2018-11-11

News Review | GDPR & ICANN EPDP Draft Initial Report Dysfunction

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-11-11 with analysis and opinion: Features • 1) GDPR & ICANN EPDP Draft Initial Report Dysfunction, 2) Other ICANN news: ICANN at IGF2018, and more, 3) Names, Domains & Trademarks: a. Disney+b. Desilu, c. NTIA, Verisign & .COM,  4) ICYMI: ITU Plenipot, Net Neutrality, China, Shadow Banning, 5) Most Read.

EPDP Meeting UPDATES for week ending Nov 16: 
Nov 12--Editor's note: the EPDP small team meeting Monday, Nov 12 at 18:30 UTC (1:30 pm EST) was CLOSED to ALL Observers and Alternates even though links for observers and alternates were on the small team Nov 12 meeting wiki page, until I complained to Marika Konings (ICANN staff) that they were not working, and then Terri Agnew (ICANN staff) began revising the page. Apparently ICANN Org or EPDP Team Leadership made the unannounced arbitrary decision to CLOSE ALL EPDP small team meetings to Observers and Alternates effective Nov 12, 2018, and thereafter. I have filed complaints with both the ICANN Complaints Office and the ICANN Ombudsman.

1) GDPR & ICANN EPDP Draft Initial Report Dysfunction
EPDP Full Working Group Meetings this coming week: Tuesday Nov 13 and Thursday Nov 15, and Friday Nov 16 starting at 14:00 UTC (9am EST). Observers: Adobe Connect, or audio cast (browser or app). See also GNSO Council EPDP page and updates. Links to all EPDP meetings' transcripts and recordings are on the GNSO calendar. Other EPDP links: wikimail listaction itemsTemp SpecEPDP Charter (pdf), Data Elements Workbooks (pdf).

This past week's (Nov 5-9) EPDP meetings were all about revising and editing the ICANN staff's first draft of the Initial Report (pdf), so it can be published for public comment later this month. Early in the week, the RySG (Registries Stakeholder Group) sent an email to the EPDP mail list Nov 5, 2018 (pdf version) embed in full further below--excerpt:
"In light of the lack of clarity around the source of the 26 policy recommendations, the RySG ePDP team is particularly concerned about their presentation in the Initial Report. The phrasing of the recommendations implies that the Working Group reached consensus on these recommendations, and it is our understanding that no such consensus has yet been achieved.  The initial report should not present recommendations on items where the group did not reach consensus."


See also email from Amr Elsadr (NCSG) re: Contracted Parties and Small Teams #1 and #2:
"Respectfully, I’d like to offer a different take on where we are, and how we arrived to this point on these two topics. Speaking for myself, I’ve participated in one of the two Small Teams in question, and my understanding was not that the output of the Small Teams would in any way represent a consensus among those who participated in them. Rather, it was my understanding that the output would be illustrative of all the views expressed, and that these views would be shared with the EPDP Team in its entirety for further reflection and deliberation ..."
As of Friday, Nov 9, 2018, the Contracted Parties House (Registries and Registrars) and NCSG (Non-Commercial Stakeholder Group), which together comprise 3/4 of the GNSO, appear to be aligned and in consensus on critical EPDP issues which some other members of the EPDP working group still have differing opinions. One such issue is what Alan Woods was addressing below in Thursday's meeting:
Alan Woods (RySG - Donuts): "Thanks, Kurt. I’m really not going belabor this point, I think it’s been hashed back and forth ... we do not want to accept a basic policy recommendation that will send us backwards and that’s exactly what this [natural person vs legal entity distinction] will do; it will send us backwards to the point where we are not in a position to properly or accurately vindicate the rights of the data subject  [registrant]. And that is ultimately what it is.
"And I make no apologies, I know I’m not a white knight in this, I’m representing a registry, but ultimately we are aligned in the sense of us vindicating the rights of the data subject to prevent us from, you know, getting sued and the liability issue. But what has been suggested, and this is, you know, I think - was it Alan [Greenberg] who said that we put our fingers in our ears and just not listen, I’m sorry but that’s the pot calling the kettle black in that one because absolutely the same could be said; we are telling you that we do not have the ability or the means to do this and you keep saying to us no, but you must.
"So ultimately what I want to do is just ask the question, why? We are telling you that it is not possible for us to vindicate the rights of the data subject and therefore to save ourselves from liability. Why do you think that this is necessary for us to be compliant? We are saying that we have a level of compliance and comfort which is currently within the temporary specification as it is written, it’s not the best written but it is written that way, and we can confirm that today and say this is specifically going to allow us to be in line with the GDPR by giving us the option of whether or not we wish to delineate.
"And I just want to know why - so why can you not accept that? If you want to recommend that there needs to be a new policy development that will look into the creation of this brand new system, then recommend that. But that’s not what we are here to do today. It’s out of scope and should be shut down straight away. The temp spec, as it’s currently worded, allows us to be compliant. And I don't want to hear anything about this over-compliance concept. No, we are telling you that as contracted parties this is what we need to do to be compliant and I still don't understand why it’s being pushed constantly that we are the people who have to take this liability and risk on ourselves.
"We are trying to do something to continue the DNS, the ability to register names, and I just - I’m surprised especially by some of the parties who are pushing this as to why they're doing it. And that’s, you know, that’s a simple ask."--Thursday Nov 8, 2018, transcript (pdf), pp. 33-34.
The EPDP mail list continues to receive more input on the draft Initial Report, including this by Milton Mueller and this by Amr Elsadr. More on this past week's EPDP meetings in the updates on last week's News Review.

