<<<
Chronological Index
>>> <<<
Thread Index
>>>
[council] GNSO Council GAC notes 3 April 2005
- To: council@xxxxxxxxxxxxxx
- Subject: [council] GNSO Council GAC notes 3 April 2005
- From: "GNSO.SECRETARIAT@xxxxxxxxxxxxxx" <gnso.secretariat@xxxxxxxxxxxxxx>
- Date: Sun, 03 Apr 2005 19:23:42 +0200
- Sender: owner-council@xxxxxxxxxxxxxx
- User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)
[To: council[at]gnso.icann.org]
Dear Councillors,
Please find the notes from the GNSO Council meeting with the GAC
representatives this morning, Sunday 3 April 2005.
Thanks to Maria Farrell, the notes are very complete.
If you would like anything changed, please let me know.
Thank you.
Kind regards,
Glen
--
Glen de Saint Géry
GNSO Secretariat - ICANN
gnso.secretariat[at]gnso.icann.org
http://gnso.icann.org
<!--#set var="bartitle" value="GNSO Council GAC meeting "-->
<!--#set var="pagetitle" value="GNSO Council GAC meeting"-->
<!--#set var="pagedate" value="03 April 2005"-->
<!--#set var="bgcell" value="#ffffff"-->
<!--#include virtual="/header.shtml"-->
<!--#exec cmd="/usr/bin/perl /etc/gnso/menu.pl 'GNSO Council GAC meeting'"-->
<p align="center"><font face="Arial, Helvetica, sans-serif"><b>GNSO Council
/Government Advisory Committee<br>
meeting in Mar del Plata</b></font></p>
<p align="center"><font face="Arial, Helvetica, sans-serif"><b>3 April 2005
<br>
</b></font></p>
<p><font face="Arial, Helvetica, sans-serif"><b>GNSO Council Participants:<br>
</b>Bruce Tonkin - GNSO Council Chair <b><br>
</b>Tom Keller - Registrars Constituency <b> <br>
</b> Marilyn Cade - Commercial and Business Users Constituency <br>
Philip Sheppard - Commercial and Business Users Constituency
<b><br>
</b>Antonio Harris - ISPCPC <br>
Tony Holmes - ISPCPC<br>
Ken Stubbs - gTLD Registries constituency <br>
Maureen Cubberley - Nominating Committee appointee <br>
Kiyoshi Tsuru - Intellectual Property Interests Constituency <br>
Niklas Lagergren - Intellectual Property Interests Constituency <br>
<br>
<strong>Government Advisory Commitee (GAC) Participants </strong><br>
Suzanne Sene - Government Advisory Committee
(GAC Liaison - GNSO Council<br>
Hiroshi Kato - Japan<br>
Handan Has - Canada<br>
Malcolm Andrew - Canada<br>
Ashley Cross - Australia<br>
Mohamed Sharil Tarmizi - GAC chair - Malaysia <br>
Marc S. Crandall - US Department of Justice
<br>
<br>
<strong>GNSO Council Remote Participants:</strong><br>
Grant Forsyth - Commercial and Business Users Constituency
<br>
Philip Colebrook - gTLD Registries Constituency
<br>
<br>
<strong>GNSO Council Absentees</strong><br>
Greg Ruth - ISPCPC <br>
Ross Rader - Registrars Constituency <br>
Marc Schneiders - NCUC <br>
Carlos Afonso - NCUC<br>
Robin Gross - NCUC<br>
Cary Karp - gTLD Registries Constituency
<br>
Alick Wilson - Nominating Committee <br>
Lucy Nichols - Intellectual Property Interests constituency<br>
<br>
<strong>ICANN STAFF </strong><br>
ICANN Policy Officer - Olof Nordling <br>
ICANN GNSO Policy Officer - Maria Farrell <br>
GNSO Secretariat: Glen de Saint Géry </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – presentation on GNSO
& current issues (get presentation from Bruce) and WHOIS, invitation to GAC
to provide information on public policy issues surrounding whois. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Suzanne – thanks. GAC is
working to develop a concepts paper – principles is a bit too heavy
– to try and find the commonalities on the issues relating to whois such
as consumer protection, law enforcement, etc. uses of data. We want to get
broad concepts on paper to reflect GAC consensus. We want to feed into the
effort that we view very positively to develop consensus policy. We have some
colleagues who will definitely find this an educational process so this is a
useful exercise to broaden understanding about the issues and then we will
extrapolate those commonalities to provide to the GNSO process. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Australia – we will be part
of the paper and want to try to help balance the concepts of law enforcement
etc. from a personal perspective, 90% of my input is on the cyber security
protection of the critical infrastructure side. Phishing, etc, is becoming so
sophisticated that legislation won’t counter it. I want the GAC to be
more aware of the growing security aspects of this. Whois isn’t
necessarily the answer to this, there is a range of activities to track down
