NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show HTML Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: [NCUC-DISCUSS] RDRS Special Event Summary
From:
farzaneh badii <[log in to unmask]>
Reply To:
farzaneh badii <[log in to unmask]>
Date:
Fri, 23 Feb 2024 12:12:22 -0500
Content-Type:
multipart/alternative
Parts/Attachments:
text/plain (6 kB) , text/html (15 kB) 
Ken
Just a quick reaction to this:

   - Registration data, knowing who owns what domain name and how that
   owner can be contacted, is a central component of the Internet.

Registration of data was never ever about "who owns" the domain name. It
was about contactibility of registrant. We have been correcting ICANN board
and others on this issue since the beginning of these discussions.

   - Prior to 2018, ownership data was easily available and public. After
   the EU GDPR in 2018, Ownership data became redacted.

The term ownership is interesting. Never ever ownership was redacted.
Domain name registrant is not even necessarily the owner. Also are
registrars accepting that domain names are property to be owned? Great. but
domain name registration data is not the ownership ledger.


   - As privacy laws like the GDPR began to restrict access to the
   information about owners and operators of domain names, new systems, like
   the RDRS, were developed to manage the process of revealing private
   information to those with a need to know it.

it was never about access to information. It was access to private,
sensitive personal information of people. Also the system was developed to
give access to people who actually have a legitimate interest not people
with a need to know it!!


   - *Each registrar has its own process for validating requestors, with no
   input or guidance from ICANN.*

Can we at least know what those processes are?

How are registrars obliged to respond but can ignore the request? Do they
tell the requestor: hey we are ignoring you?






Farzaneh


On Fri, Feb 23, 2024 at 12:01 PM Ken Herman <[log in to unmask]> wrote:

> Hello NCSG and NCUC members.
>
>
>
> Thanks to everyone who was able to attend this week’s briefing on ICANN’s
> Remote Data Request System (RDRS).
>
>
>
> After an introduction by Wisdom, Kathy provided background and was
> followed by a presentation by Ms. Diana Middleton of ICANN. The session
> then invited Ms. Sarah Wyld and Ms. Reg Levy, both from the registrar
> Tucows, to offer their perspective.
>
>
>
> The purpose of the session was to gather facts and provide an opportunity
> for members of the non-commercial community to learn about the RDRS, both
> from the perspective of ICANN and the point of view of a registrar.
>
>
>
> The presenters shared a lot of information about the RDRS and the
> processes. I attached the slides from the ICANN presentation as well as the
> latest ICANN RDRS statistics report.
>
>
>
> I have put here some (not all!) of the points presented, and I encourage
> anyone who attended (or reviewed the transcript) to add anything important
> that would be useful to share.
>
>    - Registration data, knowing who owns what domain name and how that
>    owner can be contacted, is a central component of the Internet.
>    - Prior to 2018, ownership data was easily available and public. After
>    the EU GDPR in 2018, Ownership data became redacted.
>    - As privacy laws like the GDPR began to restrict access to the
>    information about owners and operators of domain names, new systems, like
>    the RDRS, were developed to manage the process of revealing private
>    information to those with a need to know it.
>    - RDRS is a pilot, intended to run for 2 years so the board can gather
>    statistics and experience before making any further decisions about its
>    future.
>    - The RDRS was developed to simplify the process used by interested
>    parties to request redacted data.
>    - Demand for the system is unknown; that is the reason for the pilot.
>    - Originally, a System for Standardized Access and Disclosure (SSAD)
>    was proposed, which included many features, but deemed too complex so the
>    RDRS was created instead.
>    - Parties interested in redacted data must register on the system and
>    identify their role (law enforcement, government agencies, intellectual
>    property professionals, cybersecurity researchers, et al.)
>    - The system presents these registered parties with a form to describe
>    their interest in a specific domain name.
>    - Registrars, which are the custodians of personal data) are invited
>    by ICANN to participate, but not all do. Participating registrars also have
>    access to the system and can view and are obliged to act upon requests.
>    - Participating registrars review the requests and decide what to do
>    with them, to either comply, reject or ignore. For requests that would go
>    to non-participating registrars, requestors have the option of printing a
>    pdf of the request to send to the appropriate registrar.
>    - Some registrars, like Tucows, already had a system to respond to
>    requests for redacted data.
>    - *Each participating registrar decides how to handle requests. This
>    includes validating the requestor’s credentials and determining whether or
>    not to comply with the request, taking into account their understanding of
>    the request and compliance with local laws. *
>    - *Each registrar has its own process for validating requestors, with
>    no input or guidance from ICANN.*
>    - *ICANN’s role is to accept the requests and tabulate the responses
>    by registrars.*
>    - *ICANN knows the details the requestor placed on the form.*
>
>
>
> ICANN publishes a monthly report with RDRS statistics. The second report
> covers from the period from inception to January 31, and is attached, but
> it can also be found at:
> https://www.icann.org/en/system/files/files/rdrs-usage-metrics-16feb24-en.pdf
> .
>
>
>
> Some interesting statistics:
>
>    - 510 requests submitted to participating registrars.
>    - 274 requests submitted (estimated) to non-participating registrars.
>    - 35.5% of requests received from requestors self-identified as IP
>    holders.
>    - 11% of requests received from requestors self-identified as law
>    enforcement.
>    - 72% of requests received were denied.
>    - 29% of denied requests were denied due to “Contracted party cannot
>    disclose the data due to applicable law” (the most of all reasons).
>
>
>
> *All members are invited to join a follow-up session scheduled for Monday,
> February 26 at 15:00 UTC. *This is intended to be an informal opportunity
> for community members to discuss the information provided and to identify
> any further questions to follow-up with ICANN for information that might be
> useful.
>
>
>
> Thanks again to all who participated with special thanks to our speakers,
> Diana Middleton from ICANN and Sarah Wyld and Reg Levy from Tucows, as well
> as our own Kathy Kleiman, who provided the necessary background and Wisdom
> who ably acted as Master of Ceremony for the event. Also, we are grateful
> to Andrea or arranging the Zoom link and keeping track of questions in the
> chat. She posted the link to the recording for those interested but could
> not attend.
>
>
>
> Ken
>
>
> _______________________________________________
> Ncuc-discuss mailing list
> [log in to unmask]
> https://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>

ATOM RSS1 RSS2