<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Tx Marika, but are there any names
associated with these comments - people we can reach out to
explore their ideas and comments further?<br>
Best,<br>
Kathy<br>
:<br>
</div>
<blockquote cite="mid:CFC07EE9.32219%25marika.konings@icann.org"
type="cite">
<div>Hereby please find two additional comments that were received
in relation to this topic from law enforcement:</div>
<div><br>
</div>
<div>
<div>1. <font style="font-size: 11pt; color: rgb(31, 73, 125); ">Privacy/proxy
service providers should absolutely be held to the same
standards and requirements placed on Registrars in Section
3.18.1 and 3.18.2 . </font><span style="color: rgb(31, 73,
125); font-size: 15px; ">Privacy/Proxy services attract
those individuals who utilize the Internet to conduct
criminal activity; therefore, it is imperative that these
P/P entities are accredited and held to the same standards
to that of Registrars, and that ICANN have mechanisms in
place to enforce action expeditiously when required.</span></div>
<div><br>
</div>
<div>2. <span style="color: rgb(31, 73, 125); font-size: 15px; ">Proxy/privacy
providers should absolutely be bound by a similar provision
to RAA 3.18. The simple answer is in my experience,
criminal activity on the internet is flourishing because of
the ability to be anonymous. Although there are very
legitimate uses for such services, they absolutely attract
and cater to criminal conduct on all fronts, not just
illegal online drug </span></div>
</div>
<div><span style="color: rgb(31, 73, 125); font-size: 15px; "><br>
</span></div>
<div>Best regards,</div>
<div><br>
</div>
<div>Marika</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt;
text-align:left; color:black; BORDER-BOTTOM: medium none;
BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT:
0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;
BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span
style="font-weight:bold">From: </span> Marika Konings <<a
moz-do-not-send="true"
href="mailto:marika.konings@icann.org">marika.konings@icann.org</a>><br>
<span style="font-weight:bold">Date: </span> Monday 9 June
2014 20:32<br>
<span style="font-weight:bold">To: </span> "<a
moz-do-not-send="true"
href="mailto:gnso-ppsai-pdp-wg@icann.org">gnso-ppsai-pdp-wg@icann.org</a>"
<<a moz-do-not-send="true"
href="mailto:gnso-ppsai-pdp-wg@icann.org">gnso-ppsai-pdp-wg@icann.org</a>><br>
<span style="font-weight:bold">Subject: </span>
[Gnso-ppsai-pdp-wg] LE/Ops Sec community input- section 3.18
2013 RAA<br>
</div>
<div><br>
</div>
<div>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; color: rgb(0, 0, 0);
font-size: 14px; font-family: Calibri, sans-serif; ">
<div>Dear All,</div>
<div><br>
</div>
<div>As requested a couple of meetings ago, please find
below some feedback received from our Security Stability
Resiliency Team colleagues from the LE/Ops Sec community
in relation to section 3.18 of the 2013 RAA which is being
reviewed by the WG in the context of question D-2. </div>
<div><br>
</div>
<div>Best regards,</div>
<div><br>
</div>
<div>Marika</div>
<span id="OLK_SRC_BODY_SECTION">
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode:
space; -webkit-line-break: after-white-space; color:
rgb(0, 0, 0); font-size: 14px; font-family: Calibri,
sans-serif;">
<div><br>
</div>
<div>____________________________</div>
<div>
<div><br>
</div>
<div>For domains that are tied to malware or tied
directly to brand mis-use associated with
malicious or criminal activity, almost all
registrars have no problem suspending the domains
via Section 3.18 of the 2013 RAA. LE agencies have
difficulty only with a handful of registrars.</div>
<div><br>
</div>
<div>There are cases in which some registrars
provide a standard response back to the agencies
to the effect that they should contact the hosting
provider since the registrar does "not have the
ability to oversee what data are being transmitted
through its site". If the hosting provider stops
providing its services, the criminals can simply
move to a new hosting provider. Suspending the
domain itself has value for the LE agencies for
several reasons, not least of which some providers
unmask the private Whois information when the
domain is suspended.</div>
<div><br>
</div>
<div>Agencies encounter p/p domains used for
malicious or criminal activity in ranges that go
from small batches (i.e., associated with scams
where fraudsters target hundreds or thousands of
investors or phishing victims and generate
millions in losses, however only a few domains are
created) to large numbers where thousands of users
are victimized in several countries. Making the
privacy/proxy services accountable with a
provision similar to 3.18 of the 2013 RAA would
add another layer of protection to help contain
and mitigate the harm caused to consumers on a
global scale. It’s a consumer protection issue,
however any such new obligation to make p/p
providers accountable with regards to abuse and
reports of abuse, should not, in any way
whatsoever, dilute contractually or in practice
the registrars’ obligations as they are currently
provided by 3.18.</div>
<div><br>
</div>
<div>If an agency presents to a registrar or p/p
provider evidence that there is criminal or
malicious activity that is harming users or has
the potential to harm users (such as spamming,
spreading malware or distributing child abuse
material), the registrar or p/p provider should
suspend that domain and unmask the Whois. The
agencies are not requesting subscriber
information. The agencies are reporting abuse of
the DNS that implies violations of the
registration agreement between the registrars and
the registrants, and that also imply violations of
the agreement between the p/p providers and their
customers (including all cases of criminal and
malicious activity as well as those cases in which
the LE agencies’ own brands are used by criminals
in association with criminal or malicious
activity).</div>
<div><br>
</div>
<div>The burden should not be higher on the agencies
than it was on the registrant to register the
domain (e.g., obtaining a court order to have a
domain suspended). Since the victims are located
in several different countries, it is *very*
difficult to obtain any kind of legal process to
effect takedown. Both registrars and p/p providers
must have adequate provisions in their agreements
with their customers that allow them to take
action - on a contractual basis - and suspend
domain names when there is malicious or criminal
activity.</div>
<div><br>
</div>
<div>Additionally, for those cases in which
registrars and p/p providers can verify the
evidence provided by the LE agencies that there is
indeed criminal or malicious activity involving
domain names that they sponsor, there should be no
territorial restrictions for LE agencies to submit
reports to them, regardless of whether they are in
the same or in a different country as the
registrar or p/p provider. In these cases,
registrars and p/p providers should simply enforce
their own agreements with their
registrants/customers and suspend the domain names
accordingly and unmask the Whois information.</div>
</div>
<br>
<div><br>
</div>
</div>
</div>
</span></div>
</div>
</span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Gnso-ppsai-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a></pre>
</blockquote>
<br>
<br /><br />
<hr style='border:none; color:#909090; background-color:#B0B0B0; height: 1px; width: 99%;' />
<table style='border-collapse:collapse;border:none;'>
<tr>
<td style='border:none;padding:0px 15px 0px 8px'>
<a href="http://www.avast.com/">
<img border=0 src="http://static.avast.com/emails/avast-mail-stamp.png" />
</a>
</td>
<td>
<p style='color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helvetica"; font-size:12pt;'>
This email is free from viruses and malware because <a href="http://www.avast.com/">avast! Antivirus</a> protection is active.
</p>
</td>
</tr>
</table>
<br />
</body>
</html>