and close down sites. I’d personally like to find out a bit more about
how lea use whois. They’re certainly starting to get more active on using
whois around the world. In this concepts paper we should try to draw out
– with out l;ea giving away trade secrets – some of these emerging
security issues and how whois relates to them. When we get to Luxembourg we
should be able to explain these issues a bit. Lea may not be able to lay all
the issues out, ut they need to provide some input.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – we use quite a few
of these systems, including IP address registries. If we start looking at this
with law enforcement, we should look at those too. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn – I welcome the idea
of the concepts paper. And at our own strategic planning session this afternoon
we should examine the idea of a concepts paper as well. More specifically, on
Ashley’s comments, about 3 years ago I hosted a seminar on lea, privacy,
consumer protection and isps, it was to let people talk openly but not disclose
their own practices too much. There is a lot to be learned about the changing
world, and having the different parties look at it will advance
everyone’s understanding. There are somethings we can do in icann –
I support bruce’s comment – and somethings we can’t. so I
don’t expect us to recommend the OECD principles again but we can use
some adjacent inputs on privacy for our work as well. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Sharil</font><font face="Arial,
Helvetica, sans-serif">– thanks to Suzanne for idea of concept paper. One
of our difficulties with the GAC generally is that government officials change,
sometimes every three years, and we have to go through a learning process
again. The good thing about the churn rate is a lot of distributed knowledge,
the bad is having to go through the educational process again. Secondly, these
issues often come out of law enforcement parts of government first, privacy is
secondary and then intellectual property is often tertiary. What we have
undertaken in Malaysia is to try and bring back what we learn to other forums,
such as Asia Pac Telecoms Forum. I also come from a law enforcement side, what
you (Bruce) have pointed out on your slides just now is what we are looking at
too. What I am worried about personally is over-regulation. One thing I have
learned is that the moment you regulate something, the techies will find a way
around it. Moving forward, at least from my region, the input I can give is as
we move along identifying issues, from time to time, what I can do is to
sensitise a broader community. But I caution you that even within governments
perspectives will not be the same. For example law enforcement will not have
the same perspective on security as others. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Ken Stubbs– given the time
parameters and how the GAC moves , I’m concerned we’ll run into an
impasse in two or three years. Various countries have laws regarding privacy
that frankly are not being enforced now, but we could have a direct conflict
between the privacy laws of the countries and the philosophy that ICANN is
adopting. E.g. requirements for data to be included. I would hate a situation
where german registrars as a result of an enthusiastic enforcement policy were
forced into a situation where it became impossible for them to continue with
domain names where the data was being produced in a non-compliant manner. As an
example, biz and info are thick registries – in thin registries the data
can be redacted in compliance with german law – but in a thick registry
the registrar is required to provided the data for those who request it. We
need to have a consistent policy. If .com becomes a thick registry –
which could well happen – we could have millions of domain names where
there are suddenly issues. So I hope you will develop in your plan a way to
deal with that. We will have in security and stability concerns to deal with
that. I would hate to see that internet become less stable as a place to do
transactions, e.g. credit card transactions. In ccTLDs things are more stable
but we could have problem with gTLDs. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Malcolm – we have privacy
registration in Canada and .ca is revising policy to comply with that.
