[Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA
Kathy Kleiman
kathy at kathykleiman.com
Fri Jun 13 12:22:37 UTC 2014
Tx Marika, but are there any names associated with these comments -
people we can reach out to explore their ideas and comments further?
Best,
Kathy
:
> Hereby please find two additional comments that were received in
> relation to this topic from law enforcement:
>
> 1. Privacy/proxy service providers should absolutely be held to the
> same standards and requirements placed on Registrars in Section 3.18.1
> and 3.18.2 . Privacy/Proxy services attract those individuals who
> utilize the Internet to conduct criminal activity; therefore, it is
> imperative that these P/P entities are accredited and held to the same
> standards to that of Registrars, and that ICANN have mechanisms in
> place to enforce action expeditiously when required.
>
> 2. Proxy/privacy providers should absolutely be bound by a similar
> provision to RAA 3.18. The simple answer is in my experience,
> criminal activity on the internet is flourishing because of the
> ability to be anonymous. Although there are very legitimate uses for
> such services, they absolutely attract and cater to criminal conduct
> on all fronts, not just illegal online drug
>
> Best regards,
>
> Marika
>
> From: Marika Konings <marika.konings at icann.org
> <mailto:marika.konings at icann.org>>
> Date: Monday 9 June 2014 20:32
> To: "gnso-ppsai-pdp-wg at icann.org <mailto:gnso-ppsai-pdp-wg at icann.org>"
> <gnso-ppsai-pdp-wg at icann.org <mailto:gnso-ppsai-pdp-wg at icann.org>>
> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18
> 2013 RAA
>
> Dear All,
>
> As requested a couple of meetings ago, please find below some feedback
> received from our Security Stability Resiliency Team colleagues from
> the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA
> which is being reviewed by the WG in the context of question D-2.
>
> Best regards,
>
> Marika
>
> ____________________________
>
> For domains that are tied to malware or tied directly to brand mis-use
> associated with malicious or criminal activity, almost all registrars
> have no problem suspending the domains via Section 3.18 of the 2013
> RAA. LE agencies have difficulty only with a handful of registrars.
>
> There are cases in which some registrars provide a standard response
> back to the agencies to the effect that they should contact the
> hosting provider since the registrar does "not have the ability to
> oversee what data are being transmitted through its site". If the
> hosting provider stops providing its services, the criminals can
> simply move to a new hosting provider. Suspending the domain itself
> has value for the LE agencies for several reasons, not least of which
> some providers unmask the private Whois information when the domain is
> suspended.
>
> Agencies encounter p/p domains used for malicious or criminal activity
> in ranges that go from small batches (i.e., associated with scams
> where fraudsters target hundreds or thousands of investors or phishing
> victims and generate millions in losses, however only a few domains
> are created) to large numbers where thousands of users are victimized
> in several countries. Making the privacy/proxy services accountable
> with a provision similar to 3.18 of the 2013 RAA would add another
> layer of protection to help contain and mitigate the harm caused to
> consumers on a global scale. It's a consumer protection issue, however
> any such new obligation to make p/p providers accountable with regards
> to abuse and reports of abuse, should not, in any way whatsoever,
> dilute contractually or in practice the registrars' obligations as
> they are currently provided by 3.18.
>
> If an agency presents to a registrar or p/p provider evidence that
> there is criminal or malicious activity that is harming users or has
> the potential to harm users (such as spamming, spreading malware or
> distributing child abuse material), the registrar or p/p provider
> should suspend that domain and unmask the Whois. The agencies are not
> requesting subscriber information. The agencies are reporting abuse of
> the DNS that implies violations of the registration agreement between
> the registrars and the registrants, and that also imply violations of
> the agreement between the p/p providers and their customers (including
> all cases of criminal and malicious activity as well as those cases in
> which the LE agencies' own brands are used by criminals in association
> with criminal or malicious activity).
>
> The burden should not be higher on the agencies than it was on the
> registrant to register the domain (e.g., obtaining a court order to
> have a domain suspended). Since the victims are located in several
> different countries, it is *very* difficult to obtain any kind of
> legal process to effect takedown. Both registrars and p/p providers
> must have adequate provisions in their agreements with their customers
> that allow them to take action - on a contractual basis - and suspend
> domain names when there is malicious or criminal activity.
>
> Additionally, for those cases in which registrars and p/p providers
> can verify the evidence provided by the LE agencies that there is
> indeed criminal or malicious activity involving domain names that they
> sponsor, there should be no territorial restrictions for LE agencies
> to submit reports to them, regardless of whether they are in the same
> or in a different country as the registrar or p/p provider. In these
> cases, registrars and p/p providers should simply enforce their own
> agreements with their registrants/customers and suspend the domain
> names accordingly and unmask the Whois information.
>
>
>
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140613/03698882/attachment.html>
More information about the Gnso-ppsai-pdp-wg
mailing list