[Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA

Kathy Kleiman kathy at kathykleiman.com
Fri Jun 13 12:22:37 UTC 2014 

Tx Marika, but are there any names associated with these comments - 
people we can reach out to explore their ideas and comments further?
Best,
Kathy
:
> Hereby please find two additional comments that were received in 
> relation to this topic from law enforcement:
>
> 1. Privacy/proxy service providers should absolutely be held to the 
> same standards and requirements placed on Registrars in Section 3.18.1 
> and 3.18.2 . Privacy/Proxy services attract those individuals who 
> utilize the Internet to conduct criminal activity; therefore, it is 
> imperative that these P/P entities are accredited and held to the same 
> standards to that of Registrars, and that ICANN have mechanisms in 
> place to enforce action expeditiously when required.
>
> 2. Proxy/privacy providers should absolutely be bound by a similar 
> provision to RAA 3.18.  The simple answer is in my experience, 
> criminal activity on the internet is flourishing because of the 
> ability to be anonymous.  Although there are very legitimate uses for 
> such services, they absolutely attract and cater to criminal conduct 
> on all fronts, not just illegal online drug
>
> Best regards,
>
> Marika
>
> From: Marika Konings <marika.konings at icann.org 
> <mailto:marika.konings at icann.org>>
> Date: Monday 9 June 2014 20:32
> To: "gnso-ppsai-pdp-wg at icann.org <mailto:gnso-ppsai-pdp-wg at icann.org>" 
> <gnso-ppsai-pdp-wg at icann.org <mailto:gnso-ppsai-pdp-wg at icann.org>>
> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 
> 2013 RAA
>
> Dear All,
>
> As requested a couple of meetings ago, please find below some feedback 
> received from our Security Stability Resiliency Team colleagues from 
> the LE/Ops Sec community in relation to section 3.18 of the 2013 RAA 
> which is being reviewed by the WG in the context of question D-2.
>
> Best regards,
>
> Marika
>
> ____________________________
>
> For domains that are tied to malware or tied directly to brand mis-use 
> associated with malicious or criminal activity, almost all registrars 
> have no problem suspending the domains via Section 3.18 of the 2013 
> RAA. LE agencies have difficulty only with a handful of registrars.
>
> There are cases in which some registrars provide a standard response 
> back to the agencies to the effect that they should contact the 
> hosting provider since the registrar does "not have the ability to 
> oversee what data are being transmitted through its site". If the 
> hosting provider stops providing its services, the criminals can 
> simply move to a new hosting provider. Suspending the domain itself 
> has value for the LE agencies for several reasons, not least of which 
> some providers unmask the private Whois information when the domain is 
> suspended.
>
> Agencies encounter p/p domains used for malicious or criminal activity 
> in ranges that go from small batches (i.e., associated with scams 
> where fraudsters target hundreds or thousands of investors or phishing 
> victims and generate millions in losses, however only a few domains 
> are created) to large numbers where thousands of users are victimized 
> in several countries. Making the privacy/proxy services accountable 
> with a provision similar to 3.18 of the 2013 RAA would add another 
> layer of protection to help contain and mitigate the harm caused to 
> consumers on a global scale. It's a consumer protection issue, however 
> any such new obligation to make p/p providers accountable with regards 
> to abuse and reports of abuse, should not, in any way whatsoever, 
> dilute contractually or in practice the registrars' obligations as 
> they are currently provided by 3.18.
>
> If an agency presents to a registrar or p/p provider evidence that 
> there is criminal or malicious activity that is harming users or has 
> the potential to harm users (such as spamming, spreading malware or 
> distributing child abuse material), the registrar or p/p provider 
> should suspend that domain and unmask the Whois. The agencies are not 
> requesting subscriber information. The agencies are reporting abuse of 
> the DNS that implies violations of the registration agreement between 
> the registrars and the registrants, and that also imply violations of 
> the agreement between the p/p providers and their customers (including 
> all cases of criminal and malicious activity as well as those cases in 
> which the LE agencies' own brands are used by criminals in association 
> with criminal or malicious activity).
>
> The burden should not be higher on the agencies than it was on the 
> registrant to register the domain (e.g., obtaining a court order to 
> have a domain suspended).  Since the victims are located in several 
> different countries, it is *very* difficult to obtain any kind of 
> legal process to effect takedown. Both registrars and p/p providers 
> must have adequate provisions in their agreements with their customers 
> that allow them to take action - on a contractual basis - and suspend 
> domain names when there is malicious or criminal activity.
>
> Additionally, for those cases in which registrars and p/p providers 
> can verify the evidence provided by the LE agencies that there is 
> indeed criminal or malicious activity involving domain names that they 
> sponsor, there should be no territorial restrictions for LE agencies 
> to submit reports to them, regardless of whether they are in the same 
> or in a different country as the registrar or p/p provider. In these 
> cases, registrars and p/p providers should simply enforce their own 
> agreements with their registrants/customers and suspend the domain 
> names accordingly and unmask the Whois information.
>
>
>
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg



---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140613/03698882/attachment.html>

More information about the Gnso-ppsai-pdp-wg mailing list