Individuals have a problem as they’re no longer allowed to put names,
addresses etc. on the internet. You would think it was ok to say as long as
individuals have our own .ca registry then we’re ok, but if a country
decided to say to registrars in Canada you must comply with our legislation
even if you’re registering for .com I don’t know what we can do.
</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Ken – it’s the
elephant in the room that there will always be a system to provide information
to lea. You may have to jump through bigger hoops for other jurisdictions but
you will get the information.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – looking at the
timeframe of the development of whois and other structures, the establishment
of the UDRP, at that time trademark law had been closed for many years whether
the issues for lea and privacy on the internet. Whereas now the number of users
on the internet has grown so the issues have grown massively. In the areas
where we’re starting to look at privacy, privacy legislation in many
countries is very new. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Australia – one of the
issues we see rising is increasing sophistication of phishing attacks, the
ability of criminals to cover their tracks. The speed issue of responses to
whois is increasingly an issue. The sky is about to fall in in terms of
cybersecurity – there are plenty of professional doom and gloom merchants
– so the reality is hard to judge. But as the rate of attacks increases
and is more high profile, you’ll see more governments getting interested.
In the next 6 – 12 months our government will start really looking at
this issue, so speed is really important.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Ken – if we don’t get
the RIRs involved we’re in trouble. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – yes they have to be
in the chain. All you know is it’s one big carrier in the US when you try
and track something back.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Mark DoJ – we’re
involved in forensics for several years. Registrars have a problem complying
with the RAA. It will hve to be addressed on a country by country basis, not
between the registrar and the privacy regulator, but it should be sorted out
between the dpa and the lea. Why should ICANN and the registrars be in the
middle. What if ICANN and registrars said to lea ‘what would you think if
we took all this information offline’? many governments take different
views internally on this. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn – we’re
concerned with balance but can only determine it if we have the facts to inform
and develop policy. Internet users and suppliers are changing massively. There
are different issues – security, reliability, etc. – I’m
wondering in your concepts paper that we would all benefit from a study that
ICANN might commission about the characteristics of users on the internet
today. Many individuals are not directly online – are on through their
isp, etc. we don’t know enough about the characteristics of the users on
whois. Icann is in a negotiation to introduce an individual gTLD that provides
anonymity, but to get a registration you need to be authenticated. So the
environment is changing. So we need to look at what is changing in the
demographics of the space. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Australia – from security
and public policy interest, which will raise its ugly head more often, perhaps
one role for the policy officer may be to track through the issues surrounding
whois such as phishing, child porn, etc. position tracking through the
community to see what the lengths are. We’re getting lea to address GAC
in Luxembourg, but it may be too narrow. And it needs the RIR. We may need
ICANN to do some policy work to track these issues. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – we could bring up a
live example of how to track a phishing attack..</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – the ASO,
we’ve done this on a regional basis. Same with the ccNSO we have 5
regional liaisons. We havne’t organized a meeting of our 5 regional reps,
but if we collaborate and stayed on the same page, we could jointly reach out
and expand the dialogue. We could set something up between now and Luxembourg.
