDP "leadership team" posted on the GNSO Council mail list in the next few days, will be linked or added here as an update [see Sep 17 UPDATE above]. I am surprised that neither Rafik Dammak nor Kurt Pritz have shared Drazek's emails with the EPDP Team (EPDP working group), since both emails raise fundamental questions about the EPDP Team's work plan and processes to date, and also question the judgment of EPDP leadership and ICANN staff in not following the Charter (gating questions). There are only 2 EPDP meetings left before the Los Angeles F2F meeting Sep 24-27. A professional facilitator will be of little help if the EPDP Team's fundamental processes and work plan are unsound or "off the rails."]

Stephanie Perrin (NCSG): "I would like to reiterate my request to have Peter Kimpian from the COE [Council of Europe] join this group as an independent expert. We are discussing purpose without the benefit of how the DPAs view purpose. It would be helpful to have that perspective." 
Ayden Férdeline (NCSG):+1 Stephanie - the input of the COE would be invaluable. 
Benedict Addis (SSAC):+1 Stephanie, was at COE last week and they are very sensible and knowledgeable. Chat transcript 9/11 meeting, p.6. [Editor's note: it appears that neither EPDP leadership nor ICANN management and staff want any expert guidance from Dr. Peter Kimpian or any other European GDPR expert, since Ms. Perrin's repeated requests have been repeatedly rebuffed and ignored.]

Stephanie Perrin (NCSG): "I thought the Charter was pretty clear on this. We have not answered the gating questions." Chat transcript 9/11, supra. [Editor's note: Ms. Perrin raises the same issue as Keith Drazek above--the dysfunctional and inept EPDP leadership not following the EPDP Charter--the "gating questions" are threshold questions.]

Thomas Rickert (ISPCP): "The root cause of this discussion is that we have a document (Temp Spec) that is badly written and structured as a basis for our discussion. The more I listen to these discussions (that do not take us anywhere) the more I think we need to divorce our discussions from the Temp Spec. We need to discuss a lot of points in the right sequence and I am sure that a legal and analytical approach will make even those happy that want Appendix C included."
farzaneh badii (NCSG):Totally Agree Thomas. 
Amr Elsadr (NCSG):@Thomas: +1.
Chat transcript 9/ll, supra. [Editor's note: Thomas Rickert is a German lawyer and lead counsel for Tucows affiliate, EPAG, in litigation filed by ICANN in Germany, in which ICANN has been the losing party, at every level, thus far.]

Stephanie Perrin (NCSG): "I have my hand up. The points I want to make are: 1) I do not recall agreeing to a framework for disclosure. We are not there yet. 2) Whatever happened to answering the gating questions before we get to Appendix C?" Chat transcript 9/11, supra.

Stephanie Perrin (NCSG): "... by starting with what I would argue is a fundamentally flawed temporary spec, we are trying to fix things that do not approach the problem of data protection as it applies to registrant data in the logical way that a data controller – a data supervisor is going to look at this ..." 9/13 meeting transcript, p. 21 of 44 (pdf).

More info and updates on last week's meetings in last week's News Review.
Photo of ICANN CEO Goran Marby, with words below:" ICANN's  GDPR Train Wreck"  ©2018 DomainMondo.com
Definition of "train wreck" -- a chaotic or disastrous situation that holds a peculiar fascination for observers.
Note also:
a. ccTLD .nz Regulator Obtains Preliminary Injunction Against Domain Tools (pdf):
"Plaintiff is a New Zealand non-profit corporation that regulates the use of the .nz top level domain, including registering new domain names and responding to inquiries regarding registrants. Defendant collects domain and registrant information from around the world, stores the information, and uses its current and historic databases to sell monitoring and investigative services and products to the public. Plaintiff alleges that the way defendant accessed, stores, and/or uses .nz domain and registrant information constitutes a breach of contract and violates the Computer Fraud and Abuse Act and the Washington Consumer Protection Act. It seeks a preliminary injunction precluding defendant from accessing the .nz register, downloading .nz data into its own database, and publishing certain .nz data (including all historical information). Defendant
opposes the motion and seeks discovery it deems critical to its ability to respond to the request for preliminary relief ....
"... plaintiff’s motion for a preliminary injunction (Dkt. # 2) is GRANTED and defendant’s motion for expedited discovery (Dkt. # 9) is DENIED. Defendant DomainTools, LLC, and its officers, agents, servants, employees, and all others acting in active concert with them who receive actual notice of this order are hereby enjoined from accessing the .nz register while DomainTools’ limited license remains revoked and/or publishing any .nz register data DomainTools had stored or compiled in its own databases while this action remains pending or until further order of the Court."
Mr. Len Cali, Senior Vice President—Global Public Policy, AT&T Inc.
Mr. Andrew DeVore, Vice President and Associate General Counsel, Amazon.com, Inc.
Mr. Keith Enright, Chief Privacy Officer, Google LLC
Mr. Damian Kieran, Global Data Protection Officer and Associate Legal Director, Twitter, Inc.
Mr. Guy (Bud) Tribble, Vice President for Software Technology, Apple Inc.
Ms. Rachel Welch, Senior Vice President, Policy & External Affairs, Charter Communications, Inc.
"The time is right to modernize our federal rules and develop a national framework for consumer privacy."--Internet Association, which represents more than 40 major internet and technology firms including Amazon, Facebook, Google, and Microsoft. Michael Beckerman, president and chief executive officer of the Internet Association, said “we definitely want to get this in place [and preempt state laws] prior to California [new Consumer Privacy law effective Jan 1, 2020] because California got it wrong.”

