[Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013 RAA

Marika Konings marika.konings at icann.org
Mon Jun 16 12:58:21 UTC 2014 

Hi Kathy,

We spoke to our SSR colleagues in relation to the request from the WG on
section 3.18 and as a result of your comments suggested they inform their
community of the meeting so that further questions / comments could possibly
be discussed during the meeting. We haven't done any further outreach as
that wasn't the objective of our brief (or at least as I had understood it),
but please note that the schedule is publicly posted and the information
about the meeting can be shared with anyone interested as it is an open
session (see http://london50.icann.org/en/schedule/wed-ppsai). I do know
that the GNSO schedule of meetings has also been shared with the GAC so
possibly the message has already spread further than just the WG.

Best regards,

Marika

From:  Kathy Kleiman <kathy at kathykleiman.com>
Date:  Monday 16 June 2014 13:48
To:  Marika Konings <marika.konings at icann.org>,
"gnso-ppsai-pdp-wg at icann.org" <gnso-ppsai-pdp-wg at icann.org>
Subject:  Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18
2013 RAA

Great, tx you Marika. Appreciate the information.  Quick question, in
addition to the outreach to LE, have you reached out to data protection
commissioners and their staffs, particularly in the UK as they will be right
there in London. As the Whois Review Team recommended, we should reach out
to all sides!
Best and tx,
Katy

:
> Hi Kathy,
> 
> Comment #1 was sent by Terri Stumme of the DEA. Comment #2 was sent by Daniel
> Burke of the FDA. I've suggested to my colleagues in the SSR team that they
> share the information about the PPSAI F2F meeting in London with their LE/Ops
> Sec contacts so that if some of the representatives are available they could
> join the discussions there.
> 
> Best regards,
> 
> Marika
> 
> From: Kathy Kleiman <kathy at kathykleiman.com>
> Date: Friday 13 June 2014 14:22
> To: "gnso-ppsai-pdp-wg at icann.org" <gnso-ppsai-pdp-wg at icann.org>
> Subject: Re: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013
> RAA
> 
> Tx Marika, but are there any names associated with these comments - people we
> can reach out to explore their ideas and comments further?
> Best,
> Kathy
> :
>> Hereby please find two additional comments that were received in relation to
>> this topic from law enforcement:
>> 
>> 1. Privacy/proxy service providers should absolutely be held to the same
>> standards and requirements placed on Registrars in Section 3.18.1 and 3.18.2
>> . Privacy/Proxy services attract those individuals who utilize the Internet
>> to conduct criminal activity; therefore, it is imperative that these P/P
>> entities are accredited and held to the same standards to that of Registrars,
>> and that ICANN have mechanisms in place to enforce action expeditiously when
>> required.
>> 
>> 2. Proxy/privacy providers should absolutely be bound by a similar provision
>> to RAA 3.18.  The simple answer is in my experience, criminal activity on the
>> internet is flourishing because of the ability to be anonymous.  Although
>> there are very legitimate uses for such services, they absolutely attract and
>> cater to criminal conduct on all fronts, not just illegal online drug
>> 
>> Best regards,
>> 
>> Marika
>> 
>> From: Marika Konings <marika.konings at icann.org>
>> Date: Monday 9 June 2014 20:32
>> To: "gnso-ppsai-pdp-wg at icann.org" <gnso-ppsai-pdp-wg at icann.org>
>> Subject: [Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18 2013
>> RAA
>> 
>> Dear All,
>> 
>> As requested a couple of meetings ago, please find below some feedback
>> received from our Security Stability Resiliency Team colleagues from the
>> LE/Ops Sec community in relation to section 3.18 of the 2013 RAA which is
>> being reviewed by the WG in the context of question D-2.
>> 
>> Best regards,
>> 
>> Marika
>> 
>> ____________________________
>> 
>> For domains that are tied to malware or tied directly to brand mis-use
>> associated with malicious or criminal activity, almost all registrars have no
>> problem suspending the domains via Section 3.18 of the 2013 RAA. LE agencies
>> have difficulty only with a handful of registrars.
>> 
>> There are cases in which some registrars provide a standard response back to
>> the agencies to the effect that they should contact the hosting provider
>> since the registrar does "not have the ability to oversee what data are being
>> transmitted through its site". If the hosting provider stops providing its
>> services, the criminals can simply move to a new hosting provider. Suspending
>> the domain itself has value for the LE agencies for several reasons, not
>> least of which some providers unmask the private Whois information when the
>> domain is suspended.
>> 
>> Agencies encounter p/p domains used for malicious or criminal activity in
>> ranges that go from small batches (i.e., associated with scams where
>> fraudsters target hundreds or thousands of investors or phishing victims and
>> generate millions in losses, however only a few domains are created) to large
>> numbers where thousands of users are victimized in several countries. Making
>> the privacy/proxy services accountable with a provision similar to 3.18 of
>> the 2013 RAA would add another layer of protection to help contain and
>> mitigate the harm caused to consumers on a global scale. It¹s a consumer
>> protection issue, however any such new obligation to make p/p providers
>> accountable with regards to abuse and reports of abuse, should not, in any
>> way whatsoever, dilute contractually or in practice the registrars¹
>> obligations as they are currently provided by 3.18.
>> 
>> If an agency presents to a registrar or p/p provider evidence that there is
>> criminal or malicious activity that is harming users or has the potential to
>> harm users (such as spamming, spreading malware or distributing child abuse
>> material), the registrar or p/p provider should suspend that domain and
>> unmask the Whois. The agencies are not requesting subscriber information. The
>> agencies are reporting abuse of the DNS that implies violations of the
>> registration agreement between the registrars and the registrants, and that
>> also imply violations of the agreement between the p/p providers and their
>> customers (including all cases of criminal and malicious activity as well as
>> those cases in which the LE agencies¹ own brands are used by criminals in
>> association with criminal or malicious activity).
>> 
>> The burden should not be higher on the agencies than it was on the registrant
>> to register the domain (e.g., obtaining a court order to have a domain
>> suspended).  Since the victims are located in several different countries, it
>> is *very* difficult to obtain any kind of legal process to effect takedown.
>> Both registrars and p/p providers must have adequate provisions in their
>> agreements with their customers that allow them to take action - on a
>> contractual basis - and suspend domain names when there is malicious or
>> criminal activity.
>> 
>> Additionally, for those cases in which registrars and p/p providers can
>> verify the evidence provided by the LE agencies that there is indeed criminal
>> or malicious activity involving domain names that they sponsor, there should
>> be no territorial restrictions for LE agencies to submit reports to them,
>> regardless of whether they are in the same or in a different country as the
>> registrar or p/p provider. In these cases, registrars and p/p providers
>> should simply enforce their own agreements with their registrants/customers
>> and suspend the domain names accordingly and unmask the Whois information.
>> 
>> 
>> 
>>  
>> _______________________________________________
>> Gnso-ppsai-pdp-wg mailing list
>> Gnso-ppsai-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-ppsai-p
>> dp-wg
> 
> 
> 
> 
>  <http://www.avast.com/> This email is free from viruses and malware because
> avast! Antivirus <http://www.avast.com/>  protection is active.
> 
> 
> 
> 
>  <http://www.avast.com/> This email is free from viruses and malware because
> avast! Antivirus <http://www.avast.com/>  protection is active.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140616/aa715b14/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5056 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140616/aa715b14/smime-0001.p7s>

More information about the Gnso-ppsai-pdp-wg mailing list