Note also on Data Protection & Data Privacy:
  • Prison time, hefty fines for data privacy violations: draft U.S. Senate bill--reuters.com.
  • ICYMI: Check out the "Tips for cleaning up WHOIS data" on  the Domain Mondo post this past week: Tucows $TCX Q3 2018 Earnings.
  • Uninformed Consent--Companies want access to more and more of your personal data — from where you are to what’s in your DNA. Can they unlock its value without triggering a privacy backlash?--HBR.org.
  • Information Fiduciaries” Must Protect Your Data Privacy--EFF.org.
  • CLV (customer lifetime value): a secret score that determines what kind of service you get--marketwatch.com.
  • Privacy: Google Chrome’s Users Take a Back Seat to Its Bottom Line--EFF.org.

2) ICANN News
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a.  ICANN at IGF2018
 Internet Governance Forum 2018
13th Annual Meeting of the Internet Governance Forum (IGF), hosted by the government of France at the headquarters of UNESCO in Paris, Nov 12-14, 2018. ThemeInternet of Trust.
The ICANN Open Forum at IGF2018Monday, 12 Nov 2018, 10:40 to 11:40 CET. ICANN CEO Göran Marby, and ICANN Board Chair, Cherine Chalaby, will brief participants on ICANN's current areas of work, including what's on ICANN's agenda, the implementation of the GDPR and the Temporary Specification, and the main issues surrounding a potential new application process for generic Top-level Domains (gTLDs), and "IGF participants will be able to engage in an open dialogue and exchange views with ICANN's leadership." Listed speakers also include ICANN management Theresa Swinehart and Tarek Kamel, as well as ICANN Board member Becky Burr--ICANN.org.

b.  Contractual Compliance: Addressing Domain Name System (DNS) Infrastructure Abuse | ICANN.org: "... This week, ICANN launched an audit focused on DNS infrastructure abuse for nearly 1200 gTLDs, and held two audit webinars with the registries to address questions and concerns. Some of these concerns were also raised in a recent email [see below] from the Registries Stakeholder Group (RySG) ..."