We would like to make the pitch and collaborate with you to move that
forward.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – yes, in some of
these meetings we may not call it an ICANN meeting as it’s not entirely
within the ICANN scope and we’re not expanding the mission but we can
hold a meeting on one side of the ICANN meeting. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Kiyoshi</font><font face="Arial,
Helvetica, sans-serif">– I agree enforcement is a top priority. We
haven’t heard that loud enough in our whois task forces. Let me explain
why whois task forces are important. It’s not just an issue between data
protection and enforcement. It’s global policy. It is restricted to the
gTLD world but it may influence ccTLDs later on. So whatever policy comes out
of this process will be a uniform global policy. So tat’s why we need to
year from you on enforcement and accuracy and your views on the
privacy/enforcement dilemma.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Philip Sheppard– I’m
not directly involved within the task forces, but I’m interested in
opportunities to share best practice. E.g. Canada is driving .ca and how to
find solutions that are not too draconian. We’ll see with .eu a model
that is compliant with the EU data protection directive, and what can we take
from these.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – we know that you
have reached out to some ccTLDs and benefited from some briefing with them. We
did not have the sense that you needed anything from us to help you liaise with
the cc community, but we’re more than happy to take it back to them and
help. We’re in your hands on that. We want to better understand the
different models.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Kiyoshi</font><font face="Arial,
Helvetica, sans-serif">– we need a closer communication at the next level
on actually creating policy, on enforcement and dealing with privacy
issues.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn – I’m going to
put a proposal on the table. What I hear is that the council of the GNSO and
the GAC have a mutual concern with understanding how whois works, risks, needs
of key stakeholders, that there’s a mutuality of concern here. In our
meeting this afternoon we need a joint collaborative effort at the council
level not the task force. This is a more strategic discussion. This is
important because by working together we be able to identify the area bruce
pointed to where ‘here’s the problem and here’s the part of
it we can address within ICANN’. Then those of us in our day jobs can
make the links with work outside ICANN and feed work back into other relevant
groups.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Australia – are some ccTLDs
using models where they’ve balanced in a day to day way the privacy and
law enforcement access in their countries?</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn – I instituted work
on that in the previous whois task force, to learn from cc’s on how they
deal with authentication, develop consultative process and learn from other
groups about how they’ve faced these challenges.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – we haven’t
looked at issues on my slide about external pressures in the task forces. So
that was a different level of discussion what marilyn is suggesting is that
dialogue is needed outside narrow area of whois re. security and stability that
deals with whois. Whois isn’t phishing. So we need to understand how
other issues relate to whois, not just whois.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Australia – so are we
talking about having a session. Have just law enforcement and not privacy
yet?</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn & Suzanne – be
realistic and just have law enforcement. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – part of our goal
in having law enforcement is to educate our own community. To say here is the
issue and here is how some of us have approached it. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Tony holmes – start having
the RIRs there. We need to construct quite carefully as we don’t want yet
another rehearsal of the arguments inside the task forces. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – I want to draw this
discussion to a close. We have a sense that there’s something we are
trying to achieve but we need to make that a bit more concrete in terms of
suggestions. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Malcolm – we don’t
have solutions yet though .ca would be glad to come and talk about what
they’re doing. In terms of achieving the balance, we’re not there
yet. And there needs to be more of a dialogue. It’s important that the
privacy and lea people themselves talk some more. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – one of our goals
is to facilitate those exchanges in capitals. To send people back home and
contact there colleagues in other ministries etc. because that ism’t
necessarily happening right now. Sharil is v. helpful and is working with us to
bring along countries to whom this is new.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Ken – I have to echo some of
the statements made. If at all possible Luxembourg is an ideal place to start
the ball rolling . it needs to be narrowly focused and in addition to the
technical responsibilities for security and stability, we are being called upon
by various entities and processes to facilitate another sense of the use of the
term security and stability. We4 need a discussion where we can raise these
issues. Not necessarily raise the issues, but if we don’t bring in the
RIRs, educate people about how this system works and why there are
issues… you have to get a buy in. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Maureen – I’m
wondering if the task forces have started to develop an inventory of
reconciling whois and national policies.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – the GAC was
invited to respond to a questionnaire but didn’t have enough time to
respond. It’s not easy as there is in the us an inter-agency group with
12 – 15 agencies. Even if we’d had two months to come to a
consensus on an appropriate answer on each question. The GAC itself did attempt
to do its own questionnaire to elicit the different public policy uses to which
governments put whois data. Out of 90 questionnaires we had 9 answers.
It’s a very difficult job.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Maureen – is there way
to</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Kiyoshi</font><font face="Arial,
Helvetica, sans-serif">– interrupts – there is a common
denominator. Not a big position paper but two three bullets from lea on
accuracy and how to deal with privacy.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – our goal in this
paper is two fold. We want to try and extract these broad concepts as there is
commonality. But part6 of the paper is awareness to educate colleagues around
the table for whom this is a new issues. For us to elevate an issue to a GAC
wide position it takes quite a bit of going to create a comfort with the issue.
I don’t want to oversell this effort, as we’re very happy to be
doing it, but these are early days and we’re at the beginning. by
Luxembourg we will not necessarily have a paper. From our discussion today I
feel we both think there’s value, but it’s educational, progressive
and step by step. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – we have notes of
this meeting. We will set up some conference calls etc. on what we can achieve
before Luxembourg. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn – RIRs</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – it won’t be
a big public meeting but a closed workshop with no press. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – and probably outside
ICANN</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn – can we find
another time to talk to Susanne about how we can continue to work together on
this, at some other point this week. Maybe on public forum day?</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Tony holmes – if we do that,
remember we3 need to reach out to the missing element, the RIRs.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – we need to look at
some case studies. i.e. examples of trying to identify people. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Australia – when we
developed our position in Australia, we had to coordinate 8 different agencies.
It’s a challenging task and we don’t want to set up
committees.</font></p>
<p> </p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">GNSO input to ICANN
planning</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – GNSO input to ICANN
planning. From a gnso point of view, we organized a meeting in Amsterdam in
February, and outreached ot other areas – rirs and cctlds – it was
a short once-off event to have some structured input to the first draft. Going
forward, the strategic plan is assumed to be a rolling plan so will have new
input -. How does the GAC feel this process should be going forward?</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – as liaison I try
to feed information to the GAC I send a little report out to say something is
newsworthy, so I did one on Amsterdam. Once of our vice chairs, Stefano Trumpi
of italy – was asked by Sharil to look at it and draw out some issues for
the GAC plenary. But I can’t report anything yet as our plenary is
tomorrow. I can provide that response through our list server One thing I
flagged though was the commitment by ICANN to provide a revised strategic plan.
Our timing is not concurrent with developments, Stefano has drafted something
but we don’t have a working group that tracks this neatly. We have
however recently created an executive committee composed of a chair and two
vice-chairs. Very sadly our Nigerian vice chair died suddenly last fall. We
haven’t replaced that spot. Also on the committee are the GAC working
group convenors and liaisons. So there are 8 – 9 people and we use it to
socialize issues to try and get a feel for GAC views on a topic. I’m
happy to report back on whether we have a view on this issue of consultation.
</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – yes. It’s also
thinking of how consultation will be going forward as this plan is likely to be
signed off.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Marilyn – in catalyzing what
is called the Amsterdam consultation, the council authorized the funding to
make the meeting happen but reached out broadly to the ccNSO and the cc
community, and to the RIRs, so that it would be a multi-stakeholder event.
That’s an important message, as that was something we though should have
taken place. Sometimes the best way to make change happen is to model it. Three
events this week – volunteers from the Amsterdam consultation took the
time to develop a draft consultation process as a working document. One thing
we must think about is how to increase the input back and forth is the
appropriate GAC contacts back and forward. So that’s another topic
– how to strengthen the flow of information back and forth to the
GNSO/GAC</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce</font><font face="Arial,
Helvetica, sans-serif">– so it wasn’t a GNSO event though we were a
catalyst.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – so it’s
important to have input and contact. We’re trying to figure out how to
handle issues back and forth.MF provided a helpful overview of the whois issues
and overview yesterday. One thing we’re prepared to do in our
communiqué is to support and commend the work being done on this issue.
We hope you’ll welcome that. But to get at the cross cutting issues, for
example, one of our Indian colleagues asked a question about whois and IDN
which we’d never thought about before. So we don’t want to
stovepipe these things. On our side we want the information to go back and
forth, we welcome the opportunity to have had the question from you on should
the GAC focus on this issue.</font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Bruce – thanks to everyone
for attending. </font></p>
<p> </p>
<p><font face="Arial, Helvetica, sans-serif">Susanne – thank you and
especially Glen for doing all the organizing for us. It’s great that you
always take the lead. It’s a positive step forward and we will set up a
group to look at this idea of the strategic plan looking ahead to Luxembourg.
</font></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|