I am sympathetic, Shane. It is not clear to me either how we can expect any
meaningful contributions to this document. It is not only extraordinarily long,
it lacks context and hyperlinks to supporting material. It has not even been
reviewed yet by the Working Group – so it seems a little premature to me to be
requesting thoughtful input from the constituencies.
What I can offer is a little context around why this document exists and what it
is setting out to achieve. The leadership team for the Next Generation
Registration Directory Service Policy Development Process working group has
begun by extracting all the possible requirements for this service from the EWG
Final Report, along with all the possible requirements obtained from other key
inputs, rather than beginning by looking at, say, the privacy laws that might
limit it's scope. So we're diving into the secondary and tertiary purposes of
the RDS at the same time as we look at the most basic data elements. I consider
it unfortunate, but please know that we (by which I mean, the NCUC members who
are on the RDS PDP WG calls) did push back against this. Our preference had and
has always been to begin from the premise of data minimisation, so I would say
that we are not ideally placed to participate in this outreach activity, unless
we find some very strong privacy or data protection points have been overlooked.
I hope this is helpful,
Ayden


On Mon, Jun 13, 2016 3:36 PM, Shane Kerr [log in to unmask] wrote:
Farell,




At 2016-06-13 11:30:10 +0100

Farell FOLLY <[log in to unmask]> wrote:




> Few months ago I decided to join the NCSG in order to serve and defend the

> interest of the community regarding Internet resources use. Before that, I

> started working with the GNSO Policy Development Process Working Group (PDP

> WG) to contribute in the development process of the Next Generation

> Registration Directory Services (Next-Gen RDS). Time comes now that I engage

> more and participate within this stakeholder Group. Therefore, I volunteer

> to serve as a liaison/point of contact between NCSG and GNSO PDP WG as far

> as the attached documents are concerned.




Cool, thanks for this!




> 1. Read the outreach message 2 in attach

>

> 2. Read and check the RDS PDP list of possible requirements, also in

> attach

>

> 3. Reply to this mail by asking any questions to me or adding

> additional requirement

>

> Please before replying to this e-mail to add a “new” requirement, make sure

> you read the entire document and check whether this requirement was not

> duplicated already. Also, ensure that you send your contact details (name,

> first name, e-mail) if not explicitly included in your mail signature.




[ Apologies if the following reads as a rant. It kind of is. Probably

my own fault for looking at policy stuff. ]




Is there a summary of the PDF, or any kind of specific issues that seem

contentious that one would look at?




I ask because the PDF alone is over 100 pages. Is this a typical ICANN

document? I was going to have a look since I'm somewhat technical and

was involved with WHOIS in the distant past, but honestly I don't really

have the many days time that would be necessary to make any sense out

of this. :(




------




I did skim a bit, and while parts of it are pretty clear:




[UP-D01-R17] – Since it is likely that further [permissible

purposes] will be identified over time, any [gTLD registration

directory service] must be designed with extensibility in mind.




(This is a bogus requirement, BTW. Without specific descriptions of the

expected changes then it is impossible to implement. It's like someone

saying “prepare for the weather tomorrow” without telling you what the

weather will be. Better to leave this out and let people make their own

design decisions.)




Other parts are complete legalese:




[UP-D26-R06] – According to the Directive (30), whereas, in order

to be lawful, the processing of personal data must in addition be

carried out with the consent of the data subject or be necessary

for the conclusion or performance of a contract binding on the data

subject, or as a legal requirement, or for the performance of a

task carried out in the public interest or in the exercise of

official authority, or in the legitimate interests of a natural or

legal person, provided that the interests or the rights and

freedoms of the data subject are not overriding....subject to the

provisions allowing a data subject to object to the processing of

data regarding him, at no cost and without having to state his

reasons;




I mean, really, the last person to use “whereas” in English outside of

legal documents died before the invention of the telephone. ;) (The

Wikipedia article on plain English suggests “because” or “since”, as

does the “www.plainlanguage.gov” site, although in this particular case

I'd say just leave it out.)




I don't even know what the requirement is here. I read it 4 times and

can't figure it out. I feel sorry for the poor software engineer that

has to try to convert this to running code. :P




Given the many hundreds of possible requirements, many of which are

written like this, I don't see any way that anyone who has anything

else to do for before the deadline can possibly hope to help

properly review this work, at least without some coordinated plan such

as “please review the following 10 requirements” for 50 volunteers.




Sorry for ranting. :(




Cheers,




--

Shane





Ayden Férdeline Statement of Interest