Nov 2, 2018 email (pdf) from Registries Stakeholder Group to ICANN Compliance (Jamie Hedlund and Maguy Serad) re: November 2018 Registry Audit, excerpt:
"If ICANN continues to approach this security request for information as an “audit”, registries are required to provide information “reasonably necessary to demonstrate Registry Operator’s compliance.” Given that there are no contractual requirements specific to the form, timing or function of the “technical analysis” or registry “actions” taken, registries are not obligated in an audit to provide Compliance with information explaining how we identify security threats, why we do or do not report issues to registrars, or share analysis with other parties. In addition to removing the out of scope questions from this audit, we request that each audit question reference the specific contractual clause to which it pertains, so all parties can track the origin of each audit inquiry. The RySG appreciates that Compliance has scheduled webinars next week and looks forward to walking through each question in the RFI as well as the general scope and nature of the audit with you at that time."

c. 6 Nov 2018 Letter (pdf) from Cyrus Namazi, ICANN GDD VP, to Registrar Stakeholder Group Chair re: GDPR and Across-field Address Validation Working Group (AFAV): "... ICANN org acknowledges your concerns about the potential impact of GDPR on ICANN org’s implementation of AFAV. ICANN org will review the project again in light of the concerns you have raised. Once this analysis is complete, ICANN org will follow up with the AFAV working group to discuss next steps."

d. Annual Publication of Financial Information | ICANN.org.

e. Special Meeting of the ICANN Board 06 Nov 2018: Reconsideration Request 18-8: Afilias Domains No. 3 Limited [Editor's notedocument request related to new gTLD .WEB]:
Resolved (2018.11.06.02), the Board adopts the BAMC Recommendation on Request 18-8 (pdf) [excerpt below]:
"The BAMC has considered the merits of Reconsideration Request 18-8, and, based on the foregoing, concludes that ICANN org did not violate ICANN’s commitments, Core Values or established ICANN policy(ies) in the Second DIDP Response. Accordingly, the BAMC recommends that the Board deny Reconsideration Request 18-8."

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. New Star Wars and Marvel Series Announced for new Disney+ Streaming Service--thewaltdisneycompany.com Nov 8, 2018. The domain name? disneyplus.com.

b. Trademark Infringement, Cybersquatting, Declaratory Relief, Cancellation of Registration Complaint - CBS Studios Inc. vs Desilu Studios, Inc. et al (pdf) full embed below, excerpt:
"... II. PRELIMINARY STATEMENT 4. CBS is the holder of common law rights in the name and mark Desilu” for film and television productions (the “DESILU Mark”). Recently, Defendant Charles Hensley (“Hensley”) began attempting to secure trademark registrations for famous brand names that he believed were not formally registered with the United States Patent and Trademark Office (“USPTO”). In 2016, Hensley sought to register CBS’s famous mark “Desilu” for motion picture and television production services, and he also attempted to register the mark “Trans World Airlines” for airline services ..."



c. NTIA, Verisign & .COM Postscript (see last week's News Review for background): Why We Need The Domain Aftermarket by Bob Hawkes:
"... Verisign, as caretakers of the .com TLD, have an absolute monopoly on the world’s most desired and valued TLD ..."

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com

5) Most Read Posts this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com

A Remembrance: 
Above left: 23rd U.S. Infantry in the Meuse-Argonne Offensive, the largest in United States military history, involving
1.2 million American soldiers, fought from September 26, 1918 until the Armistice of November 11, 1918.
It was one of a series of Allied attacks known as the Hundred Days Offensive, which brought World War I to an end.
Above right: the Meuse-Argonne American Cemetery in France.
On the battlefields of France in spring 1918, the war-weary Allied armies of France and Great Britain enthusiastically greeted the U.S. troops arriving at the rate of 10,000 a day under the command of U.S. General John J. "Black Jack" Pershing. The Americans won a victory at Cantigny, then again in defensive stands at Chateau-Thierry and Belleau Wood. By the summer of 1918, about 2 million U.S. soldiers had arrived in France, greatly strengthening the Allies' strategic position and boosting morale. The Allies achieved final victory on November 11, 1918, after German morale had collapsed, ending more than four years of World War.
U.S. General Pershing saluting the Marquis de Lafayette's Tomb in Paris
 "Lafayette, we are here." 
 * * * * * *
-- John Poole, Editor  Domain Mondo 

feedback & comments via twitter @DomainMondo


DISCLAIMER

Domain Mondo posts: