Dear NCSG,
As you know RDRS (the system whereby requestors of domain name registrants
personal data submit their request to access the data-it's a triage system)
is now in operation. (been for a few months) There is a Standing Committee
on RDRS that meets biweekly which discusses the technical issues of the
system. In the report that RDRS issues, we usually can see the number of
requests on behalf of law enforcement agencies but it does not specify
which jurisdictions.
It is common practice for different Internet organizations and
tech-companies to report at least on the jurisdiction. For example, Apple
has been publishing the LEA transparency reports, for example you can see
which countries and how many apps were requested to be removed from the App
Store:
https://www.apple.com/legal/more-resources/docs/2022-App-Store-Transparency-Report.pdf

Other Internet organizations also report on which countries requested data,
here is for example a RIPE NCC transparency report:
https://www.ripe.net/publications/docs/ripe-794/

This topic has been of interest for NCSG for a long time because of its
implications on human rights and civil liberty.

I want to suggest that we bring this issue to RDRS SC and ask to open up
the discussion on how we can have some minimal transparency in place. For
example which countries the law enforcement agencies submit requests from.
We can open up the conversation and also consider what measures to take not
to disrupt ongoing investigations and come to a middle ground on this. This
is not the only way we can request some minimal transparency but it could
be a start.

Stephanie is our representative on RDRS SC. Maybe she can bring up this
issue in that group?









Farzaneh