[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical

Ayden Férdeline icann at ferdeline.com
Mon Aug 8 12:12:40 UTC 2016 

Terri,
Absolutely, Greg. The 2009 law enforcement recommendations regarding amendments
to the RAA addressed Whois data, specifically the need for validating registrant
information. The reason this recommendation was included in the recommendations
is because LE utilizes the data in cyber investigations. There are many
transcripts related to this issue, and LE has conveyed to the ICANN community on
several occasions the importance of Whois data, and how LE utilizes the data in
cyber investigations.
These were recommendations ; nothing more, nothing less. Multiple stakeholders around the world have compelling reasons and competing
interests when it comes to accessing electronic data. I understand that law enforcement and intelligence agencies need the ability to
fulfil their mission to prevent serious crime (or, failing that, to bring the
perpetrators to justice). At the same time, the protection and promotion of civil liberties, human
rights, and the right to privacy are not equally as strong in every territory
around the world. Some countries are more authoritarian than others. Attaching themselves to the unquestionably valid objectives that law
enforcement and intelligence agencies have are private entities who do not have
the same legal mandates or privileged access to information. I think it is important that we make this distinction. - Ayden





On Thu, Aug 4, 2016 3:31 PM, Terri Stumme terri.stumme at legitscript.com wrote:
Absolutely, Greg. The 2009 law enforcement recommendations regarding amendments
to the RAA addressed Whois data, specifically the need for validating registrant
information. The reason this recommendation was included in the recommendations
is because LE utilizes the data in cyber investigations. There are many
transcripts related to this issue, and LE has conveyed to the ICANN community on
several occasions the importance of Whois data, and how LE utilizes the data in
cyber investigations.




On Thu, Aug 4, 2016 at 8:59 AM, Mounier, Grégory < gregory.mounier at europol.europa.eu > wrote:
Dear Rob,

Thanks for sharing the outcome of your chat with ex-FBI and UK LEA agents. I
feel that I need to step in to provide a different perspective than the one you
just gave on the law enforcement use of the WHOIS. It might be a matter of
interpretation but the views expressed by your interlocutors are not shared by
my colleagues working throughout European police cyber divisions.

If European cyber investigators are obviously all aware of the fact that WHOIS
registration data can sometime be inaccurate and not up-to-date (ICANN
compliance reported that for the first quarter of 2015, WHOIS inaccuracy
comprised 74.0 % of complaints), in 90% of cases they will start their
investigations with a WHOIS lookup. This is really the first step.

Despite the lack of accuracy, WHOIS information is useful in so many different
ways. One of the first them is to make correlations and link pieces of
information obtained through other means than from the WHOIS. This was the point
I tried to make on Tuesday during the conference call.

Accurate and reliable WHOIS data helps crime attribution and can save precious
investigation time (you can rule out wrong investigative leads).
It raises the bar and makes it more difficult for criminals to abuse domain
names. It pushes them to resort to more complex techniques such as ID theft to
register domains for malicious purposes.

In short, for LEA WHOIS is certainly not the silver bullet to attribute crime on
line but it is an essential tool in the tool box of law enforcement.

Best,

Greg


-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann. org [mailto: gnso-rds-pdp-wg- bounces at icann.org ] On Behalf Of Rob Golding
Sent: 04 August 2016 01:46
To: RDS PDP WG
Subject: Re: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and
Theoretical

>> Theoretical
>> ===========
>> We have seen a couple of proposed use cases that seem to be ideas
>> that people have for useful or harmful ways that RDS can be used, but
>> that do not exist today (at least not that anyone can fully
>> document).
>>
>> For example, there seems to be a desire to use the RDS as a way to
>> issue warrants for information about registrants. While this may be
>> useful, this is not possible today (even with RDAP, I note).

It not only is possible today, it's also "common" (although thankfully not
frequent)

Registrars get served warrants for details about registrants, and the _only_
information from WHOIS that's "needed" or used for such cases is the name of the
Registrar.

I had the pleasure of meeting Chris Tarbell, ex-FBI Cyber Crime, at HostingCon
last week - asked about WHOIS/domain data he said "we dont use it"

Last year at the UKNOF event in Sheffield I spent quite some time talking with
some amazing people from the UK CyberCrime departments - asked the same
questions, they confirmed that although whois _might_ be looked at to see if it
matches _data they already have_ for confirmation, it's not used or relied on.

Which beggars the question, should "LawEnforcement" use cases even be part of
the discussions ?

Rob
--
Rob Golding rob.golding at astutium.com
Astutium Ltd, Number One Poultry, London. EC2R 8JR

* domains * hosting * vps * servers * cloud * backups *
______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg
*******************

DISCLAIMER : This message is sent in confidence and is only intended for the
named recipient. If you receive this message by mistake, you may not use, copy,
distribute or forward this message, or any part of its contents or rely upon the
information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails
from any computer. This message does not constitute a commitment by Europol
unless otherwise indicated.

*******************

______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/ listinfo/gnso-rds-pdp-wg



--
Terri Stumme Investigative Analyst

Ayden Férdeline Statement of Interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160808/b08e8f36/attachment.html>

More information about the gnso-rds-pdp-wg mailing list