[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical

Mon Aug 8 12:10:38 UTC 2016

Greg,
I am disappointed that Europol seems to be advocating that personal information
be processed in a manner inconsistent with European law.
I fully appreciate that, in order to allow Europol to collect sensitive
information from the Member States in the pursuit of investigations, your agency
is exempt from some of the general provisions on data processing. You are
permitted to directly retrieve and process information obtained from
publicly-available sources, but the promotional literature on the Europol
website suggests Europol agents searching for publicly-available ‘terror
manuals’ or criminals claiming credit for attacks. There is no indication that
this includes Europol trawling through things like WHOIS records to identify the
administrator of a website, something far less sinister. And if the RDS evolves
into something very different from what it is today – perhaps not open to any
and everyone to query, or federated into a single data store – my understanding
is that the routing of information from a private party to Europol would be
subject to European data protection controls and safeguards.
The very specific exemptions that Europol has received in order to carry out its
work simply do not call for Europol to advocate for a lower standard of privacy
protection for European residents in privately-owned or publicly-accessible
sources of information.
There is no doubt that effective police work requires top intelligence, but
equally as important is the employment of sound data protection safeguards which
strike an appropriate balance between the interests of freedom and security.
Just my $0.02.
- Ayden

On Thu, Aug 4, 2016 1:59 PM, wrote:
Dear Rob,

Thanks for sharing the outcome of your chat with ex-FBI and UK LEA agents. I
feel that I need to step in to provide a different perspective than the one you
just gave on the law enforcement use of the WHOIS. It might be a matter of
interpretation but the views expressed by your interlocutors are not shared by
my colleagues working throughout European police cyber divisions.

If European cyber investigators are obviously all aware of the fact that WHOIS
registration data can sometime be inaccurate and not up-to-date (ICANN
compliance reported that for the first quarter of 2015, WHOIS inaccuracy
comprised 74.0 % of complaints), in 90% of cases they will start their
investigations with a WHOIS lookup. This is really the first step.

Despite the lack of accuracy, WHOIS information is useful in so many different
ways. One of the first them is to make correlations and link pieces of
information obtained through other means than from the WHOIS. This was the point
I tried to make on Tuesday during the conference call.

Accurate and reliable WHOIS data helps crime attribution and can save precious
investigation time (you can rule out wrong investigative leads).

It raises the bar and makes it more difficult for criminals to abuse domain
names. It pushes them to resort to more complex techniques such as ID theft to
register domains for malicious purposes.

In short, for LEA WHOIS is certainly not the silver bullet to attribute crime on
line but it is an essential tool in the tool box of law enforcement.

Best,

Greg

-----Original Message-----

From: gnso-rds-pdp-wg-bounces at icann.org
[mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Rob Golding

Sent: 04 August 2016 01:46

To: RDS PDP WG

Subject: Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and
Theoretical

>> Theoretical

>> ===========

>> We have seen a couple of proposed use cases that seem to be ideas

>> that people have for useful or harmful ways that RDS can be used, but

>> that do not exist today (at least not that anyone can fully

>> document).

>>

>> For example, there seems to be a desire to use the RDS as a way to

>> issue warrants for information about registrants. While this may be

>> useful, this is not possible today (even with RDAP, I note).

It not only is possible today, it's also "common" (although thankfully not
frequent)

Registrars get served warrants for details about registrants, and the _only_
information from WHOIS that's "needed" or used for such cases is the name of the
Registrar.

I had the pleasure of meeting Chris Tarbell, ex-FBI Cyber Crime, at HostingCon
last week - asked about WHOIS/domain data he said "we dont use it"

Last year at the UKNOF event in Sheffield I spent quite some time talking with
some amazing people from the UK CyberCrime departments - asked the same
questions, they confirmed that although whois _might_ be looked at to see if it
matches _data they already have_ for confirmation, it's not used or relied on.

Which beggars the question, should "LawEnforcement" use cases even be part of
the discussions ?

Rob

--

Rob Golding rob.golding at astutium.com

Astutium Ltd, Number One Poultry, London. EC2R 8JR

* domains * hosting * vps * servers * cloud * backups *
_______________________________________________

gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg at icann.org

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

*******************

DISCLAIMER : This message is sent in confidence and is only intended for the
named recipient. If you receive this message by mistake, you may not use, copy,
distribute or forward this message, or any part of its contents or rely upon the
information contained in it.

Please notify the sender immediately by e-mail and delete the relevant e-mails
from any computer. This message does not constitute a commitment by Europol
unless otherwise indicated.

*******************

_______________________________________________

gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg at icann.org

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

Ayden Férdeline Statement of Interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160808/44bc9714/attachment.html>