[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical

[Ayden Férdeline]

Thanks for making this point. One of the risks to law abiding end users, who are
not checking their domain registrations every day like big corporations do, is
that identity theft will surely follow greater accuracy requirements. Since many
governments have failed to take ownership of the problem of ID theft (I can
speak knowledgeably for Canada, but plenty of international work on this topic
leads me to believe the matter is falling between stools elsewhere) we need to
focus on this genuine risk to end users. Not much written about it, do we have a
document we can add to our list so that we can digest a potential requirement?

Thanks for raising this, Stephanie. I do not have any reference documents to
introduce but I agree it is a potential requirement we need to be addressing. In
the case of ID theft, it is not only the individual whose data which has been
stolen who is the victim, but the government too, albeit with different
consequences. If the RDS collects what (in my view is) registrar-registrant
contract information, any data breach would present a harm not only to the
end-user, but also to the company whose customer's data has been stolen, perhaps
for coercive purposes.
- Ayden





On Fri, Aug 5, 2016 3:52 PM, Stephanie Perrin stephanie.perrin at mail.utoronto.ca wrote:
Thanks for making this point. One of the risks to law abiding end users, who are
not checking their domain registrations every day like big corporations do, is
that identity theft will surely follow greater accuracy requirements. Since many
governments have failed to take ownership of the problem of ID theft (I can
speak knowledgeably for Canada, but plenty of international work on this topic
leads me to believe the matter is falling between stools elsewhere) we need to
focus on this genuine risk to end users. Not much written about it, do we have a
document we can add to our list so that we can digest a potential requirement?




regards




Stephanie Perrin







On 2016-08-04 8:59, Mounier, Grégory wrote:

> Accurate and reliable WHOIS data helps crime attribution and can save precious
investigation time (you can rule out wrong investigative leads).

> It raises the bar and makes it more difficult for criminals to abuse domain
names. It pushes them to resort to more complex techniques such as ID theft to
register domains for malicious purposes.

>

> In short, for LEA WHOIS is certainly not the silver bullet to attribute crime
on line but it is an essential tool in the tool box of law enforcement.

>

> Best,

>

> Greg

>

>




_______________________________________________

gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg at icann.org

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg






Ayden Férdeline Statement of Interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160808/640baca6/attachment.html>