2) Other ICANN News
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. ICANN will hold a webinar on 26 September 2018 from 15:00 to 16:00 UTC to provide an update on recent ICANN data protection/privacy activities related to the European Union's General Data Protection Regulation (GDPR). Join via Adobe Connect (dial-in info). More information here.

b. Minutes of the ICANN Board Accountability Mechanisms Committee (BAMC) Meeting 04 Sep 2018: new gTLDs .MERCK, .HALAL, .ISLAM, .PERSIANGULFand litigation update.

c. New gTLD .PHARMACY--ICANN Notice of Breach status:

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
Editor's note: 2 recent announcements I couldn't wedge into last week's News Review:

a. PIR Registry (pir.org), registry operator of .org .ngo .ongBig Changes Coming Up To Our Registrar Products: "... we won’t be offering any further volume discounts when the current agreements expire. While volume discounts are a long established product offered by many registries, they clearly favor larger registrars as only the larger registrars can reach the volumes necessary to qualify for the discount. We don’t think this is fair and we want all our products in the future to be equally accessible to registrars of all sizes. The second change is that we’re going to measure the success of our products on more key performance indicators than just the number of creates they produce ... we’re going to look at the quality of the new registrations generated – do they have a higher incidence of technical abuse such as malware or phishing? We’re also going to look at whether there is a positive impact on our brand attributes and how registrars and registrants perceive us ..."

b. Namecheap (domain: namecheap.com), a privately held, ICANN-accredited domain registrar and technology company, founded in 2000 by CEO Richard Kirkendall, recently announced it now has 10 million registered domain names under management and "is the second biggest retail domain registrar in the world." The press release also noted Namecheap's unique culture and long history of fighting for internet freedom and Net Neutrality. To date, Namecheap has raised almost $500,000 to support internet freedom causes with its annual Move Your Domain Day. [Editor's note: Tucows, with its affiliates, collectively, is the world's second largest domain name registrar, GoDaddy is the largest.]

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
a.  China: China’s tech giants are Balkanizing the Chinese internet--"Most people believe the Chinese internet is one world unto itself, but few realize there are multiple separate, loosely connected ecosystems in China’s cyberspace. Competition in China’s internet world is not about individual tech companies anymore, it’s increasingly a contest among ecosystems."--technode.com.

China launches platform 'Piyao' to stamp out 'online rumors'--reuters.com. President Xi Jinping said in 2017: "China will build a 'clean and clear' internet space."

Google Is Handing the Future of the Internet to China: The company has been quietly collaborating with the Chinese government on a new, censored search engine—and abandoning its own ideals in the process--ForeignPolicy.com.

Senior Google Scientist Resigns Over “Forfeiture of Our Values” in China--he told The Intercept in an interview that he believes he is one of about five of the company’s employees to resign over Dragonfly.--TheIntercept.com. See also TheIntercept.com: Google's prototype of a censored search engine for China links users’ searches to their personal phone numbers, making it easier for the Chinese government to monitor people’s queries.

b.  EU: Controversial internet copyright law, including Articles 11 and 13, a/k/a the “link tax” and “upload filter” approved for final vote in Jan. 2019--TheVerge.com: "it will have a huge, disruptive impact on the internet, both in the European Union and around the world. Exactly how the legislation will be interpreted will be up to individual nations, but the shift in the balance of power is clear: the web’s biggest tech companies are losing their grip on the internet."

Today, Europe Lost The Internet. Now, We Fight Back by Cory Doctorow, Sep 12, 2018 | EFF.org.

Google: Can Europe Export Privacy Rules World-Wide? Google argues against expanding ‘right to be forgotten’ in the highest-profile case yet on who regulates data world-wide--wsj.com.

c.  Google & Bias: "Trump is right: More than Facebook & Twitter, Google threatens democracy, online freedom"--Brad Parscale, campaign manager for Donald J. Trump for President Campaign 2020, Op-ed in USAToday.com. See also: "Google Was "Working To Get Hillary Clinton Elected" With "Silent Donation" According To Leaked Internal Email"--ZeroHedge.com.

d.  Can Blockchain Restore Internet Freedom? Decentraland blends VR with blockchain technology, removing the potential for government interference--marketwatch.com.

Domain Mondo posts: